Missing: Enterprise Mobile App Security
While enterprises invest more and more dollars into mobile app development, roughly 40 percent of large companies don’t proactively secure the mobile apps they’re building. Even worse, 50 percent of large companies devote no app development budget toward security, according to Ponemon Institute and IBM. After reading that report, here are my key takeaways for IT service providers:
1. If you have an in-house app development team, an intense security focus can differentiate your efforts from potential rivals. Make sure your developers address the 5 worst mobile app security dangers — including insecure data storage; weak server-side controls; unintended data leakage; broken cryptography; and security decisions via untrusted inputs.
2. Mobile security must push beyond physical device security (smartphones and tablets) to encompass iOS and Android app security. Just because a consumer app surfaces in the Apple or Google app stores, don’t assume they’re secure. Ditto for third-party corporate apps.
3. Find big data services or solutions focused on threat detection, then leverage those offerings to proactively protect your customers. Two security analytics opportunities include (A) security information and event management (SIEM) technologies and (B) user behavior analytics (UBA), according to Gartner.
4. The app security nightmare must be even worse within small and midsize businesses, which have even fewer in-house IT resources than their enterprise counterparts.
5. If you need to partner on application security testing, track down companies that offer (1) static application security testing (SAST), (2) dynamic application security testing (DAST) and (3) interactive application security testing (IAST). Leaders in those area, according to Gartner’s Magic Quadrant, include IBM, HP, Veracode and Whitehat Security.
Too often, IT service providers focus the conversation on endpoint security. Just remember: Today’s apps and data can live anywhere — which means endpoints are only one piece of the IT security puzzle.