With the exponential rise in the number of IoT devices on corporate networks across the globe, there has been significant effort put towards developing clear and concise security standards for how and where these devices are used.
In an article for Security Magazine earlier this year, author Brad Ree took a deeper look at the growing gap between security practices with IoT devices and mobile apps.
In his article, Ree cites a 2020 report showing that nearly three-quarters of apps wouldn’t pass a basic security test, whether for protection against phishing and malware, detection of network tampering, or any number of other simple threats. Because apps are created and deployed so quickly, he argues, companies don’t have the requisite amount of time to deploy strong security measures.
As part of his evaluation of the issue, Ree discusses security standards that are already in place for IoT devices. If IoT devices, which likely number in the hundreds of millions and are deployed at a rapid pace, can conform to clear security standards, he asks, why shouldn’t there be a similar standard for mobile apps? Ultimately, Ree believes that building security into the process proactively, as it is for IoT devices, would significantly benefit the enterprise mobile app space.
Of course, this isn’t the first time we’ve addressed questions about security issues with enterprise mobile apps. Last winter, for example, we discussed a survey which showed that 95% of companies admitted they had room for improvement in the security of their mobile apps, and we previously addressed a Verizon report which found that over 40% of companies have sacrificed mobile app security for convenience.
If one thing is clear, it’s that there is a breakdown between companies’ recognition of what they need to do to secure their mobile apps, and what they’re actually doing in practice when it comes time to develop and deploy their apps. While there are like a multitude of reasons companies ultimately make that tradeoff, the organizations that have underinvested in security measures for thier mobility programs have come to pay the price over time.
With all of that said, we agree with Ree’s assertion that there ought to be a clear global standard for mobile app security. A global set of guidelines for companies to measure themselves against can only be a good thing as far as we’re concerned.
Global standards aside, here at App47, we have a security focus and would be happy to speak with you about our approach to making sure your data stays in the right hands. If you’d like to chat about how we’re managing security risks, contact us today. We’d love to hear from you!