Mobile Apps Need Better Security
13% have access to customer data, 13% to contracts, invoices and customer orders, 12% to customer service data and account numbers.
8% access company data, 5% access contracts, invoices and customer orders, 5% access customer service data
60% of those surveyed say they are quite concerned and 23% are somewhat concerned.
Forester finds three levels of mobile security maturity among enterprises. Those at Level I assess mobile apps security: manually, use no formal testing, have no application acceptance criteria.
60% of respondents say they only manually assess mobile apps for security and privacy issues, which can result in inconsistencies, according to Forrester.
One in 26 believe antivirus software is sufficient to secure their mobile environment, which Forester says is not effective, just as it was not in the traditional PC space.
Enterprises at Level 2 mobile security use: automated tools to create a security baseline for all layers of mobile security, control point technologies, like mobile device management, and enterprise app stores, are unlikely to have deployed these systematically, beyond pilots.
Only 25% of respondents use formal application acceptance criteria.
Vetting the security of apps is labor-intensive so the number approved is typically low. Coupled with frequently released new mobile apps, enterprise vetting is reactive instead of proactive.
Technologies for a security program are primitive and human processes are still required.
Segmenting the user base, deploying an enterprise mobile control point, defined app acceptance criteria, automated tools and manual assessment to support app turnover.
Understand your enterprise’s risk tolerance level. Work with others to define an acceptable risk level. Segment employees into groups based on their and the enterprise’s risk tolerance level. Formalize app vetting requirements and policies for each segment.