GEC NEWS WIREMore than 75 Percent of Mobile Applications will Fail Basic Security Tests
Through 2015, more than 75 percent of mobile applications will fail basic security tests, according to Gartner. Enterprise employees download from app stores and use mobile applications that can access enterprise assets or perform business functions, and these applications have little or no security assurances. These applications are exposed to attacks and violations of enterprise security policies.
“Enterprises that embrace mobile computing and bring your own device (BYOD) strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance,” said Dionisio Zumerle, principal research analyst at Gartner. “Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security.”
Testing the client layer — the code and graphical user interface (GUI) — of the mobile application that runs on the mobile device is not enough. The server layer should be tested as well. Mobile clients communicate with servers to access an enterprise’s applications and databases. Failure to protect a server poses the risk of losing the data of hundreds of thousands of users from the enterprise’s databases. Code and user interfaces of these server-side applications should therefore be tested with SAST and DAST technologies.
Gartner predicts that by 2017, the focus of endpoint breaches will shift to tablets and smartphones – already there are three attacks to mobile devices for every attack to a desktop. The security features that mobile devices offer today will not suffice to keep breaches to a minimum. Gartner recommends that enterprises focus on data protection on mobile devices through usable and efficient solutions, such as application containment (via wrapping, software development kits or hardening).
