Three Crucial Keys to Understanding HIPAA Compliance

By Michelle Drolet

Founder & CEO

Ms. Drolet is responsible for all aspects of business for Towerwall. She has more than 24 years of,

Read More

asellus molestie hendrerit bibendum. Proin suscipit, justo non porttitor fringilla, nulla mauris accumsan diam, non mattis enim nibh nec ipsum. Ut arcu urna, fermentum et nulla sit amet, auctor porta metus. Aenean vitae dictum nulla. Proin sit amet lorem id ligula pulvinar egestas. Proin tincidunt lacinia turpis a vestibulum. Cras sollicitudin, risus sed eleifend ullamcorper, odio ligula dignissim dui, in iaculis magna metus a lacus. Donec sed dui et quam vehicula ullamcorper quis ac dui. Praesent iaculis a felis sed consectetur.

Leaving the politics and possible motives aside, cybersecurity professionals everywhere were left aghast at the rushed development. Sadly, this is nothing new, as mobile apps are often released with bugs and vulnerabilities in them. When Kryptowire analyzed the preinstalled apps on Android phones from 29 different manufacturers last November, it found 146 vulnerabilities.

We’re talking about issues on brand-new phones out of the box, before the owner even installs anything.

The potential risk to companies and their customers is enormous, especially at a time when data privacy is becoming a bigger issue, tighter regulations are bringing stricter penalties and public expectations are shifting. Any organization developing an app or engaging a third party to do it for them must consider security and include provision for proper in-depth testing.

Think about security from the start

All too often, security is an afterthought that comes at the end of development. It needs to be considered and built into the development process right from the outset with a documented secure development life cycle plan (SDLC). Make sure that you consult with cybersecurity professionals during the design phase. It’s vital that the people you hire have relevant expertise in mobile apps and that you empower them to influence design and development as necessary to ensure its integrity by following the documented plan.

Consider the types of data the app will deal with and insist that end-to-end encryption is built in. Restrict access wherever possible and think about two-factor authentication. Don’t forget about compliance, as regulatory requirements are evolving rapidly now.

It will be far easier and smarter to build all of this right from the start than to try to retrofit.

Featured Whitepaper

Vigilance & Diligence:How to Protect Your Company From Cybersecurity Threats

Download Now

Build in analytics

Taking time to build in analytics right from the beginning will also pay dividends. You’ll want to ensure that any mobile app you develop is fit for a purpose and fulfills the original brief, so you must be able to analyze the way it’s being used. Analytics also offers major benefits for future app updates in terms of improving the app’s efficiency and user experience.

A robust monitoring system can also be enormously useful when it comes to security testing. Detailed reporting from apps allows developers to trace issues back to the source and understand where vulnerabilities lie so they can fix them. The more detailed the logs, the easier it will be for developers to squash bugs and potential exploits.

Plan comprehensive testing Part of the importance of considering security from the start of development is that you can design and implement a testing plan from day one. The adage about how much cheaper and easier it is to fix problems the earlier you catch them still holds true.

Running all kinds of different tests, many of them automated, should be a natural part of your development process. Unit testing and internal bug hunts are not enough, though.

For mobile apps designed to deal with sensitive data, you need to engage external security experts to conduct authenticated application penetration testing. In the case of a mobile app designed to tabulate voting results, a period of open testing by the broader cybersecurity community is advisable.

The more help you can get to uncover vulnerabilities and flaws, the better. It’s also crucial to employ some third parties without a vested interest in the mobile app development. You need security experts who are free from the pressure to deliver on a deadline so that you can get an impartial assessment.