5 Tips For Mobile App Security From ICSA Labs
MECHANICSBURG, Pa. – As the number of mobile devices continues to grow and companies develop unique apps to engage with employees and customers, security remains a major concern for IT departments.
While research from the “Verizon 2013 Data Breach Investigations Report” shows data breaches involving mobile devices are uncommon today, experts agree these security threats will become more prevalent in the near future.
According to Jack Walsh, mobility program manager, ICSA Labs: “With more mobile payment systems coming online, and as more devices connect to the cloud, we will begin to see an uptick in security threats to mobile devices. Add to this the bring- your-own-device and bring-your-own-app trends, and it’s easy to understand that mobile devices will be the next frontier for hackers. By layering on additional security proactively, enterprises will be in much better position to protect their assets.”
To help enterprises stay ahead of the curve, ICSA Labs offers these five tips:
1. Dynamic analysis is a must. If deploying security tested mobile applications is required by your company’s IT organization, consider mobile applications that have undergone dynamic analysis. This involves testing a mobile application while it is running in a live environment including all the appropriate back-end systems with which the app normally communicates.
2. Conduct due diligence when selecting a mobile application developer. Make sure the mobile app developer is legitimate, trustworthy and has a history of quality app development. Another good due diligence step is to ask app developers if they have their own testing and certification practices.
3. Build an enterprise app store. If, as an enterprise, restricting certain mobile apps seems like a futile effort, build your own enterprise app store. The store should only include independently tested and approved mobile applications. Also, build and share a list of mobile apps from the enterprise app store, as well as other apps deemed secure. This can help prevent employees from downloading apps from other, possibly rogue locations.
4. Develop and share broadly your mobile device policy with employees. They need to know and understand the ground rules for bringing their own devices into the work environment, and know if this practice is forbidden. Be sure to develop and clearly communicate your policies. Nothing wreaks as much havoc on an organization as ill-informed employees.
5. Don’t fight a losing battle. Research and implement the right mobile device management solution that adequately supports the bring-your-own-device policy, so you are not swimming upstream. Enterprises should be in the driver’s seat when it comes to managing the mobile device environment. It is far easier to get ahead of the curve and then to make corrections after the fact.
Earlier this year, ICSA Labs launched its Mobile App Testing program to test the security and privacy of mobile applications. Enterprises can learn more here: https://www.icsalabs.com/technology-program/mobile-app-testing
About ICSA Labs
ICSA Labs, an independent division of Verizon, offers third-party testing and certification of security and health IT products, as well as network-connected devices, to measure product compliance, reliability and performance for many of the world’s top security vendors. ICSA Labs is an ISO/IEC 17025:2005 accredited and 9001:2008 registered organization. Visit http://www.icsalabs.com and http://www.icsalabs.com/blogs for more information.