A framework along with guidelines for designing secure mobile enterprise applications

Nowadays enterprises demand mobility and flexibility of their employees as inevitable success factors. Integrating mobile devices like smartphones and tablets into an enterprise gives employees possibilities to work more productively. However, integrating mobile devices and applications has also brought new security challenges and risks. Despite all advantages of mobility, many organizations continue to avoid it due to security issues. Mobile devices are exposed to a wide range of threats that have to be countered. Simply porting information security standards from workstations, notebooks, and server domains to mobile devices is unlikely to be effective. Thus, from enterprise point of view, security levels are not clear on mobile devices. Generally, a high level of security might be reached on mobile devices by setting a high level of restrictions. On the other hand, this might minimize user acceptance and satisfaction factors. In this research, risk analysis with focus on mobile devices is conducted and a framework for designing secure mobile enterprise applications (MEAs) is developed and presented along with step-by-step guidelines. This research mainly supports enterprises in decision-making process during designing MEAs and helping developers to understand the mobile security issues and classify MEAs into security levels. Moreover, security transparency provided by the framework promotes a trustworthy usage of mobile devices in business sector.