To start, the discussion focused on mobile device use within the organization itself, and how each organization should have policies surrounding use of those devices—particularly regarding company-provided devices. For example, if an employee uses a company device to interface with sensitive company programs and systems, company policy should not also authorize game and social apps on that device.
The group noted that when creating mobile apps for use within the organization, protection within these apps should start at the development stage with things like application wrapping. If these secure elements are applied in the beginning stages of an app’s life, problems are less likely to arise once the app is implemented for use. However, the group agreed that while security teams want to ensure they are covering all their bases, they do not need to “gold plate” every single thing with protection. This will spread a team’s security resources and budget very thin. Focus on the most vital and sensitive areas first to protect these apps in the most efficient manner possible.
Last, the participants of this discussion agreed that protection methods for mobile applications at this time are imperfect. This is still a relatively new area for security that is developing very quickly. Thorough programs and strategies will arise in the future, but for now it all comes down to security teams prioritizing resources and budget to protect the most vital areas of the application from malicious threats.