Jan 29 2013

6 Ways to Ensure Better Mobile Security

Security remained the top concern during development of a mobile application at Harper College. CIO Patrick Bauer shares best practices.

Worth the Worry

Opening up information resources to mobile devices adds security challenges, but at Harper College the effort pays off in the efficient, secure delivery of critical services and information.

With more modules and features in the works, the application already provides icons for 22 sources of information about the college and campus life:

  • Offices: locations, hours and phone numbers
  • Directory: faculty and staff
  • MyHarper: individual access to course schedules, grades and email
  • Courses: the Harper course catalog
  • Social: Harper on Facebook, Twitter, YouTube and Flickr
  • Menu: up-to-date cafeteria menu
  • News: Harper news releases
  • iTunesU: exclusive content for Harper students
  • Maps: Harper's 200-acre campus
  • Construction: current projects on campus
  • Library: information about books and their availability
  • Blackboard Learn: course information
  • Athletics: Harper athletic teams
  • Events: calendar of cultural events and student activities
  • Emergency: access to 911 or the Harper College Police
  • Photos: campus images
  • Videos: Harper's YouTube channel
  • IT Services: technology support
  • Calendar: important academic dates
  • Links: Harper College–related links
  • Transit: local bus schedules
  • Feedback: user comments

Today's college students expect to have access to information while on the move. Smartphones and tablets have untethered these busy digital natives in other aspects of their lives, such as shopping, ­researching interests and staying in touch with friends.

When it comes to accessing campus resources, comfort and convenience must be balanced with a view to security. Harper College made the decision to embrace mobile technologies as a way to communicate with students through the media they now prefer, as long as that access is secure.

Soon after Harper launched a mobile application development project in early 2011, the IT staff polled students about their technology needs and desires. In particular, the IT team asked about what types of information and services students wanted to access from their mobile devices. The results indicated that students wanted almost everything related to their campus lives: from grades, library services and the Blackboard learning management system used by Harper to bus schedules and cafeteria menus. The survey also found that the college needed to move forward quickly with the development of mobile services and involve students in the process.

To make the best use of staff and financial resources, Harper partnered with Blackboard Mobile ­Central. The Harper IT staff based its work on Blackboard's proven platform but customized the application and focused on back-end issues.

Harper Mobile launched in summer 2011 with 16 custom modules, including MyHarper, where students can check email, grades, class schedules and their college bills and payments. Harper Mobile now offers 22 modules and runs on all major mobile platforms and dozens of device form factors.

Lessons on the Go

Despite the speed of development and the diverse requirements for the application, security was always a priority. It made no sense to lock the application down so tightly that students would be unwilling to use it, but campus IT resources had to remain secure.

Some important steps helped Harper maintain strong IT defenses while providing the array of information students expect:

Find partners who provide expertise, to lighten the load on IT staff.

Security was not a specific strength of the Harper College IT staff. In the same way that the college piggybacked off of Blackboard's platform when developing Harper ­Mobile, it turned to technical experts at CDW•G for a detailed security ­assessment, especially when it came to the rollout of the mobile app.

The assessment provided an ­objective view of potential vulnerabilities and suggestions on how the IT staff could address them by upgrading technology or revising policies.

Before making purchases, seek advice, then double-check it.

Once an organization has determined that it must modify security infrastructure by adding new technology, technology partners can serve as excellent sources of information and advice.

At Harper, CDW•G helped the IT staff explore technologies and match the college's needs to the features and strengths of the various product options. But the IT staff didn't stop there. They also reached out to colleagues at other institutions to compare notes and gather recommendations.

Cost is always an issue for cash-strapped colleges as well, but ­security is too important to do on the cheap. Be sure to choose products with proven track records.

Partition networks for protection.

Even before taking other security measures to protect the mobile environment, Harper College segmented its network, isolating the information and services available to students through Harper Mobile. Back-end systems and sensitive data are ­protected from unauthorized access, and from ­viruses or malware that might ­infect ­devices.


Number of downloads of the Harper College mobile app, as of December 2012. (The college has an annual enrollment of 24,250 students.)

SOURCE: Harper College

Front-line authentication is critical.

Using authentication technol­ogies and procedures, Harper can eliminate any invalid access points into the application, and ensure there are no access workarounds.

No matter how many other ­security measures are in place, it's important to control who and what devices are on the network, especially when they can achieve even limited access to information on back-end systems.

Don't skimp on testing.

When Harper decided to support all of the major mobile platforms as well as the dizzying array of devices that are constantly emerging, the IT staff took on an intense testing challenge. Currently, every modification of Harper Mobile must be tested on 65 or more devices to ensure each change works within the mobile and back-end ­environments.

Security testing increases the burden considerably, but it cannot be neglected. Harper is exploring the possibility of having a partner take over the testing to reduce the strain on internal IT resources.

Security must be an integral, and ongoing, effort.

In just over a year, Harper ­Mobile is already on its fourth version. Plus, the college is considering adding ­features such as mobile course registration. Security must remain an integral part of the development process at every step of the application's evolution.

Especially when modifications are made to any part of the app with login capabilities, ­security should be revalidated before the update is published. This is a living environment, one that must be continuously managed and secured by the IT team. ­

Every ­important upgrade or change to the mobile computing ­environment should trigger an ­outside assessment of network defenses, along with suggestions on how they might be strengthened further.