Mobile apps – Business Enabler or Security Disaster?

By   ISBuzz Team
Writer , Information Security Buzz | Sep 02, 2014 06:04 pm PST

The explosion in business apps in tandem with global BYOD strategies (‘Bring Your Own Device’) is transforming the way organisations can exploit and share information. This mobile revolution is not just about improving individual working practices with apps that provide financial dashboards, pull up travel itineraries, or work through thousands of e-mail attachments to find the right information.

Feature Download: Five Costly Data Breaches

With the right apps, organisations can fundamentally transform key business functions – such as asset management.  Traditionally the annual asset audit was undertaken – often reluctantly  – by an individual from Finance or IT tasked with touring the organisation to verify that the information on the asset register matches the assets in situ.

In recent years, these individuals have benefitted from the introduction of PDAs to replace the tedious manual process of ticking paper lists and then rekeying the information into the asset register. This approach has significantly streamlined the asset audit process and improved data quality. However, PDAs are an expensive investment and are often used for just one or two days each year.

Devolved Responsibility

Now with the latest generation of mobile apps, organisations have the chance to devolve responsibility for managing and auditing the asset estate away from IT and Finance towards budget owners.  The model is compelling: there is no additional hardware investment, and the low cost software can be downloaded from the Apple app store, Windows Store or Google Play to work on any device.

Armed with the mobile asset management app, staff can undertake the physical audits using the camera on a smart device to scan barcodes – in the same way the laser scanner on the PDA has been used in the past. The difference is that with the commonly used smart phone, an organisation can move away from dedicated equipment and dedicated audit individuals to devolving responsibility more broadly across the organisation.

The “one-off” annual audit can be replaced by far more regular activity undertaken by those with actual budget responsibility.

With this approach, department managers can take control of ensuring that asset values and asset location information are up to date for insurance purposes. They can rapidly assess new requirements, spot opportunities to reuse assets in other areas – particularly with IT equipment – and minimise the number of wasted or redundant assets. With real time visibility of asset location, value and status, it is the asset owner and budget holder that are now empowered to make the critical asset management decisions whilst the finance and IT teams still have complete visibility over the entire asset estate.

Security Concerns

But how secure is this model? With the majority of apps requiring simply a username and password, the reality is that this sensitive data related to key company assets can be incredibly insecure. So before making the move from PDA to an app, it is essential to consider the diverse security features that are being offered.

The fact that individuals use the same username and passwords for the vast majority of online accounts is far from news. So why do so many app developers still rely on them?  Even worse, some of these usernames and passwords are stored in plain text, making compromises even easier to achieve. Best practice app development demands more robust authentication, such as a PIN. It should ensure that authentication is linked to the user’s credentials on the enterprise application to provide additional verification.

Given the sensitivity of corporate asset information, it is also important to understand whether any user can have access to any information or whether there are facilities in place that limit access to subsets of information? Is the log-in process a one-time event, or is there a time limit that requires users to log in every week or month? What happens if a phone is misplaced or stolen? Is it possible to deactivate the app or unregister a device to safeguard this essential corporate data? Delivering this level of security is becoming best practice for the latest generation of business apps, but it is not yet a given. It is essential to ask the right questions before making an investment.


With the right level of security, the app model is indeed compelling, enabling those with responsibility for individual assets to take control of keeping asset information up to date. This transforms the business cost associated with managing assets, ensuring the data is accurate for insurance purposes and enabling department managers to have a far better understanding of and control over their own asset estates.

However, it is essential to understand the implications: an app is an excellent solution to a business problem – but not all apps are the same. Ensuring best practice app security is key to safely and securely realising the vision of devolved asset management.

By Karen Conneely, Group Commercial Manager, Real Asset Management

About Real Asset Management

real_asset_managementReal Asset Management (RAM) s a leading provider of fixed asset management and logistics software & services.   Over the last 30 years, its products have been implemented by more than 3,000 organisations in over 70 countries.

RAM, the leading supplier to the UK public sector, has successfully implemented software across 1000 Commercial companies, 160 Housing Associations, 100 Local Authorities, 150 Central Government sites, 200 NHS Trusts, 90 Educational Establishments and over 250 MoD sites worldwide.

The company has developed a powerful range of software modules around a central data repository that enables organisations of any size to manage every aspect of the asset lifecycle.   Its Series4000 solution offers fixed asset accounting, capital project control, lease accounting, asset budgeting, asset tracking (utilising barcodes/RFID) and computerised maintenance management.