This blog post was originally published by GenieConnect at http://www.genie-connect.com/blog/security-the-ugly-secret-at-the-heart-of-eventtech. GenieConnect joined the ranks of our VerAfied secure software directory in June of this year using our static binary analysis service. We're excited to see and supportive of GenieConnect's decision to make the security of their software and users, a priority.
If you’re short of something to do today, try putting mobile security into Google News – you’ll get over 6 million hits. It’s not difficult to see why: in an age of BYOD, the proliferation of tablets and the ever increasing sophistication of smartphones, information is going mobile – and the implications of this are scaring the hell out of people. Industry analyst Gartner claimed that 75 percent of mobile security breaches will result from mobile application misconfiguration. Even the largest app vendors are not immune –Spotify recently required users to update to a new, more secure version of its Android app.
Now, how many results would you find if you put ‘event tech’ mobile security into Google news? Well, given the importance of the data stored in native event apps (corporate plans and the personal records of thousands of attendees, for instance) and the debate around the securing of mobile devices, there should be millions, right? Wrong. There’s only seven – and three of them relate to our recent announcement that we were the first #eventtech vendor to achieve the VerAfied security mark.
It’s curious, isn’t it? Is there an industry omertà – a code of silence – around this issue? I’m beginning to think so. Earlier this year, TechWeekEurope reported that a mobile app (ironically for the RSA security conference) had “leaked data on thousands of users”. Now, in a hugely competitive industry where companies fight tooth and nail for the slightest competitive advantage, I was expecting a deluge of coverage over this issue as rivals crawled over each other to exploit this flaw. But there was nothing.
With hindsight, I think there was an industry-wide sigh of relief, a sense that, “there but for the grace of God go I”; and, thankful that the hackers had chosen to go elsewhere, most event tech vendors put their heads back into the sand. Well, GenieConnect chose not to do this.
We knew that achieving VerAfied status would tell the market that we took security seriously. So we submitted our entire platform to the VerAfied testing regime. As our CEO Giles Welch said, "By enlisting the services of Veracode, the world's most powerful application security platform, we can reassure clients that that our software complies with the highest security standards."
Particularly over the past few months, we’ve seen an increased focus on the security aspects of our solution. In fact, we’ve recently won some major contracts following a global procurement process in which security was a paramount consideration. This issue is clearly not going to go away and, at GenieConnect, we believe that security certification will become the new normal for event tech.
So, isn’t it time that we as an industry take our heads out of the sand and embrace this as an opportunity
rather than resisting it as a threat?
To find out more about securing your #eventtech solution, download our Best Practice guide.