IT security is so essential that it is undisputed. However, developing an application (“app”) to extend a CRM or ERP solution can take companies outside of their comfort zone. Here are a few tips to keep the security aspect of it from being part of the discomfort.
First, protect yourself.
App developers’ first priority is always to protect the fruit of their labours, and the related data. Theoretically speaking, just signing your application ensures its integrity, defends your authorship and protects you from the theft of your intellectual property. Encryption keys are another obvious, and almost universal protection measure, keeping your app in an environment where you can control its use.
But security goes beyond these two widely used, basic measures.
Next, protect your clients and users.
Apps often collect data on users, which is fair game. But there are the ethics of data collection to consider: which data do you collect? And do you have an iron-clad data storage strategy? Store data in a safe place – the supplier often provides this service – in a protected area that isn’t freely accessible. Also, use a secure architecture, encrypting transmitted data to keep it from being pirated and hacked. Finally, restrict, screen and secure all access to client data.
Now, set authorizations.
Finally, you need to set authorization and authentication levels on the client side to determine user privileges. You have two options:
- Your app-related security levels can be those of its parent by default. For example, you can decide that the app will rely on the locking parameters of the peripheral used to access it. This is an easy, productivity-friendly option, since you don’t have to manage authentication. It’s like Outlook email security being that of its parent, i.e. the Windows operating system.
- Or, you can use your own authentication management system, or clearance management. For example, you can use password authentication or multifactor authentication, though at the expense of productivity. On the other hand, if the system contains highly sensitive data, you don’t want to expose an access door that could be compromised by an unlocked peripheral like a phone. To guard against this, you should implement an authentication system in your app with password memorization – or not. For example, banking applications ban password memorization.
Last but not least, remember that these security measures, though straightforward, require military discipline within your development team: just think of the many stories of development-related security flaws in companies of all sizes.
Security is forever!