Mobile Apps Need Better Security

 
 
By Karen A. Frenkel  |  Posted 11-22-2013 Email Print this article Print
 
 
 
 
 
 
 
 
 
  • Previous
    Easily Access Sensitive Data via Tablets
    Next

    Employees Easily Access Sensitive Data via Tablets

    13% have access to customer data, 13% to contracts, invoices and customer orders, 12% to customer service data and account numbers.
  • Previous
    Employees Easily Access Sensitive Data With Smartphones
    Next

    Employees Easily Access Sensitive Data With Smartphones

    8% access company data, 5% access contracts, invoices and customer orders, 5% access customer service data
  • Previous
    How Concerned Are IT Pros About Mobile Malware?
    Next

    How Concerned Are IT Pros About Mobile Malware?

    60% of those surveyed say they are quite concerned and 23% are somewhat concerned.
  • Previous
    Levels of Maturity for Mobile App Security
    Next

    Levels of Maturity for Mobile App Security

    Forester finds three levels of mobile security maturity among enterprises. Those at Level I assess mobile apps security: manually, use no formal testing, have no application acceptance criteria.
  • Previous
    Ad Hoc Mobile App Testing
    Next

    Ad Hoc Mobile App Testing

    60% of respondents say they only manually assess mobile apps for security and privacy issues, which can result in inconsistencies, according to Forrester.
  • Previous
    Level I Mobile Security and Antivirus Software
    Next

    Level I Mobile Security and Antivirus Software

    One in 26 believe antivirus software is sufficient to secure their mobile environment, which Forester says is not effective, just as it was not in the traditional PC space.
  • Previous
    Level 2 Mobile Security
    Next

    Level 2 Mobile Security

    Enterprises at Level 2 mobile security use: automated tools to create a security baseline for all layers of mobile security, control point technologies, like mobile device management, and enterprise app stores, are unlikely to have deployed these systematically, beyond pilots.
  • Previous
    BYOA and BYOD Tolerance
    Next

    BYOA and BYOD Tolerance

    Only 25% of respondents use formal application acceptance criteria.
  • Previous
    Level 2 is Reactive, Not Proactive
    Next

    Level 2 is Reactive, Not Proactive

    Vetting the security of apps is labor-intensive so the number approved is typically low. Coupled with frequently released new mobile apps, enterprise vetting is reactive instead of proactive.
  • Previous
    Level 3 App Security Is Still Immature
    Next

    Level 3 App Security Is Still Immature

    Technologies for a security program are primitive and human processes are still required.
  • Previous
    Successful Level 3 App Security
    Next

    Successful Level 3 App Security Requires:

    Segmenting the user base, deploying an enterprise mobile control point, defined app acceptance criteria, automated tools and manual assessment to support app turnover.
  • Previous
    Recommendations
    Next

    Recommendations

    Understand your enterprise's risk tolerance level. Work with others to define an acceptable risk level. Segment employees into groups based on their and the enterprise's risk tolerance level. Formalize app vetting requirements and policies for each segment.
 

According to a new report by Forrester Research, mobile security risks are moving to apps, mimicking the traditional computing space in which security and risk professionals first targeted networks and devices and then progressed to applications. The Forrester Research report cites three reasons for directing security to apps. One, security and risk professionals have little control over mobile networks, devices and OSs. Operating system vulnerabilities show no correlation to the number of threats against them, reports Forrester, citing "Symantec Internet Security Threat Report 2013." The top layer of security stack, therefore, is the primary point of risk within mobile. Two, employees are using multiple personal devices at the office, home and while travelling to view private and strategic corporate data. Lastly, mobile apps are updated more frequently than traditional PC applications, making it hard for security and risk personnel to keep up with the rapid pace of device expansion. The report, which is based on responses from 692 IT security decision-makers from over 60 companies with $50 million in revenues, offers recommendations for how enterprises can best to secure mobile apps. For more about the report, which, click here

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date