Protect Company Data: Container apps enable employees to work productively on mobile devices. However, companies should take some measures. Containerization and strict separation from other apps on the device enable safe and productive work. This should be supplemented by measures such as encrypting company data, securing communication with backend systems, and jailbreak detection. Virtual Solution presents the six most important protective measures for the development and use of secure apps.
Protect Company Data: Encrypt Company Data Locally
All data within a secure app must be state-of-the-art, i.e., hybrid encryption with RSA up to 4,096 bits and AES-256, protected by a PIN, password, or fingerprint. Solutions that the BSI has explicitly tested and approved offer even greater security.
Encrypt Company Data In Transit
The encrypted data transmission ensures that sensitive information is transmitted securely over any network. Communication with a Microsoft Exchange server should only take place using TLS encryption. The S / MIME (Secure / Multipurpose Internet Mail Extensions) standard should also be used to transmit e-mails. This means that e-mails from the sender can be protected from access by third parties on all data paths and servers. With S / MIME, for example, the e-mail data traffic from IBM Domino can also be secured.
Protect Company Data With A Smart Card
By default, a secure app must be secured by a strong password, PIN, or fingerprint of the user. In the case of very high-security requirements, for example, in authorities, it is advisable also to protect the data with a smart card. All asymmetric encryption operations are based on the private keys of the smart card. The private key and certificates are physically stored on the card and never leave it. This gives companies an additional level of security if the smartphone falls into the wrong hands.
Include Authentication Using Certificates
By activating certificate-based authentication, companies can protect access to sensitive systems – in addition to encryption. Administrators are thus able to configure access to the ActiveSync server or intranet applications optionally based on certificates. The container app and the server carry out a TLS handshake in which the communication partners authenticate each other and agree on the cryptographic algorithms to be used. After the TLS channel has been established, users can transmit data in encrypted form.
Define Comprehensive Rules For Secure Apps
It is important that administrators can control all security settings centrally. This includes user administration, group management, establishing various security rules for different groups, rules and default settings for encryption, password strength, and the administration of released interfaces. It is also essential to remotely delete all company-relevant data from the security container if the device is lost (remote reset).
Protect End Devices From Manipulation
To protect against the manipulation of end devices, functions should be implemented to detect misuse and prevent the use of the secure app in an emergency. An integrity check provides full control over versions of an app that users are allowed to use. Each version of the app can, for example, contain a “fingerprint” that can be used to identify the software uniquely. Functions for jailbreak detection recognize manipulated devices and – if necessary – block their use.
“An app containerization creates a separate area on a smartphone. All company data within this container is encrypted and explicitly separated from other apps on the device. No other app and no unauthorized person have access to the data in the container,”. “With Secure PIM from Virtual Solution, the company data in the container is isolated and password-protected. The container technology offers an easy-to-use solution with which employees can work flexibly and securely on mobile devices. “