Security & Privacy in the App Economy
As enterprises adjust to the new reality of business having moved beyond their core and legacy systems of record - to millions of mobile devices and social networks at the edge of the enterprise, to new distribution channels in the shape of apps which are often built by third party or partner developers - the question of end user privacy becomes increasingly important. As the app economy matures, it’s participants will have to quickly move from self governance to establishing standards or even regulation to address end-user privacy expectations.
Who is responsible for security and privacy when dealing with applications and APIs?
In the era of the browser, privacy questions were handled expressly between the website operator and the end user. The end user consented to using the products and services exposed through the website and had the right to agree to the policies set forth by the web site operator.
Who is ultimately responsible for privacy and policy in the app economy?
End users? API providers? App developers?
The answer is all of the above!
Privacy is really the control that a user has on their definition in an environment that they are familiar with and understand how it functions. The world of apps is a new environment that end users are only becoming familiar with and privacy best practices from the browser world can be found severely lacking in this new environment. Users will demand similar rights as they do in the online/browser world, including:
Understand and view the information being collected about them
The ability to choose what information can be collected and for what purposes it can be used beyond the immediate product or service
The ability to contest the accuracy of information collected about them
Understand the security of processes and systems used to store and process their private data
Through the ability of APIs and apps to reach new markets and end users across the globe, the enterprises might find themselves operating in completely new markets and geographic regions and therefore find themselves bound to the privacy regulations in several parts of the world. This means that enterprises will have to increasingly deal with different privacy rules and regulations for the same services and products. New products and technologies are required to operate in this new environment.
The app developer who might not have been thinking about their end-user privacy expectations will very soon have to worry about how and what end user information they collect, store, process, and share. Preparing for success requires developers to be cognizant of privacy and security issues and utilize best practices while building their apps.
Developers should collect only the data required to offer the best experience to end users. They should not store user data without users' permission. User data should be obfuscated or encrypted if possible, and so on.
As apps become popular, as usage increases and becomes more personalized, these requirements and considerations can be ominous and a distraction for developers. They too will need a new set of tools and technologies to help them deal with privacy expectations, consent, and data management solutions.
A whole host of factors including the advent of big data technologies, publicly available information sources optimized for consumption, sophisticated behavioral analysis for personalization, and the advent of recommendation and predictive products and services, end users will become more concerned about their privacy. They will demand a single point of contact and tools to understand their privacy considerations and control their information and its usage.
Is the app economy ready for this challenge?
Here are some steps that can be taken to get ahead of the problem.
Understand and provide to your end users privacy policies and data handling procedures for all services that your app uses
Choose APIs (and services) for your app that are highly reputed and offer best-in-class privacy handling and mitigation procedures
Enable end users to connect with services directly regarding their policy questions
Utilize cloud-based data storage providers that are privacy and security certified
Consider the entire value chain from a security perspective - from API to developer to app to end user
Build capability to distinguish between good and malicious apps that use your APIs
Detect malicious apps and take steps to block such apps and notify end users of these apps and help them deal with any privacy outages
- Enable end users of apps that use your APIs to understand your data collecting and privacy policies