In recent weeks, there has been a lot of talk about the phenomenon of hardware release cycles taking a toll on safe software development. Just as OS platform safety testing gets neglected in the mad dash to keep pace with hardware launch dates, IT organizations are also watching mobile app safety get tossed by the wayside as pressure to keep pace with consumer demands mounts.
Between BYOD initiatives and the rapid release and onboarding of native and third-party apps, screening and security testing have reached shocking lows. It's never been more fair to assume all apps are either untested or undertested. Don't let pressure on design and development shops be the reason your enterprise gets hacked.
Odds Are . . .
According to a recent Ponemon Institute study, "Four out of 10 companies surveyed say they aren't scanning the applications they build for flaws that could result in malware infections, data leaks and other problems." Those are not good odds for IT-heavy enterprises, which the study found implement an average of 110 mobile apps.
Even if your company is on the far low end of mobile application use, the odds are not in your favor. In light of this news, it's important that enterprises consider the newest realm in the IT world is also the least secure. That's a frightening combination — and one that speaks strongly to the need for comprehensive third-party security that's equipped to handle the huge variety of mobile apps and platforms present on the market and in the workplace today.
BYO . . . D
Having employees bring their own devices to work is a lot less dandy than asking guests to bring their own beverages to a party. Aside from the obvious differences between Android, iOS, Windows and other smartphone operating systems, there are virtually infinite variations and updates of every app on those phones, meaning there are a lot of applications in various stages of untested infancy and forgotten obsolescence. This makes the cost savings of BYOD programs a lot more complicated, since one vulnerability can cost a company more money than buying all the smartphones in the city.
IT admins also face unprecedented headaches when onboarding a BYOD program that requires granting a dozen or more different e-mail clients access to a company's server. Some developers leave older software versions out of security testing as new ones roll out, which means a previously safe e-mail app may no longer be protected.
Play It Safe
The "rush to release" phenomenon is undoubtedly detrimental to network security. With ever-shortening software development lifecycles, mobile apps are being implemented before they've been tested and being kept in enterprises' networks long after their intended product cycles have ended. The first step to a safer enterprise is understanding that the mobile application world is the Wild West of cybersecurity. With so many developers and versions of mobile devices to develop for, it's guaranteed some applications in your network were not tested as well as they should have been.
The only way to protect yourself against this reality is to run application security that thoroughly tests every in-house and third-party mobile application, and that maintains a vigilant inventory of apps for the duration of their time in the network. There's no way to know which versions of what apps are safe and how long they've been exposed to the relentless onslaught of hacking attempts unless you test and keep track of them yourself. The unfortunate reality is that the mobile world has taken the burden of testing away from the developers and placed it on those who use mobile apps. Is your enterprise prepared to handle that?
Photo Source: Flickr