Bekker's Blog by Scott Bekker, Editor in Chief

Blog archive

Gartner Raising a Scare About Mobile Apps

How secure are those mobile apps that users bring into company networks via their own devices? Not very, according to researchers at Gartner. Nor is the situation likely to improve soon.

As part of the Gartner Security and Risk Management Summit this week in Dubai, Gartner principal research analyst Dionisio Zumerle flagged mobile apps as an emerging route for attackers to get into enterprise networks and steal corporate data.

"Enterprises that embrace mobile computing and bring your own device (BYOD) strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance," Zumerle said in a statement. "Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security."

Gartner contends that through 2015, more than three out of four mobile applications will fail basic security tests, and encourages enterprises to get aggressive about testing apps that access corporate data and about exploring technologies that help contain the activity of apps on mobile devices, such as wrapping and hardening.

"Today, more than 90 percent of enterprises use third-party commercial applications for their mobile BYOD strategies, and this is where current major application security testing efforts should be applied," Zumerle said. "App stores are filled with applications that mostly prove their advertised usefulness. Nevertheless, enterprises and individuals should not use them without paying attention to their security. They should download and use only those applications that have successfully passed security tests conducted by specialized application security testing vendors."

Gartner called out static application security testing and dynamic application security testing as two categories of vendors working to improve the capabilities of their toolsets for mobile app testing. Another promising area, according to Gartner, is behavioral analysis, which monitors running apps to detect risky behavior, such as accessing users' contact lists or locations. It's equally important, the research firm warns, to test or certify security on the servers the apps access, whether internal to an enterprise or those that provide back ends for third-party apps.

The attacks on mobile endpoints are still relatively immature and Gartner anticipates that three-quarters of mobile security breaches through 2017 will result from misconfigurations rather than deeply technical attacks.

Nonetheless, the attackers are rushing at tablets and smartphones. "Already there are three attacks to mobile devices for every attack to a desktop," according to Gartner.

Posted by Scott Bekker on September 17, 2014


Featured

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.

  • Salesforce To Acquire Informatica in $8 Billion Deal

    Salesforce announced on Tuesday it plans to acquire data management firm Informatica for $8 billion.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

Most   Popular