kantver - Fotolia

Why a distributed application poses a threat in the IoT era

There are benefits to distributing experiences across mobile apps, but it also puts data at risk. Find out how mobile and Internet of Things devices put a wrinkle in distributed application security.

Customers expect to access a company's products and services wherever and whenever the time is right to consume them. This means not only having access to the mobile app or website but also smaller pieces, or "micro-experiences," that may encompass only part of the service.

Those experiences often include one vendor's service appearing inside another company's app -- known as a distributed application experience.

For example, a user could land at an airport and use the American Airlines app to find which baggage claim bin their luggage will end up at. Everything is contained and managed within the app, so as long as the app provides the right level of security, the customer's information should be properly protected.

But there might also be a section of that mobile app stating where the customer could pick up his Hertz rental car. Hertz "distributing" its micro-experience within the American Airlines app is one form of a distributed application experience. Hertz handles the code and content but it lives within the American Airlines app, so Hertz may be concerned with American Airlines potentially having access to a customer's Hertz information. Meanwhile, American Airlines may be concerned with the quality and security of the application program interface that disseminates the Hertz information to the American Airlines app. 

That kind of distributed experience is where the world is headed. For enterprise IT admins, there's one major type of distributed application experience they need to be worried about -- the Internet of Things (IoT). As data within an enterprise expands beyond mobile devices to IoT devices, businesses need to be able to protect it. 

How a distributed application puts data at risk

Wearables are the first wave of Internet of Things devices. IT can use an enterprise mobility management (EMM) tool to manage an employee using a wearable, such as the Apple Watch, that extends the capability of their enterprise email, calendar and contacts apps. The data is secure, encrypted and containerized, so there is little risk in transmitting that data outside the watch or storing it on the hardware. 

With so many potential security risks from IoT devices in a distributed application environment, it's important to implement policies to protect enterprise data.

But as IoT-connected devices and sensors gain the ability to store data, it becomes more of a risk to the organization. As a consumer example, hackers could potentially steal data from the new Samsung Family Hub refrigerator when users ask to view its camera to see if they're out of butter.   

Here are some enterprise examples: Bob is at home dictating work notes to the Evernote app using his Amazon Echo. Since Bob is using his personal wireless network, he could be exposing his employer's data to viruses or other threats. To keep that process secure, IT managers would need to containerize the app, and have a policy that places certain security requirements on the home Wi-Fi network. In a similar scenario, an employee working on a business app on his or her Apple TV also creates risk. To avoid corporate data leakage, IT could deliver the app through a secure enterprise app store. 

With so many potential security risks from IoT devices in a distributed application environment, it's important to implement policies to protect enterprise data. The challenges facing enterprises today are similar to the ones that arose in the early days of mobile device management. The guidance for businesses back then is similar to now: Create solid security policies, and communicate them clearly to employees; protect the most important endpoints using an EMM tool; and provide employees and consumers with the best way to protect their data, so they do not look elsewhere.

Next Steps

How big data, distributed apps and IoT affect the data center

Overcome mobile cloud computing challenges with distributed apps

Manage application security on employee-owned mobile devices

Dig Deeper on Internet of Things (IoT) Mobility and Consumers