In 2015, Check Point Software released a report that stated that mobile devices were the weakest link in the security chain. According to its “2015 Security Report,” 72 percent of IT providers agreed that their top mobile security challenge was securing corporate information. Research also revealed that 96 percent of organizations utilized at least one high-risk application, so mobile application security represented one of their key organizational priorities.

The message is clear: Corporate data is at risk, and being made aware of these risks is critical to taking proper precautions to secure mobile devices. In a recent interview, Tyler Shields, formerly of Forrester Research, spoke extensively to IBM about how organizations can prevent and manage mobile application security threats.

A Holistic Approach to Mobile Application Security

According to Shields, safeguarding applications and data should ideally be performed at the development stage of the software development life cycle (SDLC). If all security problems could be identified at this initial stage, with coding proceeding forward securely, there would be no downstream concerns about application security. That would be the ideal situation, but in reality, it’s almost impossible to attain.

Realistically, enterprises should seek to mitigate application risk by securing their app models and embedding apps using third-party tools. This could go a long way in helping them to secure mobile applications from malicious attacks.

Organizations with advanced application security testing programs are now looking at holistic approaches to securing apps that go beyond simply putting SDLC frameworks into place.

Learn How to Make Application Security a Strategically Managed Discipline

Be Preemptive and Be Prepared

Shields reminded us that individual applications are basically blocks of code that need to be secured and 100 percent foolproof. To understand application security more effectively, you need to master the framework of Web and mobile applications.

An app is comprised of three basic layers:

  • Front-end presentation layer;
  • Application code layer; and
  • Database back-end.

The security models are very similar in each of these, and an attack can happen at any layer. Your challenge is to preempt attacks by making each of the layers more secure.

To learn more about protecting your organization’s application layer, watch the brief YouTube video below:

Three Ms: Monitor, Manage and Mitigate Risk

Repackaged applications are the most targeted apps on mobile these days. For example, a commercial bank can build its own app and make it available on Android and iOS. With the right tools at their disposal, attackers can potentially re-engineer these apps by injecting malware, placing the apps back into the application stores and ultimately storing and controlling devices that download the apps. To prevent these types of attacks, you need to improve security of the apps being built and put into the wild.

The following video, developed by IBM and Forrester Research, shows how you can improve your security protection:

Achieving Safe and Effective Mobile Application Security

According to Shields, the best way to secure mobile apps in your environment is to create and run your own internal application store. This is definitely not the easiest project to dive into since it requires considerable time and organizational resources. However, the long-term benefits can be tremendous, and eventually you’ll gain perspective on all the apps that enter your environment. Incorporating leading application security testing tools that can analyze apps for unexpected behavior and potential malicious activities will also provide you with a more comprehensive view of security.

While it’s impossible to completely prevent attacks, hacking mobile applications can be made much more difficult if you fine-tune app handling, embed apps with monitoring and tracking systems and increase the overall level of security in your mobile environment. Only by identifying risks can you strengthen your defenses against current and future threats and fully leverage mobility’s core benefit of empowering a smarter, safer mobile workforce.

Incorporating leading application security testing tools that can analyze apps for unexpected behavior and potential malicious activities will also provide you with a more comprehensive sense of security. To hear Shields’ perspective on the strategic benefits of utilizing internal app stores, watch the following video:

To Learn More

To learn more about how you can manage application security risk management at your organization, check out the IBM-sponsored Ponemon Institute study “How to Make Application Security a Strategically Managed Discipline.” You can also read the accompanying blog “Present These 10 Key Application Security Risk Management Findings to Your Executive Team.”

Learn How to Make Application Security a Strategically Managed Discipline

More from Application Security

Does Follina Mean It’s Time to Abandon Microsoft Office?

As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I’m not introducing risk to my clients. Still, using Microsoft Office was something I did many times a day without a second thought. I brought up…

3 Reasons Why Technology Integration Matters

As John Donne once wrote, “No man is an island entire of itself.” With digitalization bridging any distance, the same logic could be applied to tech. Threat actors have vast underground forums for sharing their intelligence, while security professionals remain tight-lipped in a lot of data breach cases. Much like the way a vaccine can help stop the spread of infectious diseases, sharing threat intelligence and defense strategies can help to establish a more secure future for everyone.  So what…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory. SCM systems are used in the majority of organizations to manage source code and integrate with other systems within the…