Mobile App Security, Vulnerabilities And Application Development
I had the privilege of attending a mobile security event and interacted with many experts on the matter. I am not a mobile security expert, so my role was to speak on mobile strategies and trends and to learn as much as I could.
What did I learn? I learned the difference between a mobile security containers and mobile app wrapping. I confess prior confusion in the matter. Mobile app wrapping is a process of securing an existing app, by injecting code into and around the app that secures it and provides monitoring analytics. Mobile security containers, in contrast, enable mobile app developers to develop new apps inside a security container that protects it and provides a framework for security. Don't ask me more as I have reached the limit in this subject with those two sentences.
I also learned there are potential vulnerabilities when you have third-parties develop your mobile apps. Manageable vulnerabilities, but ones that must be considered and addressed. Most mobile app security solutions are designed to protect an app from outside attack, but what happens if the app code is designed and developed purposely with nefarious intent? Mobile security systems are not designed specifically to find or prevent that event. What if the mobile app has been developed purposely to store credit card data and then to send it off-shore? The mobile app has not been attacked or hacked; it was developed that way and delivered to an unsuspecting vendor. Yikes!!!!
With that vulnerability in mind, companies having third-parties develop apps need ways to test and verify the code and behavior of the mobile app matches the original intent, purpose and design.
I also learned that MAM (mobile application management), MDM (mobile device management), EMM (enterprise mobility management) with a pinch of mobile application lifecycle management could all be found in the same vendor, or not. It seems all of the mobile security vendors are both partners and competitors emphasizing different aspects of their solutions and ambitions depending on if their partners are present in the room or not.
The bottom line, however, is that my weekly newsletter on Mobile Cyber Security is the most read newsletter I publish each week. This is a very important topic. It appears from all of the sessions I attended that today it may take a combination of mobile security vendors to cover your full mobile security and application management needs.