- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Network World - The enterprise has gone mobile and there's no turning back. And while the BYOD movement has received plenty of attention, IT departments are getting a handle on the security risks of personal mobile devices in the workplace. The next challenge is "bring your own application" (BYOA), because many public app stores have serious malware problems.
Enterprise app stores could be the answer. Gartner is predicting that 25% of enterprises will have their own app store by 2017. This will enable companies to push out apps more efficiently, it will be a major boost for mobile device management, and it could offer a secure, automated process that will work equally well for apps developed in-house and curated applications from third parties. Wherever an app originates from, it is vital that you can vouch for its security before it is circulated.
[ ANALYSIS: Enterprise application store: There's one in your future ]
Broadly speaking, there are three types of mobile apps:
Companies are increasingly opting for the hybrid approach so they can cover a wide range of platforms, but also leverage the hardware capabilities of different mobile devices. Gartner analysts suggest that more than 50% of deployed apps will be hybrid by 2016. [Also see: "What enterprise mobile apps can learn from mobile games"]
As you may imagine, each type of app requires specific testing. In each case you'll need to consider how to protect data as it travels across mobile networks. There's always a split between what is actually deployed to the mobile device, and the central processing or data storage that's deployed to a server. There's a range of software out there designed to assist your IT department in testing an app's security.
To cover all the bases and ensure effective penetration testing is carried out, your best option is to engage a third-party organization with the right expertise. They will put your app to the test, approaching it as a real attacker would -- with no regard for how the system is intended to be used, just a determination to breach it.
There are many potential weak spots in mobile apps. Knowing where they are can get you off to a good start.
This is only the tip of the iceberg in terms of comprehensive security testing for mobile apps. Factor in the peculiar demands of compliance in your industry, because it is vital that you meet the right standards for regulations and mandates. The majority of internal IT departments are simply not equipped to carry out the rigorous testing that's required to pass a mobile app as safe. [Also see: "Hardening Windows 8 Apps for the Windows Store"]
It's also worth knowing that you can't just test an app and forget about it. If you frequent the developer forums for all of the major mobile platforms, you'll find that new security threats are emerging all the time, and it takes effort to stay abreast of the situation and take the necessary action to keep your apps and systems secure.
Towerwall is a data security services provider in Framingham, Mass., with clients including Bose, Middlesex Savings Bank, Raytheon, Brown University and SMBs. You may reach her at firstname.lastname@example.org.
Read more about wireless & mobile in Network World's Wireless & Mobile section.