Future controls for ERP projects with Mobile Applications
In the current trend, most of companies are exposing their enterprise applications via web & iGadgets.
The audit and controls team aware of these changes and prepared for checking the security threats to some extent.
In future, business users may demand more iFriendly applications with iAdvancements.
There are many known and proven risks from mobile devices like using the found sim card by an unauthorized user, sending e-mails asking for financial help with fake address etc.,
If we consider similar situation for enterprise critical applications, the damage will be exponential.
In future (may be in 2-4 years), the market demands for more easy access to the applications.
Then, the software companies will add new features in pace with mobile product companies (like Apple, HTC, Sony, Samsung, Motorola etc.).
In this fast pace, security controls will be overlooked which is low/medium priority as compare to the business requirement.
The ERP projects sponsor and stake holders have to develop a strategy for implementing strict security controls and advice the PMO in the project initiation and planning phase for establishing the controls and add the compliance for mobile interfaces in project objectives.
These controls shall be set as organizational objectives by top management (These shall be preventive rather than detective).
In this blog, I am not emphasising on the technical aspects. Due importance to security & controls for mobile apps,it shall be included in threats list by project sponsors or enterprise management at enterprise global level.As of now, there are no automatic SOX controls for mobile apps.
