President and General Manager, Apperian
Mobile app safety is a hot topic among marketers. With brands increasingly looking to leverage apps to interact with customers, it is imperative for businesses to factor in safety. We spoke to Mark Lorion, President and General Manager, Apperian, and now a part of Arxan’s management team, to learn how brands should approach app security and ensure that their data and their customer’s device are protected from such threats.
MTS: What is the right way to start developing a BYOD policy in a startup?
Mark Lorion: Many of today’s startups are BYOD friendly and share an app-centric philosophy. When deciding to deploy a BYOD policy, it’s important to understand how your employees use their devices, but more importantly, how and where they use your business critical applications or access sensitive corporate data. Security at the app level is critical within a BYOD environment. This ensures those apps on a mobile device are less vulnerable to device compromise or data theft from hackers. The first step could be as simple as an employee survey to determine which apps your business deploys, then which of these are critical and need to be protected and from there you can begin to prioritize and develop a BYOD policy that’s right for you.
MTS: How are CMOs looking at app security?
Mark: Security has become the main concern for companies, but notably, CMOs are beginning to take action. For many industries, customer interactions have moved almost entirely online and to mobile apps. As a result, mobile apps and websites have become new, easy targets, for hackers looking to steal customer or company data or simply attack a corporate brand.
For industries like banking, healthcare or gaming, mobile apps have become a component of actual product lines. An attacked app can quickly lead to the loss of trade secrets and even lead to exposing backend systems running behind a corporate firewall. These threats can create irreparable brand damage to consumer trust, lead to financial loss, and could jeopardize compliance with regulations.
MTS: Where are the trouble spots for marketers looking to ensure that mobility is in sync with the security team, not only for their own data protection but for their customers’ protection, too?
Mark: Too many CMOs have gone outside of their IT organizations and engaged directly with contracted app development agencies in an attempt to move swiftly and introduce new web assets or launch their mobile apps. While the creative results may be strong, the development processes run the risk of not being tied into the corporate governance standards that were put in place to protect the organization and its customers. It’s often a larger issue than leveraging specialized, outsourced development agencies; it’s internal project sponsors that fail to plug the development effort into the corporate security team to ensure proper standards are being followed.
MTS: What does the future hold for mobile apps deployed via the marketing department? Are things changing? If so, how?
Mark: App creation, deployment, and adoption will continue to be championed by CMOs and marketing departments. These apps will increasingly be a sole means for customer acquisition and as a result, drive a large share of a business’s bottom line. However, these risks that threaten app development projects have created a number of mobile app security and deployment solutions to help bridge the gap between rapid app development and security and governance integration. For example, innovations such as security “guards” that can be inserted into apps after they are coded —even by external developers— to detect and prevent tampering, IP theft or reverse engineering apps. This gives marketing departments the ability to move quickly and leverage legions of outsourced developers who are adhering to governance standards and applying protections to keep apps and content safe when deployed into the “wild.”
MTS: Thanks for chatting with us, Mark.
Stay tuned for more insights on marketing technologies. To participate in our Tech Bytes program, email us at firstname.lastname@example.org