Ominous forecast for mobile app security
September 25, 2014

BYOD programs continue to become more prolific with respect to the number of companies that have adopted this approach to enterprise mobility, as well as the diversity of devices that are entering into the corporate infrastructure in the pockets and bags of employees. First and foremost, it is important to remember that BYOD comes with a wealth of benefits, so many that it is very difficult to make a case against implementing the program in one form or another.

Now, as more organizations begin to recognize the threat of lost and stolen devices after enabling enterprise mobility strategies, management is now a bit more effective than it was in the past. However, applications remain as a significant issue, but with respect to actual enablement of increased productivity without disruptions or outages, as well as the security angle, with so many firms struggling to get a handle on the pieces of software that are used by employees. 

A few years ago, it appeared as though enterprise application stores, which would be propagated by software that was either created or deployed by the business itself, would start to catch on and represent the most common sources of apps entering the corporate framework. This has not truly reached high levels of adoption, with the vast majority of applications coming from third-party sources, raising many identity and access management questions in the process.

Dangerous apps
Gartner recently published a forecast that pointed to the widespread use of third-party apps for corporate functions, but stated that business leaders must start to wake up to the level of threats these pieces of software come with before more significant breaches begin to occur. According to the analysts, by the end of 2015, roughly three-quarters of all apps available on the Internet – regardless of which operating system they work with – will not pass some of the simplest security protocols and evaluations. 

"Enterprises that embrace mobile computing and bring your own device (BYOD) strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance," Dionisio Zumerle, principal research analyst at Gartner, affirmed. "Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security."

The researchers pointed out that these apps are already being used to access corporate assets, yet the level of security assurance they come with are lackluster at best. As a note, sophisticated attacks perpetuated toward these applications are not even the biggest concern, but rather flaws and vulnerabilities that can be used as vehicles for hackers to break into corporate frameworks are the real worrisome matters. 

"Today, more than 90 percent of enterprises use third-party commercial applications for their mobile BYOD strategies, and this is where current major application security testing efforts should be applied," Zumerle added. "App stores are filled with applications that mostly prove their advertised usefulness. Nevertheless, enterprises and individuals should not use them without paying attention to their security. They should download and use only those applications that have successfully passed security tests conducted by specialized application security testing vendors."

Has to be a better way
At the end of the day, there is no reason why companies need to take on excessive risk when deploying a comprehensive BYOD management policy, as the use of dynamic authentication solutions that anchor identities to a device can streamline the user experience while better protecting access management. 

Rather than waiting for a major piece of malware to wreak havoc on systems and data, companies should proactively leverage effective access management tools.