Light Dark
February 18, 2016 By Rick M Robinson 2 min read
Endpoint

Mobile apps are emerging as a major threat to enterprise security, and the threat is growing by the day.

Worries about mobile security are not new. For years, we have heard about the spread of bring-your-own-device (BYOD) policies and the challenges posed by personal mobile devices on the job.

But only now are the full contours of the mobile security challenge coming into view. At the heart of the problem is mobile apps — there are just too many of them to manage securely.

A Million and a Half Mobile Apps

As Karen A. Frenkel reported at CIO Insight, over 1.5 million apps were available in the Apple App Store as of June 2015, more than 300,000 of which were added in the past year.

The overall marketplace now offers millions of mobile software applications, most of them just a few taps away at major app stores. This level of software output “would have been unthinkable during the PC era,” Frenkel observed.

The software market has been entirely transformed. Just a few years ago, most people lived in a PC-centric information universe, and we dealt with it mainly through a few dozen to at most a few hundred software apps. These were often big, integrated packages such as Microsoft Office. They might have had security flaws, but they were known quantities.

Those days are over. Just a single mobile security provider now must analyze thousands of apps for security holes that attackers might exploit.

Vetting Struggles to Keep Up With Development

Hand in hand with the sheer volume of apps goes the new agile and DevOps culture of application development. Remember when software version releases came out at a stately pace, every six months to two years? Millions of apps could not possibly have been developed that way.

But now even major tools such as Web browsers have a development release cycle measured in weeks. Apps are pieced together and pushed out the door on the fly, barely into the stores before the next release is ready for beta.

This adds up to hundreds of thousands of mobile apps — most of them only sketchily tested for security, if at all — floating around the edges of enterprise networks, loaded onto employees’ personal devices or even living on corporate devices. With more and more enterprise data going mobile, a collision is inevitable.

Indeed, a survey by IDG and Lookout found that 74 percent of respondents reported their organizations had suffered mobile security breaches. Along with insecure Wi-Fi connections, the chief causes of these incidents were apps that had security flaws or contained malware.

Mobile security is drawing more attention and investment, but while the mobile app security challenge may have a simple cause — the sheer volume of apps — it has no simple solution. The apps are out there and employees will use them. Enterprises will have to draw on mobile security strategies, from closer control over data to white-listing apps, to protect themselves from being overwhelmed by the flood of applications.

Read the Ponemon Institute Study on the State of Mobile Application Insecurity

 |  |  | 
Rick M Robinson

More from Endpoint
November 28, 2023

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

October 30, 2023

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

October 19, 2023

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature