+44 (0) 1932 242 444

Secure mobile app for IoT and Industry 4

Secure mobile app for IoT and Industry 4

The ability of users to be able to access, add and update data via a tablet or smartphone is clearly compelling. Records can be changed more rapidly to reflect changes in the physical world and productivity can be boosted by cutting out data transposition activity. 

By allowing access to corporate systems however, from a plethora of devices used in the field (that can easily be lost or stolen), you are putting your data and systems at increased risk.

Even if you intend to use your app in conjunction with a secure mobile app service like Microsoft Azure you still need to ensure that your application (as opposed to the infrastructure and platform) is also secure.

That’s why we systematically apply developmental controls, when we develop apps, to mitigate mobile security risks.

To help us do this we refer to the OWASP Top Ten Mobile Security Risks.

Avoiding insecure authentication

We recently created and deployed a mobile app for a large industrial client. The purpose of the app is to provide work instructions to field personnel (who are both employees and contractors) and to receive feedback on the activities undertaken. 

Previously these instructions and feedback were communicated via printed forms, emails and in spreadsheets but this was very labour intensive, and it was a long time before the central database was updated with the feedback from the activity. 

The client wanted to improve productivity by using mobile devices but without compromising security. So we carefully evaluated the risks and applied standard techniques to prevent security breaches.

For example, accessing the application’s central database (which is hosted on a Microsoft Azure platform), is required to record feedback and to receive new instructions. Whilst access to the app on a mobile device is achieved with a 4 digit PIN, data cannot be synchronised without server-side authentication of the user’s Active Directory credentials and these credentials are not stored on the device. So whilst you might be able to steal the device you won’t be able to access the application server-side unless you also know a user’s credentials.

Whilst the above serves as a simple illustration of a risk and a control to mitigate the risk, it is just one of many we apply, to provide secure mobile capability, which brings significant benefits to our clients.

Find out more

Contact us now, to discuss your security concerns about your mobile app project.