Mobile Is Your Frenemy

By Samuel Greengard  |  Posted Monday, November 18, 2013 05:01 AM

By Samuel Greengard

In only a few years, mobile technology has radically redefined the way the modern enterprise collects, manages and shares data. And while it's clear that many organizations are reaping enormous productivity gains using mobile devices and mobile apps, it's also glaringly apparent that these devices and systems open a door to a spate of risks and threats.

A just-released study conducted by Hewlett-Packard informs us that nine out of 10 mobile applications are vulnerable to attack. The survey of 601 Forbes Global 2000 firms found that 97 percent of the mobile applications tested accessed at least one private information source within a device, and 86 percent of those applications did not have adequate security measures in place to protect them from the most common exploits.

However, the problems don't stop there. In addition to security weaknesses, 86 percent of apps displayed a lack of binary protections, 75 percent used insecure data-storage techniques, and 18 percent displayed transport security issues, including sending user names and passwords over HTTP rather than via SSL and HTTP. "Laying the groundwork for a basic mobile application security strategy allows organizations to identify vulnerabilities before they are exploited," the HP report noted.

What's disturbing, according to the report, is the fact that IT and security experts often wind up sniffing down the wrong path. Many are thinking only about protections such as MDM, MAM, MIM, SMM and ORM rather than approaching the problem from the ground up and thinking holistically. "Nearly all vulnerabilities can be found and remediated by simply running a security assessment test before releasing or procuring a mobile application," HP reported.

This amounts to a red alert for CIOs and other executives. It's increasingly clear that all the protections and controls in the world offer little aid if there's a fundamental flaw in the way apps are designed, implemented and used. As HP puts it, "[Vendor] solutions can be a great extra-layer of defense, but shouldn't be used instead of remediating the underlying issues."

About the Author

Samuel Greengard is a contributing writer for CIO Insight.