Share this e-Alert:

Polsinelli Intellectual Property & Technology
         

  

February 2015

  

Security Risks Posed by Mobile Apps: Do You Have a Vetting Process in Place?

  

 
 

  

     

  

 
 

For more information about this alert, please contact:

  

Kathryn T. Allen

Author

816.572.4884

Email | Bio

  

Greg M. Kratofil, Jr.

816.360.4363

Email | Bio

  

Additional Intellectual Property Practice Leadership:

  

Patrick C. Woolley

Practice Area Chair

816.360.4280

Email | Bio

  

Gregory P. Durbin

Practice Area Vice Chair

720.931.8133

Email | Bio

  

Kathryn J. Doty

Practice Area Vice Chair

314.552.6850

Email | Bio

  

To view a full list of our Intellectual Property professionals, click here.

  

For current Intelligence or to learn more about our Intellectual Property practice, click here.

  


View Polsinelli documents on JD Supra  
LinkedIn Twitter Facebook Inside Law Podcast Connect with us on LinkedIn. Connection with us on Twitter. Connect with us on Facebook.

 

   

As more organizations deploy mobile apps to facilitate their business processes, it is important that those organizations develop a specific app vetting process in order to mitigate the security risks that such apps can bring. To assist this process, last month the National Institute of Standards and Technology (NIST) set forth its special publication, "Vetting the Security of Mobile Applications," providing step-by-step recommendations to augment data security.

New Challenges

When adopting a new technology, organizations should always investigate and consider the potential security impact that technology may have on its information security resources, its data and its customers. Part of this investigation should always center on whether the technology can perform and function within the organization's systems in its intended manner and whether it is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle.

Unlike a desktop computer system where software exists within a tightly controlled environment that is uniform throughout the organization, mobile apps pose unique security challenges. They cull personal information from physical sensor data, personal health metrics, pictures and video, to a much higher and more precise degree than before. Mobile devices also have a wider variety of network services than traditional enterprise applications, like Wi-Fi, 2G/3G and 4G/LTE in addition to short-rage data connectivity options like Bluetooth and Near Field Communications. All of these mechanisms for data transmission can be vectors for remote exploits.

How Should You Evaluate a Mobile App's Impact on Your Security?

The following key questions will aid an organization in identifying, understanding and documenting the potential security impact of mobile apps on the organization's computing, networking, and data resources:

How will data used by an app be secured?

Apps that collect, store, and transmit sensitive data should protect the confidentiality and integrity of this data. This protection extends to preserving privacy, such as asking permission to use personal information and using it only for authorized purposes.

On what environments will the app be deployed?

Apps that are used only on mobile devices will pose less risk than those that interact with the organization's system-wide desktop software. Apps should have only the minimum permissions necessary and should only grant other applications the necessary permissions.

What are the acceptable levels of risk for this particular app?

An app that is critical to the organization's business processes or that will be made available to the organization's customers or the general public needs to be vetted more thoroughly, as the repercussions from a security breach are much higher than apps with more limited use.

What is the planned implementation of the app?

New apps should be rolled out slowly and to a select few before organization-wide distribution, to test the mobile security architecture.

For More Information

A well-defined and comprehensive vetting process for mobile apps should be a part of any organization's overall informational security strategy. Polsinelli's Intellectual Property team can help your organization:

  • Understand the importance of vetting the security of mobile apps as related to your industry.
  • Plan for the implementation of the app vetting process.
  • Develop app security requirements that are specific to your business and your industry's standards.
  • Understand the types of app vulnerabilities and how to detect those vulnerabilities.
  • Determine if an application is acceptable for deployment on your organization's mobile devices.

For assistance in launching or refining your own app-vetting process, please contact the authors, a member of the Intellectual Property practice, or your Polsinelli attorney.

 
 

  

     

  

 
         

 

 

 

  

     

  

 
 

Atlanta  Chattanooga  Chicago  Dallas  Denver  Edwardsville  Jefferson City  Kansas City  Los Angeles  New York
Overland Park  Phoenix  St. Joseph  St. Louis  San Francisco  Springfield  Topeka  Washington, D.C.  Wilmington
polsinelli.com

 
 

  

     

  

 
 

  

ABOUT POLSINELLI

real challenges. real answers.SM  
Polsinelli is a first generation Am Law 100 firm serving corporations, institutions, entrepreneurs and individuals nationally. Our attorneys successfully build enduring client relationships by providing practical legal counsel infused with business insight, and with a passion for assisting General Counsel and CEOs in achieving their objectives. Polsinelli is ranked 18th in number of U.S. partners* and has more than 740 attorneys in 19 offices. Profiled by The American Lawyer and ranked as the fastest growing U.S. law firm over a six-year period**, the firm focuses on health care, financial services, real estate, life sciences and technology, energy and business litigation, and has depth of experience in 100 service areas and 70 industries. The firm can be found online at www.polsinelli.com. Polsinelli PC. In California, Polsinelli LLP.

* Law360, March 2014
** The American Lawyer 2013 and 2014 reports

  

 
 

  

     

  

 
 

Polsinelli provides this material for informational purposes only. The material provided herein is general and is not intended to be legal advice. The choice of a lawyer is an important decision and should not be based solely upon advertisements.

Copyright © 2015 Polsinelli PC.

 
             
Connect with us on LinkedIn. Connection with us on Twitter. Connect with us on Facebook. Intellectual Property Polsinelli Intellectual Property Polsinelli