QUESTION DESCRIPTION
Many government and civilian organizations develop and uses mobile applications recently. With current mobile network environment and wide spread of mobile devices such as tablet computers and smart phones, mobile app can provide clear, simple, easy to use, and real-time information for those whom uses it. However, the use of mobile application can potentially cause a serious security and privacy issues.
Pros of Mobile applications are many. Fist of all, mobile application gives a unique connectivity between people and organizations. (Quirolgio, Voas, Karygiannis, Michael, & Scarfone, 2015). For examples, EPA’s HiveScience Application can give civil awareness on bee and earth environment. In addition, by sharing the bee colony information, it contributes to discover the behavior and health concerns of honey bees. Like this, mobile applications can bond civilians and government on common concerns and increase the awareness of various problems that we are facing now.
Well-made application is easy to use and give real-time connectivity and mobility to user of the applications (Ouirogio at el. 2015). For example, CareerOneStop application by the Department of Labor can help you find a job, related training and provide real-time update and support. Be able to search for a job and career anytime and anywhere is possible because of mobile applications now. The mobility, it is the most beneficial trait of the mobile application.
However, using of the mobile application still have some security issues, and most of this security issues are related with using of mobile device itself. The first thing to consider is the data, which people are storing in their personal mobile device. We store many critical personal information in our mobile device, such as pictures, bank information (or application), GPS data, contact numbers of our friends and family, and sometimes we save notes and memo with critical information (like passwords). These are what hacker will go after. Let us keep this in mind and discuss the possibility of the mobile device’s security issues.
According to NIST, Security risks of mobile devices are as following (Souppaya & Scarfone, 2013):
- Physical security threats – People carries mobiles device everywhere, and it creates chance of physically lost or stolen phone if there are poor physical security or oversight.
- Untrusted Mobile Devices – Many organizations use bring your own device policy (BYOD), and some devices, which were rooted, or bugged device can cause the security breach.
- Untrusted Networks – Using mobile device through the untrusted or unsecured public Wi-Fi network has risk of Man-in-the-middle attack.
- Untrusted Applications – Some mobile applications can be poorly coded and poorly managed by the distributer with minimum knowledge of coding and server managing. These applications may can risk the data inside of mobile device, and it could hurt the data in organizations.
- Interaction with other system – Synchronizing the data with mobile device and cloud storage for automatic back up of data can create the issue. There is a possibility of sensitive data from an organization can be remotely stored to personal device by using this function, and it is hard to detect and control.
- Untrusted Content – Attacker can plant malicious software to the personal mobile device through malicious web site using phishing or Quick Response (QR) codes, which could create security breach. (pp. 3-6)
Like this mobile using of mobile application can have the security issues because we have to use the mobile device to operate the mobile applications. Then, what would be the best practice the prevent these security problems?
First of practice would be well planned development and risk assessment of the application (Ouirogio at el., 2015, pp.5-8 ). During the vetting process, perform the risk assessment on application, test the application, and decide if the application will be fit to the purpose of the organization, review if it fits the security requirements (Ouirogio at el., 2015, pp.5-8 ). Providing VPN connection for external user, develop the mobile device and application management to manage using mobile devices and applications, and providing identity and access management control can be also helpful for mobile security (Federal CIO Council & Department of Homeland Security, 2013). In addition, when providing government application service, develop a data loss prevention plan and intruder detection system to prevent data loss and security threats (Federal CIO Council & Department of Homeland Security, 2013).
Mobile application and service can be great for connecting people, government, and organizations. It is handy, highly mobile, and easy to use. However, because the mobile applications use mobile device to operate, it has the security concerns for personal, government, and organization. To prevent those possible security threats, we must plan it right, have a risk assessment, and develop security control and data loss prevention programs.