Framework for Designing Secure Mobile Enterprise Applications

Mobile devices like smartphones and tablets are not only designed for private use, rather for business use as well. Mobile solutions such as mobile enterprise resource planning and mobile business intelligence are nowadays becoming more common. However, integrating mobile devices and applications has also brought new security challenges and risks. Despite all advantages of mobility, many organizations continue to avoid it due to security issues. Simply porting information security standards from workstations, notebooks, and server domains to mobile devices is unlikely to be effective. Thus, from enterprise point of view, security levels are not clear on mobile devices. Generally, a high level of security might be reached on mobile devices by setting a high level of restrictions. On the other hand, this might minimize user acceptance and satisfaction factors. In this research, risk analysis with focus on mobile devices is conducted and a framework to design secure Mobile Enterprise Applications (MEAs) is developed. This research mainly supports enterprises in decision-making process during designing MEAs and helping developers to understand the mobile security issues and classify MEAs into security levels. Moreover, security transparency provided by the framework promotes a trustworthy usage of mobile devices in business sectors.