In an effort to provide clarity within the mobile processing industry, we have important information for you on some concerning tactics that are being used by a number of organizations to increase the competitiveness of their products. Unfortunately, these tactics could also be putting your business and your customers at serious risk by exposing sensitive data. Read on to learn three ways mobile software vendors are currently putting their customers’ data and reputation at risk.
Also, for a deeper discussion of these topics, watch our on-demand mobile webinar: “Trust in the Second-Hand Mobile Market—Is Your Data Secure?” presented with CTIA.
#1 Outsourcing Software Development to Untrusted Overseas Partners
There are certain countries that rank lower on the trustworthiness scale when it comes to privacy. We won’t explicitly list them, but it’s likely you probably have a pretty good idea already. The question you must ask yourself is, “Where is the software that I’m using being developed?” Are your vendors doing development in-house, or are they outsourcing? And if they are outsourcing, to whom are they outsourcing, where are they located and how are these being vetted? Development in North America and Europe are usually the safest bets for global companies, though there are plenty of other areas in APAC that have a great reputation as well.
Large private and public organizations that value security are taking notice of these issues—including the U.S. government, which in 2019 prohibited government institutions from using cybersecurity products provided by or using software made by Russia-based Kaspersky Lab. Similar issues have popped up with China-based company Lenovo and Chinese telecom giant Huawei.
Companies that rely on development in less trustworthy countries often do so to save money; other times, they are eager to tap into some very innovative resources and talent, but at what cost? Even if you are okay taking this risk, have you been transparent with your customers and partners to affirm their approval?
#2 Using Illegitimate Access to Databases to Collect Key Information
Some advanced mobile diagnostic, lock and erasure features require certain access and permissions; often, software vendors are using illegitimate access to databases to get this information. This can be from third-party sources that operate in the shadows or perhaps from another company, such as an Apple Authorized Service Provider, that is sharing its Global Service Exchange (GSX) credentials with another, unauthorized company to turn a small profit.
These smaller companies often go undetected because they are not processing enough devices to raise an alarm. However, as their customer base grows, so does the concern they will be discovered and their key features, such as FMiP status or Carrier Lock Detection will go away, no longer being available until a new source is found. If your vendor has these capabilities, it’s worth asking for proof they have authorization to extend access or insights from verified sources. Otherwise, those critical data points may disappear at any time.
#3 Not Focusing Enough on Security
Number three may seem a bit obvious, but for many mobile software providers, security is not the number one priority—profits and expansion are. Whether its accreditation through ADISA, achieving key certifications like the security-focused ISO27001, the quality-focused ISO9001, focusing on the security features offered in a product (e.g. complying with globally-recognized mobile erasure standards, providing digitally-signed erasure certificates) or the development process itself (e.g. including secure code review), security needs to be paramount in every facet of the vendor’s offering. This includes having full control over chain-of-custody and customer and company data. Without these things, the entire business could be put in jeopardy; we’ve all witnessed the negative impact of breaches in terms of revenue loss, damage to brand reputation, loss of customer trust, operational downtime, fines, legal action and even worse, an entire collapse of the business. For these reasons and more, security must be the cornerstone of any solution.
Where Blancco Mobile Diagnostics & Erasure Fits in
Blancco’s Mobile Solutions (BMS) app coupled with our globally certified Mobile Diagnostics & Erasure (BMDE) solution offers the most complete mobile software platform for retailers, insurers, refurbishers, 3PLs, mobile resellers and other mobile processing firms. Blancco solutions are developed by our dedicated in-house European mobile development teams, with an emphasis on integrity and adherence to global quality standards. Furthermore, we offer best-in-industry, multi-tiered, 24/7 global support that can be tailored to fit customers’ specific needs.
And while security is our number one priority, many of our product features are also worth talking about. BMDE offers the industry’s most comprehensive triaging solution, along with Blancco Intelligent Business Routing and Mobile Workflows. These features allow mobile device processors to efficiently route devices based on a multitude of variables, as defined by specific business case. This leads to reduced processing times, lean operations, increased profits and accelerated operator onboarding.
At Blancco, we place great emphasis on the integrity of our company and our products. Our customers and partners rest easy knowing we won’t source new features from untrusted sources; however, they also know we are amazing at what we do, and we are proud to have full control of our process.
Learn why organizations trust Blancco for their mobile processing environments. Request your free trial today.