5 Questions to Ask Your Event App Vendor on Security

The modern-day shift to mobile computing is happening at unprecedented speed. As eager as people and companies are to adopt and deploy mobile solutions, security remains an underlying challenge that has IT departments’ constant attention.

Many event organizers, marketers or planners considering a mobile meeting app may not consider implementing security measures as part of the development process. They don’t know what security-related questions to ask of prospective event app vendors. In the events and meetings space, failure to adopt security best practices is a recipe for disaster.

While security may be of little concern if an app is for your best friend’s wedding, an event that in any way broaches sensitive topics – be it financial, strategic, or otherwise – will absolutely require a tight end-to-end security system.

When it comes to providing a safe mobile app experience for your attendees, there are five security issues that you must cover with your event app developer:

1. How do you ensure that only authorized personnel working on the project have access to the data?

Event managers should have tight control over users within their own organizations when it comes to granting data access. Your event app developer should work with you to heavily restrict backend access to customer data. Show your developer your internal security procedures, so they can ensure any access is granted based on your company policies.

2. How do you secure data on your backend?

Your app vendor should always store customer data in backend servers and databases that are completely separate from other customer’s data. For added security, unique access credentials should be assigned to each database. At QuickMobile, our backend servers are hosted behind dedicated hardware and internal software firewalls.

3. How do you plan on authenticating and authorizing communication between the mobile device and backend server?

At QuickMobile, every transmission between endpoints in our security framework relies on industry standard encryption practices. This includes the migration and integration of customer data into the app, as well as communication between mobile devices.

4. When using wireless communication between the mobile device and the backend, do you always use secure protocols? What protocols do you use to secure data on mobile devices?

Appropriate authorization protocols should be in place between mobile devices and backend servers at all times. For example, your app developer should be encrypting all data stored on mobile devices using some kind of SSL program. SSL encryption is one of the basic, but most secure ways to prevent unauthorized parties from deciphering or accessing private information.

5. Can I see copies of your operational security policies?

A good event app developer should begin and end every app project with security in mind. This means having policies in place that build a strong baseline of security into every app project, and then cater customization and industry know-how to meet the event’s unique security needs and guide clients towards best practice choices.

For example, QuickMobile has a dedicated security officer responsible for ensuring the secure operation, development and deployment of not only event app projects, but also all technologies throughout the organization. In addition, we ensure that our development team goes through regular security training.

Security should be part of your culture

Remember, security should never be looked upon as a layer of software applied at the top of a stack. Rather security is a process that flows through the organization as best practices and secure technologies. It’s critical to take a much broader vision of security than simply the mobile app. Security is a business process that starts with the sale, continues through the delivery of the product, integration of data, the execution of the products and the post event wrap-up of the services.