Digital transformation: the security risks

Digital transformation: the security risks 150 150 Tom Kington

For many businesses digital transformation means making desktop systems mobile and adopting initiatives that make it easier for staff to work such as single sign-on (SSO).

There’s no doubt that giving staff and customers access to your applications whenever they need them improves productivity and drives engagement. But at what cost?

The benefits of digital transformation often sell themselves. And as much as we love the opportunity to build innovative digital solutions, it is prudent to outline the risks of technology that promises to help you work better.

Mobile apps and the promise to work on the go

Offline capability is the key here: the ability to work seamlessly with or without an internet connection. Staff on the move won’t necessarily have connectivity all the time but they need to retrieve and update data from central systems. The bonus is doing all this from any device. That way your business also saves money on hardware costs.

HTML5 drives offline app development

One of the ways to achieve true remote working is to build a web-based application using HTML5. Your app will be device-independent and feature the ability to push and pull data automatically as soon as an internet connection becomes available.

Although HTML5 technology is ground breaking in the area of mobile technology, there is risk to security. Systems that are web-based need robust security measures to mitigate against cyber-attacks.

This is because data has to be stored locally to make your apps work on any hardware. The data remains stored on the device being used to access the app until it can be transferred back to your central system. The challenge is that currently there is no standard way to encrypt locally stored data. And this puts your data at risk.

A way around the issue would be to develop native Android, iOS or Windows apps dedicated to one platform. However this will almost certainly incur a hardware cost as tablets or smartphones will need to be supplied to your workforce.

The risks of single sign-on authentication

People love SSO because it saves time. Users don’t have to remember different passwords for different systems. The IT team love it because it reduces the burden of resetting passwords all the time. And with pre-populated profile information also available, SSO really delivers a good experience.

The challenge for an SSO deployment is user behaviour; especially when combined with access to data on the move. If users leave their browser unattended all apps using that sign on, are exposed. Staff need to be educated to lock devices and set up pass codes.

Furthermore, SSO solutions generally assume the user’s email account is secure. So password reset links will be sent to it. This means that any compromise of the email account could risk compromising the SSO account and all accompanying applications.

Overcoming the security implications of SSO

Alongside educating users, there are technology developments that reduce the risk of data breaches associated with SSO.

One example is Microsoft’s cloud-based software. It facilitates central management of SSO applications as well as the devices being used by your staff. iOS and Android now provide the ability to encrypt data when devices are locked so that private information, remains private. The encryption key is either the users’ pass code or thumb print, further improving security.

For many businesses the benefits of digital transformation can far outweigh the risks. To discuss your technology challenges, get in touch with us today.