Mobile Apps Need Better Security

Mobile Apps Need Better Security

Easily Access Sensitive Data via TabletsEmployees Easily Access Sensitive Data via Tablets

13% have access to customer data, 13% to contracts, invoices and customer orders, 12% to customer service data and account numbers.

Employees Easily Access Sensitive Data With SmartphonesEmployees Easily Access Sensitive Data With Smartphones

8% access company data, 5% access contracts, invoices and customer orders, 5% access customer service data

How Concerned Are IT Pros About Mobile Malware?How Concerned Are IT Pros About Mobile Malware?

60% of those surveyed say they are quite concerned and 23% are somewhat concerned.

Levels of Maturity for Mobile App SecurityLevels of Maturity for Mobile App Security

Forester finds three levels of mobile security maturity among enterprises. Those at Level I assess mobile apps security: manually, use no formal testing, have no application acceptance criteria.

Ad Hoc Mobile App TestingAd Hoc Mobile App Testing

60% of respondents say they only manually assess mobile apps for security and privacy issues, which can result in inconsistencies, according to Forrester.

Level I Mobile Security and Antivirus SoftwareLevel I Mobile Security and Antivirus Software

One in 26 believe antivirus software is sufficient to secure their mobile environment, which Forester says is not effective, just as it was not in the traditional PC space.

Level 2 Mobile SecurityLevel 2 Mobile Security

Enterprises at Level 2 mobile security use: automated tools to create a security baseline for all layers of mobile security, control point technologies, like mobile device management, and enterprise app stores, are unlikely to have deployed these systematically, beyond pilots.

BYOA and BYOD ToleranceBYOA and BYOD Tolerance

Only 25% of respondents use formal application acceptance criteria.

Level 2 is Reactive, Not ProactiveLevel 2 is Reactive, Not Proactive

Vetting the security of apps is labor-intensive so the number approved is typically low. Coupled with frequently released new mobile apps, enterprise vetting is reactive instead of proactive.

Level 3 App Security Is Still ImmatureLevel 3 App Security Is Still Immature

Technologies for a security program are primitive and human processes are still required.

Successful Level 3 App SecuritySuccessful Level 3 App Security Requires:

Segmenting the user base, deploying an enterprise mobile control point, defined app acceptance criteria, automated tools and manual assessment to support app turnover.

RecommendationsRecommendations

Understand your enterprise’s risk tolerance level. Work with others to define an acceptable risk level. Segment employees into groups based on their and the enterprise’s risk tolerance level. Formalize app vetting requirements and policies for each segment.

CIO Insight Staff
CIO Insight Staff
CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need network monitoring technology and solutions to maintain regulatory compliance for their teams and organizations.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles