While mobile apps clearly provide a chance to transform business processes, Karen Conneely, Group Commercial Manager, Real Asset Management, outlines the importance of looking beyond the core features and assessing security components of any mobile app before making the move.
Corporate apps are fast transforming the way individuals perform within the business. But how many organisations – or individuals – recognise the highly variable levels of security between apps and the inherent risks associated with badly considered mobile deployments? From the Starbucks app that is recording user name, password and emails in plain text to the iPhone bug that enabled hackers to listen in on phone conversations when those phones were connected to insecure wireless networks, organisations cannot simply assume high standards of security.
Add in the complexity of adding support for Android and iOS to the desktop Microsoft environment and a user base with a somewhat laissez faire attitude to mobile data and the top line app ROI may be less compelling. Whether an organisation is looking to replace expensive, dedicated PDAs for tasks such as asset audits and management, or simply supporting an increasingly flexible workforce, it is vital to understand the security risks inherent within the mobile app portfolio.
New Model
The explosion in business apps in tandem with global BYOD strategies (‘Bring Your Own Device’ – the policy of permitting employees to bring personally owned mobile devices to their workplace to access privileged company information and applications) is transforming the way organisations can exploit and share information. This mobile revolution is not just about improving individual working practices with apps that provide financial dashboards, pull up travel itineraries or tools to work through thousands of e-mail attachments to find the right information.
With the right apps, organisations can fundamentally transform key business functions – such as asset management. Traditionally the annual asset audit has been undertaken – often reluctantly – by an individual within finance or IT tasked with touring the organisation to verify that the information on the asset register matches the assets in situ.
In recent years, these individuals have benefitted from the introduction of PDAs to replace the tedious manual process of ticking paper lists and then rekeying the information into the asset register. This approach has significantly streamlined the asset audit process and improved data quality. However, PDAs are an expensive investment and are often used for just one or two days each year.
Devolved Responsibility
Now with the latest generation of mobile apps, organisations have the chance to devolve responsibility for managing and auditing the asset estate away from IT and Finance towards budget owners. The model is compelling: there is no additional hardware investment and the low cost software can be downloaded from the Apple app store, Windows Store or Google Play to work on any device.
Armed with the mobile asset management app, staff can undertake the physical audits using the camera on a smart device to scan barcodes – in the same way the laser scanner on the PDA has been used in the past. The difference is that with the commonly used smart phone, an organisation can move away from dedicated equipment and dedicated audit individuals to devolving responsibility more broadly across the organisation.
The one off or annual audit can be replaced by far more regular activity undertaken by those with actual budget responsibility.
With this approach, department managers can take control of ensuring that asset values and asset location information are up to date for insurance purposes. They can rapidly assess new asset requirements or spot opportunities to reuse assets in other areas – particularly with IT equipment – and minimise the number of wasted or redundant assets. With real time visibility of asset location, value and status, it is the asset owner and budget holder that are now empowered to make the critical asset management decisions – whilst the finance and IT teams still have complete visibility over the entire asset estate.
Security Concerns
But how secure is this model? With the majority of apps requiring simply a user name and password, the reality is that this sensitive data related to key company assets can be incredibly insecure. So before making the move from PDA to app, it is essential to consider the diverse security features on offer.
The fact that individuals use the same user name and passwords for the vast majority of online accounts is far from news – so why do so many app developers still rely on them? Even worse, some of these user names and passwords are stored in plain text, making compromise even easier to achieve. Best practice app development demands more robust authentication, such as a PIN. It should ensure authentication is linked to the user’s credentials on the enterprise application to provide additional verification.
Given the sensitivity of corporate asset information, it is also important to understand whether any user can have access to any information or are facilities in place to limit access to subsets of information? Is the log-in process a one-time event or is there a time limit that requires users to log in every week or month, for example? And what happens if a phone is misplaced or stolen? Is it possible to deactivate the app or unregister a device to safeguard this essential corporate data? Delivering this level of security is becoming best practice for the latest generation of business app – but it is not a given. It is essential to ask the right questions before making an investment.
Conclusion
With the right level of security, the app model is indeed compelling, enabling those with responsibility for individual assets to take control over keeping the asset information up to date. This transforms the business cost associated with managing assets, ensuring the data is accurate for insurance purposes and enabling department managers to have far more understanding of and control over their own asset estates.
However, it is essential to understand the implications: an app is an excellent solution to a business problem – but not all apps are the same. Ensuring best practice app security is key to safely and securely realising the vision of devolved asset management.
By Karen Conneely
Group Commercial Manager
Real Asset Management
http://www.realassetmgt.co.uk/