SlideShare ist ein Scribd-Unternehmen logo

Mobile for B2B: Security Considerations

Omobono
Omobono

Thinking of developing a mobile app for your business? Should you go for a native, device-based application or a web-based application? This white paper addresses some of the security considerations surrounding each approach...

Technologie
1 von 6
Downloaden Sie, um offline zu lesen
Mobile for B2B: Security Considerations Page 1 Mobile for B2B Security Considerations August 2011 Tom Millard & Rob Hurst
Mobile for B2B: Security Considerations Page 2 Intro Mobile for B2B Series This paper is one of a series we’ve 1. Native or Web? written to help answer some of the 2. Design considerations questions we often hear from clients 3. Security considerations now that mobile content is firmly on 4. Cross compiled apps the B2B marketing agenda. Web apps or native apps? How to optimise content? What should an app look like? Why might I need an app and how can it benefit my marketing activities? This series aims to give some useful context for anyone considering how to make the most of mobile as a marketing channel.
Mobile for B2B: Security Considerations Page 3 Introduction website. It is therefore important to consider the same set of security issues as you would with any other web development project. Security is as big a Native apps consideration on mobile Native apps, on the other hand, are devices, as it is on any digital downloaded from a secure location, such as channel. the iTunes app store, and are then stored securely on your device. They can therefore However, the convenience factor of a mobile often be used without a data connection and app can lead people to treat it with though they often connect to the web in order complacency, putting less consideration on to access information, they do so by accessing how secure the data stored or accessed via an the device’s connection securely. One of the app really is and users mostly have none of the downsides of this third party delivery obvious PC safeguards (firewalls, virus mechanism is that any future development scanners etc.) in place. that the app may require will be subject to delays during app-store approval processes, Consequently, there’s an argument that meaning that a discovered security flaw security is actually a more important cannot be amended as quickly as with a web- consideration than on other channels. Here we based application. highlight some of the security issues to be Delivery mindful of in two key areas – app delivery and data transfer. For each organisation and for each app the security risks and considerations will be different – but all apps, as with any digital mechanisms communication, are vulnerable to attack. Awareness of the main issues will mean you can evaluate the best approach for your needs and determine potential issues at an early stage. Publishing an application through an app store can provide additional security over a web Web or native? app. For example, Apple’s app store requires that all applications be submitted for review, before they can be offered through the store. Let’s start by simply defining the two main This means app store staff can review categories of mobile apps from the point of applications and confirm that developers are view of some of the security considerations.. legitimately involved with a company. Web apps It’s not all plain sailing, however, as Google’s Android Marketplace, which doesn’t have the A web app is any content developed for a same rigorous approvals, has been criticised in mobile device but accessed directly through a the past for its potential security flaws, with browser. Consequently they are theoretically instances cited of phishing scams being more vulnerable than native apps as they are implemented in the form of fake-branded open to the same security issues as a standard
Mobile for B2B: Security Considerations Page 4 mobile banking apps, getting users to input attempted hacking - and this is the key their personal details, which are then hijacked. difference between the two. Additionally, publishing an app through a Native apps device-specific app store requires that the app by publicly visible in the store – where any Device and operating system manufacturers user can potentially discover it. This means are aware of the potential security risks that any user can download the app, whether it associated with apps connecting to the is intended for them or not, and so security internet. Each manufacturer offers a stand- like password protection, use of a corporate alone API (application programming interface) login ID or account number might need to be for their platform, which adds a desirable extra put in place to secure any content that is not layer of security. Apple, for example, have a appropriate for public visibility. special inbuilt API which iOS developers can use to encrypt the information they are Consequently native app stores do not offer a sending from the device – making it more unified level of security, but can be more secure. secure than web-based applications, hosted in the same way any website is. Google’s approach with Android is to run each app in something called a ‘Silo’ which prevents Connectivity an app from accessing other areas of a device. Apps then need to be given the appropriate permission (by a pop-up warning on the In most cases, apps receive and transmit data device) to access anything else which it may to the outside world, for example accessing up need to use in order to function, such as GPS to date information, search functionally or a location data and so on. Each app is also form submission. distributed with a digital ‘certificate’ which contains all the details of the developer. All out-going information, Other platforms have similar security whether sent from a web-app measures. All of this means native apps relay or a device-based native app, information through secure connections and/or via encrypted means, keeping your needs to be secure, and the customer and client data safe – a huge benefit information that is being for B2B organisations. The downside to this increased security is that each platform returned needs to be trusted. operates in a different way, potentially This security will scale requiring separate and comprehensive development for each device. depending on the nature of the information being sent. Web apps So, what are the considerations you need to Speaking broadly, web apps are ‘open’ as they make? reside on the web, though of course security can be put in place. No native app can be accessed externally unless it has been set up to do so, or given permission. Web apps, conversely are open to As web apps are open, they are great to build, from a
Mobile for B2B: Security Considerations Page 5 development standpoint, but more recently, are gaining increasing numbers of advocates, especially with businesses from a security point of view; handling potentially private data. Many they hold the same risks as any businesses that handle financial transactions, banks such as HSBC and Lloyds TSB and online other website. bookmakers such as Paddy Power and Ladbrokes are using web-apps, rather than Risks could include a hacker attempting to native apps, to cater for their customers across intercept all the data passing through a devices. network or to a particular device and analyse the contents, or trying to obtain access Additionally, as mobile platform owners and through the log in screen. manufacturers look to increase revenues from apps utilizing their platforms, this increase of The danger here resides in the fact that an app web apps for transactional or paid functions is is often built to replace or manage a specific likely to continue. Apple has already function of a website, rather than recreate an announced a set of rules for ‘subscription’ apps entire website. Often this will be a function that require they receive a 30% cut of the that involves sending or receiving private revenue. information to and from a device. As such, a hacker can attempt to hijack this individual This brings us to our final point, something function, rather than a website as a whole – a which can help increase security around more targeted approach, potentially allowing applications for a more targeted audience – a for a higher success rate. bespoke app store environment. Large corporations that produce multiple A web app can, however, be secured like any applications for their customers and work normal website using an SSL (security) force are starting to make use of this approach. certificate which is granted by a trusted A notable example is the US army, whose provider and forces use of a secure HTTPS applications are, understandably, something connection. that the general public should not have access to. Whilst this approach is obviously very Conclusion secure, it’s likely to be beyond the requirement of most application developers. Both native and web apps have their positives, and negatives, when it comes to app security. Read the rest of the Mobile for B2B series. Native apps, whilst allowing better offline storage of information – keeping your 1. Native or Web? customers details offline, are slower to develop, with a new application development 2. Design considerations needed for each platform. Web apps, on the 3. Security considerations other hand, can reside on any platform with one development – and any security concerns 4. Cross compiled apps can be tackled much quicker, but they may lack some of the peace of mind gained with an app-store download. It’s worth noting that web apps, which have been growing in popularity against native apps
Mobile for B2B: Security Considerations Page 6 Omobono is an award winning digital agency specialising in brand development and engagement for large corporates and government. We believe no one has a better understanding of business audiences and how to reach them. For more information, please contact Rob Hurst on rob@omobono.co.uk or +44 (0) 1223 307000. © 2011 Omobono Ltd. All ideas, concepts, brand-related names, strap lines, phrases, copy/text and creative concepts developed and contained within this document remain the intellectual property of Omobono Ltd until such time as they are procured by a third party. Anyone viewing this document may not use, adapt of modify the contents without our prior consent.

Empfohlen

Oracle VM Spec Sheet
Oracle VM Spec SheetOracle VM Spec Sheet
Oracle VM Spec Sheetmarkgatkinson
 
The Inconvenient Truth About API Security
The Inconvenient Truth About API SecurityThe Inconvenient Truth About API Security
The Inconvenient Truth About API SecurityDistil Networks
 
JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015
JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015
JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015Werner Keil
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
 
API Risk: Taking Your API Security to the Next Level
API Risk: Taking Your API Security to the Next LevelAPI Risk: Taking Your API Security to the Next Level
API Risk: Taking Your API Security to the Next LevelCA Technologies
 
Interoperability in a B2B Word (NordicAPIS April 2014)
Interoperability in a B2B Word (NordicAPIS April 2014)Interoperability in a B2B Word (NordicAPIS April 2014)
Interoperability in a B2B Word (NordicAPIS April 2014)Nordic APIs
 
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...ProgrammableWeb
 
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...WSO2
 

Empfohlen

Oracle VM Spec Sheet
Oracle VM Spec SheetOracle VM Spec Sheet
Oracle VM Spec Sheetmarkgatkinson
 
The Inconvenient Truth About API Security
The Inconvenient Truth About API SecurityThe Inconvenient Truth About API Security
The Inconvenient Truth About API SecurityDistil Networks
 
JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015
JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015
JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015Werner Keil
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
 
API Risk: Taking Your API Security to the Next Level
API Risk: Taking Your API Security to the Next LevelAPI Risk: Taking Your API Security to the Next Level
API Risk: Taking Your API Security to the Next LevelCA Technologies
 
Interoperability in a B2B Word (NordicAPIS April 2014)
Interoperability in a B2B Word (NordicAPIS April 2014)Interoperability in a B2B Word (NordicAPIS April 2014)
Interoperability in a B2B Word (NordicAPIS April 2014)Nordic APIs
 
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...ProgrammableWeb
 
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API...WSO2
 
How to Achieve Agile API Security
How to Achieve Agile API SecurityHow to Achieve Agile API Security
How to Achieve Agile API SecurityApigee | Google Cloud
 
The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...
The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...
The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...MuleSoft
 
Progress in the API Economy - April 2014
Progress in the API Economy - April 2014Progress in the API Economy - April 2014
Progress in the API Economy - April 20143scale
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API SecurityMuleSoft
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeApigee | Google Cloud
 
REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!Stormpath
 
B2B Small Business Content Marketing: 2014 Benchmarks, Budgets and Trends - N...
B2B Small Business Content Marketing: 2014 Benchmarks, Budgets and Trends - N...B2B Small Business Content Marketing: 2014 Benchmarks, Budgets and Trends - N...
B2B Small Business Content Marketing: 2014 Benchmarks, Budgets and Trends - N...Content Marketing Institute
 
Rest API Security
Rest API SecurityRest API Security
Rest API SecurityStormpath
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityApigee | Google Cloud
 
How to Create a Strong Value Proposition Design for B2B - It's all about the ...
How to Create a Strong Value Proposition Design for B2B - It's all about the ...How to Create a Strong Value Proposition Design for B2B - It's all about the ...
How to Create a Strong Value Proposition Design for B2B - It's all about the ...Daniel Nilsson
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway
 
Data power use cases
Data power use casesData power use cases
Data power use casessflynn073
 
How to Design a Sales Process for B2B Sales - #1 Tool for the Dream Sales Team
How to Design a Sales Process for B2B Sales - #1 Tool for the Dream Sales Team How to Design a Sales Process for B2B Sales - #1 Tool for the Dream Sales Team
How to Design a Sales Process for B2B Sales - #1 Tool for the Dream Sales Team Daniel Nilsson
 
Who will be taking decisions in the boardroom of the future?
Who will be taking decisions in the boardroom of the future?Who will be taking decisions in the boardroom of the future?
Who will be taking decisions in the boardroom of the future?Omobono
 
What Works Where UAE 2017
What Works Where UAE 2017What Works Where UAE 2017
What Works Where UAE 2017Omobono
 
The 2017 Omobono Trends Report
The 2017 Omobono Trends ReportThe 2017 Omobono Trends Report
The 2017 Omobono Trends ReportOmobono
 
What Works Where 2016 - Is integration the key to digital success?
What Works Where 2016 - Is integration the key to digital success?What Works Where 2016 - Is integration the key to digital success?
What Works Where 2016 - Is integration the key to digital success?Omobono
 
How content marketing ruined content marketing (And what you can do to fix it)
How content marketing ruined content marketing (And what you can do to fix it)How content marketing ruined content marketing (And what you can do to fix it)
How content marketing ruined content marketing (And what you can do to fix it)Omobono
 
The Art and Psychology of Storytelling in B2B
The Art and Psychology of Storytelling in B2BThe Art and Psychology of Storytelling in B2B
The Art and Psychology of Storytelling in B2BOmobono
 
What Works Where in B2B?
What Works Where in B2B?What Works Where in B2B?
What Works Where in B2B?Omobono
 

Weitere ähnliche Inhalte

Andere mochten auch

The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...
The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...
The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...MuleSoft
 
Progress in the API Economy - April 2014
Progress in the API Economy - April 2014Progress in the API Economy - April 2014
Progress in the API Economy - April 20143scale
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API SecurityMuleSoft
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeApigee | Google Cloud
 
REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!Stormpath
 
B2B Small Business Content Marketing: 2014 Benchmarks, Budgets and Trends - N...
B2B Small Business Content Marketing: 2014 Benchmarks, Budgets and Trends - N...B2B Small Business Content Marketing: 2014 Benchmarks, Budgets and Trends - N...
B2B Small Business Content Marketing: 2014 Benchmarks, Budgets and Trends - N...Content Marketing Institute
 
Rest API Security
Rest API SecurityRest API Security
Rest API SecurityStormpath
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
 
How to Create a Strong Value Proposition Design for B2B - It's all about the ...
How to Create a Strong Value Proposition Design for B2B - It's all about the ...How to Create a Strong Value Proposition Design for B2B - It's all about the ...
How to Create a Strong Value Proposition Design for B2B - It's all about the ...Daniel Nilsson
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway
 
Data power use cases
Data power use casesData power use cases
Data power use casessflynn073
 
How to Design a Sales Process for B2B Sales - #1 Tool for the Dream Sales Team
How to Design a Sales Process for B2B Sales - #1 Tool for the Dream Sales Team How to Design a Sales Process for B2B Sales - #1 Tool for the Dream Sales Team
How to Design a Sales Process for B2B Sales - #1 Tool for the Dream Sales Team Daniel Nilsson
 

Andere mochten auch (15)

How to Achieve Agile API Security
How to Achieve Agile API SecurityHow to Achieve Agile API Security
How to Achieve Agile API Security
 
The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...
The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...
The Future of B2B: Applying API-Led Connectivity to B2B/EDI - Eric Rempel, CI...
 
Progress in the API Economy - April 2014
Progress in the API Economy - April 2014Progress in the API Economy - April 2014
Progress in the API Economy - April 2014
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital Age
 
REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!
 
B2B Small Business Content Marketing: 2014 Benchmarks, Budgets and Trends - N...
B2B Small Business Content Marketing: 2014 Benchmarks, Budgets and Trends - N...B2B Small Business Content Marketing: 2014 Benchmarks, Budgets and Trends - N...
B2B Small Business Content Marketing: 2014 Benchmarks, Budgets and Trends - N...
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API Security
 
How to Create a Strong Value Proposition Design for B2B - It's all about the ...
How to Create a Strong Value Proposition Design for B2B - It's all about the ...How to Create a Strong Value Proposition Design for B2B - It's all about the ...
How to Create a Strong Value Proposition Design for B2B - It's all about the ...
 
IBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use CasesIBM DataPower Gateway - Common Use Cases
IBM DataPower Gateway - Common Use Cases
 
Data power use cases
Data power use casesData power use cases
Data power use cases
 
How to Design a Sales Process for B2B Sales - #1 Tool for the Dream Sales Team
How to Design a Sales Process for B2B Sales - #1 Tool for the Dream Sales Team How to Design a Sales Process for B2B Sales - #1 Tool for the Dream Sales Team
How to Design a Sales Process for B2B Sales - #1 Tool for the Dream Sales Team
 

Mehr von Omobono

Who will be taking decisions in the boardroom of the future?
Who will be taking decisions in the boardroom of the future?Who will be taking decisions in the boardroom of the future?
Who will be taking decisions in the boardroom of the future?Omobono
 
What Works Where UAE 2017
What Works Where UAE 2017What Works Where UAE 2017
What Works Where UAE 2017Omobono
 
The 2017 Omobono Trends Report
The 2017 Omobono Trends ReportThe 2017 Omobono Trends Report
The 2017 Omobono Trends ReportOmobono
 
What Works Where 2016 - Is integration the key to digital success?
What Works Where 2016 - Is integration the key to digital success?What Works Where 2016 - Is integration the key to digital success?
What Works Where 2016 - Is integration the key to digital success?Omobono
 
How content marketing ruined content marketing (And what you can do to fix it)
How content marketing ruined content marketing (And what you can do to fix it)How content marketing ruined content marketing (And what you can do to fix it)
How content marketing ruined content marketing (And what you can do to fix it)Omobono
 
The Art and Psychology of Storytelling in B2B
The Art and Psychology of Storytelling in B2BThe Art and Psychology of Storytelling in B2B
The Art and Psychology of Storytelling in B2BOmobono
 
What Works Where in B2B?
What Works Where in B2B?What Works Where in B2B?
What Works Where in B2B?Omobono
 
The State of Digital Marketing in B2B in India - Charts
The State of Digital Marketing in B2B in India - ChartsThe State of Digital Marketing in B2B in India - Charts
The State of Digital Marketing in B2B in India - ChartsOmobono
 
WWW 2012 Key Themes
WWW 2012 Key ThemesWWW 2012 Key Themes
WWW 2012 Key ThemesOmobono
 
B2B Marketing Summit - Social Media in the Real World
B2B Marketing Summit - Social Media in the Real WorldB2B Marketing Summit - Social Media in the Real World
B2B Marketing Summit - Social Media in the Real WorldOmobono
 
Social Media Handbook
Social Media HandbookSocial Media Handbook
Social Media HandbookOmobono
 
WWW 2012 Resourcing
WWW 2012 ResourcingWWW 2012 Resourcing
WWW 2012 ResourcingOmobono
 
What Works Where in B2B Digital Marketing [2011]
What Works Where in B2B Digital Marketing [2011]What Works Where in B2B Digital Marketing [2011]
What Works Where in B2B Digital Marketing [2011]Omobono
 
Mobile for B2B: Native or Web?
Mobile for B2B: Native or Web?Mobile for B2B: Native or Web?
Mobile for B2B: Native or Web?Omobono
 
Omobono social media handbook
Omobono social media handbookOmobono social media handbook
Omobono social media handbookOmobono
 
FSA Case Study
FSA Case StudyFSA Case Study
FSA Case StudyOmobono
 
Social Media in Financial Services: Survey Results
Social Media in Financial Services: Survey ResultsSocial Media in Financial Services: Survey Results
Social Media in Financial Services: Survey ResultsOmobono
 
Omobono social media best practice
Omobono social media best practiceOmobono social media best practice
Omobono social media best practiceOmobono
 
Omobono social media and business
Omobono social media and businessOmobono social media and business
Omobono social media and businessOmobono
 
Earning the SME dialogue
Earning the SME dialogueEarning the SME dialogue
Earning the SME dialogueOmobono
 

Mehr von Omobono (20)

Who will be taking decisions in the boardroom of the future?
Who will be taking decisions in the boardroom of the future?Who will be taking decisions in the boardroom of the future?
Who will be taking decisions in the boardroom of the future?
 
What Works Where UAE 2017
What Works Where UAE 2017What Works Where UAE 2017
What Works Where UAE 2017
 
The 2017 Omobono Trends Report
The 2017 Omobono Trends ReportThe 2017 Omobono Trends Report
The 2017 Omobono Trends Report
 
What Works Where 2016 - Is integration the key to digital success?
What Works Where 2016 - Is integration the key to digital success?What Works Where 2016 - Is integration the key to digital success?
What Works Where 2016 - Is integration the key to digital success?
 
How content marketing ruined content marketing (And what you can do to fix it)
How content marketing ruined content marketing (And what you can do to fix it)How content marketing ruined content marketing (And what you can do to fix it)
How content marketing ruined content marketing (And what you can do to fix it)
 
The Art and Psychology of Storytelling in B2B
The Art and Psychology of Storytelling in B2BThe Art and Psychology of Storytelling in B2B
The Art and Psychology of Storytelling in B2B
 
What Works Where in B2B?
What Works Where in B2B?What Works Where in B2B?
What Works Where in B2B?
 
The State of Digital Marketing in B2B in India - Charts
The State of Digital Marketing in B2B in India - ChartsThe State of Digital Marketing in B2B in India - Charts
The State of Digital Marketing in B2B in India - Charts
 
WWW 2012 Key Themes
WWW 2012 Key ThemesWWW 2012 Key Themes
WWW 2012 Key Themes
 
B2B Marketing Summit - Social Media in the Real World
B2B Marketing Summit - Social Media in the Real WorldB2B Marketing Summit - Social Media in the Real World
B2B Marketing Summit - Social Media in the Real World
 
Social Media Handbook
Social Media HandbookSocial Media Handbook
Social Media Handbook
 
WWW 2012 Resourcing
WWW 2012 ResourcingWWW 2012 Resourcing
WWW 2012 Resourcing
 
What Works Where in B2B Digital Marketing [2011]
What Works Where in B2B Digital Marketing [2011]What Works Where in B2B Digital Marketing [2011]
What Works Where in B2B Digital Marketing [2011]
 
Mobile for B2B: Native or Web?
Mobile for B2B: Native or Web?Mobile for B2B: Native or Web?
Mobile for B2B: Native or Web?
 
Omobono social media handbook
Omobono social media handbookOmobono social media handbook
Omobono social media handbook
 
FSA Case Study
FSA Case StudyFSA Case Study
FSA Case Study
 
Social Media in Financial Services: Survey Results
Social Media in Financial Services: Survey ResultsSocial Media in Financial Services: Survey Results
Social Media in Financial Services: Survey Results
 
Omobono social media best practice
Omobono social media best practiceOmobono social media best practice
Omobono social media best practice
 
Omobono social media and business
Omobono social media and businessOmobono social media and business
Omobono social media and business
 
Earning the SME dialogue
Earning the SME dialogueEarning the SME dialogue
Earning the SME dialogue
 

Kürzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Kürzlich hochgeladen (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Mobile for B2B: Security Considerations

  • 1. Mobile for B2B: Security Considerations Page 1 Mobile for B2B Security Considerations August 2011 Tom Millard & Rob Hurst
  • 2. Mobile for B2B: Security Considerations Page 2 Intro Mobile for B2B Series This paper is one of a series we’ve 1. Native or Web? written to help answer some of the 2. Design considerations questions we often hear from clients 3. Security considerations now that mobile content is firmly on 4. Cross compiled apps the B2B marketing agenda. Web apps or native apps? How to optimise content? What should an app look like? Why might I need an app and how can it benefit my marketing activities? This series aims to give some useful context for anyone considering how to make the most of mobile as a marketing channel.
  • 3. Mobile for B2B: Security Considerations Page 3 Introduction website. It is therefore important to consider the same set of security issues as you would with any other web development project. Security is as big a Native apps consideration on mobile Native apps, on the other hand, are devices, as it is on any digital downloaded from a secure location, such as channel. the iTunes app store, and are then stored securely on your device. They can therefore However, the convenience factor of a mobile often be used without a data connection and app can lead people to treat it with though they often connect to the web in order complacency, putting less consideration on to access information, they do so by accessing how secure the data stored or accessed via an the device’s connection securely. One of the app really is and users mostly have none of the downsides of this third party delivery obvious PC safeguards (firewalls, virus mechanism is that any future development scanners etc.) in place. that the app may require will be subject to delays during app-store approval processes, Consequently, there’s an argument that meaning that a discovered security flaw security is actually a more important cannot be amended as quickly as with a web- consideration than on other channels. Here we based application. highlight some of the security issues to be Delivery mindful of in two key areas – app delivery and data transfer. For each organisation and for each app the security risks and considerations will be different – but all apps, as with any digital mechanisms communication, are vulnerable to attack. Awareness of the main issues will mean you can evaluate the best approach for your needs and determine potential issues at an early stage. Publishing an application through an app store can provide additional security over a web Web or native? app. For example, Apple’s app store requires that all applications be submitted for review, before they can be offered through the store. Let’s start by simply defining the two main This means app store staff can review categories of mobile apps from the point of applications and confirm that developers are view of some of the security considerations.. legitimately involved with a company. Web apps It’s not all plain sailing, however, as Google’s Android Marketplace, which doesn’t have the A web app is any content developed for a same rigorous approvals, has been criticised in mobile device but accessed directly through a the past for its potential security flaws, with browser. Consequently they are theoretically instances cited of phishing scams being more vulnerable than native apps as they are implemented in the form of fake-branded open to the same security issues as a standard
  • 4. Mobile for B2B: Security Considerations Page 4 mobile banking apps, getting users to input attempted hacking - and this is the key their personal details, which are then hijacked. difference between the two. Additionally, publishing an app through a Native apps device-specific app store requires that the app by publicly visible in the store – where any Device and operating system manufacturers user can potentially discover it. This means are aware of the potential security risks that any user can download the app, whether it associated with apps connecting to the is intended for them or not, and so security internet. Each manufacturer offers a stand- like password protection, use of a corporate alone API (application programming interface) login ID or account number might need to be for their platform, which adds a desirable extra put in place to secure any content that is not layer of security. Apple, for example, have a appropriate for public visibility. special inbuilt API which iOS developers can use to encrypt the information they are Consequently native app stores do not offer a sending from the device – making it more unified level of security, but can be more secure. secure than web-based applications, hosted in the same way any website is. Google’s approach with Android is to run each app in something called a ‘Silo’ which prevents Connectivity an app from accessing other areas of a device. Apps then need to be given the appropriate permission (by a pop-up warning on the In most cases, apps receive and transmit data device) to access anything else which it may to the outside world, for example accessing up need to use in order to function, such as GPS to date information, search functionally or a location data and so on. Each app is also form submission. distributed with a digital ‘certificate’ which contains all the details of the developer. All out-going information, Other platforms have similar security whether sent from a web-app measures. All of this means native apps relay or a device-based native app, information through secure connections and/or via encrypted means, keeping your needs to be secure, and the customer and client data safe – a huge benefit information that is being for B2B organisations. The downside to this increased security is that each platform returned needs to be trusted. operates in a different way, potentially This security will scale requiring separate and comprehensive development for each device. depending on the nature of the information being sent. Web apps So, what are the considerations you need to Speaking broadly, web apps are ‘open’ as they make? reside on the web, though of course security can be put in place. No native app can be accessed externally unless it has been set up to do so, or given permission. Web apps, conversely are open to As web apps are open, they are great to build, from a
  • 5. Mobile for B2B: Security Considerations Page 5 development standpoint, but more recently, are gaining increasing numbers of advocates, especially with businesses from a security point of view; handling potentially private data. Many they hold the same risks as any businesses that handle financial transactions, banks such as HSBC and Lloyds TSB and online other website. bookmakers such as Paddy Power and Ladbrokes are using web-apps, rather than Risks could include a hacker attempting to native apps, to cater for their customers across intercept all the data passing through a devices. network or to a particular device and analyse the contents, or trying to obtain access Additionally, as mobile platform owners and through the log in screen. manufacturers look to increase revenues from apps utilizing their platforms, this increase of The danger here resides in the fact that an app web apps for transactional or paid functions is is often built to replace or manage a specific likely to continue. Apple has already function of a website, rather than recreate an announced a set of rules for ‘subscription’ apps entire website. Often this will be a function that require they receive a 30% cut of the that involves sending or receiving private revenue. information to and from a device. As such, a hacker can attempt to hijack this individual This brings us to our final point, something function, rather than a website as a whole – a which can help increase security around more targeted approach, potentially allowing applications for a more targeted audience – a for a higher success rate. bespoke app store environment. Large corporations that produce multiple A web app can, however, be secured like any applications for their customers and work normal website using an SSL (security) force are starting to make use of this approach. certificate which is granted by a trusted A notable example is the US army, whose provider and forces use of a secure HTTPS applications are, understandably, something connection. that the general public should not have access to. Whilst this approach is obviously very Conclusion secure, it’s likely to be beyond the requirement of most application developers. Both native and web apps have their positives, and negatives, when it comes to app security. Read the rest of the Mobile for B2B series. Native apps, whilst allowing better offline storage of information – keeping your 1. Native or Web? customers details offline, are slower to develop, with a new application development 2. Design considerations needed for each platform. Web apps, on the 3. Security considerations other hand, can reside on any platform with one development – and any security concerns 4. Cross compiled apps can be tackled much quicker, but they may lack some of the peace of mind gained with an app-store download. It’s worth noting that web apps, which have been growing in popularity against native apps
  • 6. Mobile for B2B: Security Considerations Page 6 Omobono is an award winning digital agency specialising in brand development and engagement for large corporates and government. We believe no one has a better understanding of business audiences and how to reach them. For more information, please contact Rob Hurst on rob@omobono.co.uk or +44 (0) 1223 307000. © 2011 Omobono Ltd. All ideas, concepts, brand-related names, strap lines, phrases, copy/text and creative concepts developed and contained within this document remain the intellectual property of Omobono Ltd until such time as they are procured by a third party. Anyone viewing this document may not use, adapt of modify the contents without our prior consent.