The State of Mobile Application Insecurity (PDF download, no registration required) is a report on research, sponsored by IBM and independently conducted by Ponemon Institute, based on a survey of 640 individuals involved in the mobile app development, deployment, and security processes in their organizations. The report highlights five common mistakes (infographic on Tumblr) companies make with mobile app security:
- Speed to Market — Two-thirds of respondents said business demand to quickly deliver mobile apps created security risks. Their organizations highly rated the importance of end-user convenience when developing and/or deploying mobile apps, but when convenience trumps security it compromises the ability to stop security risks such as data leakage and malware.
- Lack of Testing — More than half of respondents admitted mobile apps are tested infrequently, rarely tested in a production environment before deployment, and, on average, a little less than half of deployed mobile apps were never tested at all.
- Insufficient Spending — Although respondents’ organizations spent an average of $34 million annually on mobile app development, only $2 million (5.5 percent) of that spending was allocated to mobile app security.
- Absence of Experts — Less than half of respondents believe they have enough in-house expertise with mobile app security, and only thirty percent believe their organization has ample resources to detect and prevent mobile app vulnerabilities.
- Unenforced Policies — Despite the fact that most respondents said employees’ use of mobile apps is very heavy, they reported that more than half of their organizations lacked policies defining the acceptable employee use of mobile apps, and even in those instances where policies were defined, they were rarely enforced.
Managed service providers (MSPs) are well-positioned to help their customers overcome some of these common mistakes since they already manage many of the cloud-based IT services (infrastructure, platforms, software) leveraged by mobile apps. MSPs can help secure mobile apps against data leakage by making sure data is secure in transit, especially when public clouds are used. MSPs can also help create test environments and procedures to quickly detect and correct vulnerabilities before mobile apps are deployed, enabling their customers to securely speed their mobile apps to market.
In fact, as Julie Hunt blogged, MSPs “have a goldmine of possibilities for bundling basic mobile management services with platforms for app development, distribution, and governance. Mobility is leading the way for MSPs to move from operational technologies to comprehensive services that include systems integration, infrastructure re-designs, and consultative advisor.”
And since guidance is a key aspect of the relationship MSPs have with their customers, they can enhance and educate in-house expertise with mobile app security. Even though there are some common mistakes—such as unenforced polices—organizations will have to overcome on their own, there are still many ways how MSPs can help secure mobile apps.