Hang on. Isn’t hyper-connectivity meant to be boosting service revenue? Why are we talking about protecting revenue? Let me explain.
To the first question; yes, Industry 4.0 with its increased connectivity and real-time data collection is allowing us to better service customers in a more efficient way. Less time on site, more accurate diagnostics and the opportunity to apply predictive maintenance principles helps reduce maintenance costs and increases equipment uptime considerably.
So why are we talking about protecting revenue?
Revenue associated with service and maintenance of commercial equipment has grown to over 50% of the total revenue from an installation over its lifetime. So, it’s is important revenue to retain.
Invariably, with increased connectivity come increased cybersecurity risks. This applies to connected equipment, but also to a rising number of proprietary mobile apps that support authorized service technicians with the diagnostics, performance measurement and tunability of these systems while on site.
It is the mobile apps that I want to talk about, since they have the potential to make or break a service & maintenance business.
Securing your service technician apps / connected maintenance apps…
Whether you have an ecosystem of authorized service provider companies or you do all your service & maintenance in-house, it is of vital importance that you can ensure the work is of high quality and done by highly trained technicians. A proprietary service technician app can be a game changer here. It will provide the technicians necessary, up-to-date documentation, increase the accuracy of diagnostics and help them optimize performance while efficiently managing their site visits.
However, if this type of app falls into the wrong hands, the picture looks very different. A quick search on the Dark Web or even the plain old internet will reveal plenty of cloned versions of service technician apps that can be bought by anyone who wants to call themselves a ‘certified technician’. In this scenario, by releasing a service technician app, you have just made it easier for someone else to do a good job at servicing your equipment while stealing your service business in the process. It is like handing your competitors the keys to your kingdom.
Next-Level Mobile Security
At Irdeto, our thinking is that you do not need to apply advanced security to every piece of software. But if you have business-critical applications (think also of other mobile apps you may be developing, such as the ones used on the factory floor), it is worth spending the effort and investment to keep it out of hackers’ hands. Unfortunately, the reality is that mobile app security is often misunderstood.
This is because many companies look for security outside of the actual app. It is often believed that standard mobile security measures such as Mobile Device Management (MDM)/Mobile Application Management (MAM), app wrapping and authentication are enough.
But as we have seen in the example above, these measures – although a great start – rarely provide adequate protection when hackers seriously apply themselves to reverse-engineering and monetizing an exploit for a valuable app. When you deploy sensitive mobile apps in a potentially hostile environment, you will have to look for security inside the app. This is what application security (AppSec) does.
What does a good application security strategy look like?
As mentioned before, application security first looks at the app itself: are you applying secure coding practices, is the architecture secure, can you apply advanced renewable obfuscation, are you building in feedback loops through regular penetration testing and so on? A good AppSec strategy uses a defense-in-depth approach that combines secure coding best practices, regular analysis and feedback with the use of advanced software protection techniques.
Done well, it ensures a continuous evolution of the best possible software protection at any time. And when it comes to business-critical applications, it is money and effort well spent.
Interested to find out more about advanced mobile app security? Check out our e-book: Cybersecurity for Connected Maintenance Apps – How to protect your Intellectual Property and Service Revenue.