A world of web development opportunities on the iPhone

iPhone Developer Summit

Subscribe to iPhone Developer Summit: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get iPhone Developer Summit: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


iPhone Summit Authors: Yeshim Deniz, Roger Strukhoff, Carmen Gonzalez, Ian Thain

Related Topics: iPhone Developer, iPhone for Business, iPhone Developer Summit, Mobile Enterprise Application Platforms, iPhone Apps on Ulitzer

iPhone Apps: Article

Remote Mobile Security vs Local Mobile Security

Protect your corporate assets

As I have already mentioned in many articles, Mobile Apps and Mobile Business Processes are becoming a routine part of daily work life, yet companies still wrestle with mobile security. They are totally correct to worry about how easily mobile devices are lost and stolen. They are also concerned that employees are quick to find new ways to use mobility for work while giving little thought to the security implications of what they do every day. I think this is due to the years of working behind the office-centric firewall which has made it possible for workers to do what they do every day without even thinking about security, as the corporate IT infrastructure protects them.

Mobility introduces entirely new kinds of risks and new ways sensitive information can be lost. This has left companies more vulnerable, or it has limited the way companies leverage mobility out of fear of becoming more vulnerable to data loss. A good enterprise grade security platform enables companies to develop and enforce policies in a systematic way. However, as you develop a security strategy, it’s important to recognize there are two fundamental pieces of a mobile security solution: remote security and local security.

  • Remote security enables you to remotely secure mobile devices from a central security console using a common set of controls for all devices. I am talking Mobile Device Management (MDM) with Security functions such as remote usage tracking, remote configuration, remote lock and wipe, and remote software provisioning and updating are all essential to managing mobile security. See Afaria
  • Local security consists of device level functions as part of App Development and on-device software that ensure security, often with the active participation of users. For instance user authentication, data encryption, and the segregation of business and personal functions on the device are local security controls. Some local security functions, such as data encryption and device configuration, can be done remotely using remote security controls. See Sybase Unwired Platform


Local security
is important because it makes users more aware of their role in engaging in safe mobility. When they need to enter a user ID and password to run an app or access company data, it not only protects the data, it reminds the user that it’s their job to protect the data. There are other ways to use local device features to enhance mobile security. For instance many business applications use alerts to give users a choice of searching for a wireless connection before launching a data intensive operation. This also has a by-product and an important feature for controlling mobility data costs. However alerts can also be used to ensure security - if a user opts to work over a wireless connection, the device can use alerts to block an operation until the user verifies that the wireless network is secure. These local security measures, which are device specific and context sensitive, can be built as part of a mobile application.

When building a Mobile Application you should also be thinking about and planning for mobile security, you cannot develop a complete strategy without realizing that mobile security involves both remote and local security.

Please follow me on Twitter @ithain

More Stories By Ian Thain

As one of the Sybase Technical Evangelists, Ian regularly addresses technical audiences all over the world and his sessions are always very well attended. He also writes education classes, whitepapers, demos and articles for various Sybase products and publishes regularly in Journals such as SYS-CON's PBDJ and International Developer Magazine. He is also the Sybase Unwired Platform & PocketBuilder Evangelist and works closely with the team in Dublin, CA and Concord, MA on new features and demonstrations for the products. In his customer-facing Evangelist role, Ian is very involved with the design, production and testing of Enterprise class Unwired Solutions, that have been implemented using Sybase's Unwired tools for Sybase customers around the globe. In addition, Ian is a dedicated technical expert continually working with Sybase's key partners and clients to enhance the capabilities of the Unwired solutions that Sybase can offer to its customers. Ian can also be found on Twitter @ithain