Mobile applications are a major security vulnerability for those enterprises that are implementing BYOD policies, according to new research released by Gartner. The analyst firm forecasts that 75% of mobile applications will fail basic security tests through 2015 and could offer an entry point for hackers looking to breach an enterprise’s network.
Gartner also forecasts that the focus of breaches will move from desktops and laptops to smartphones and tablets by 2017, as mobile devices continue to replace PCs. Current security features of mobile devices and applications will not be able to stop those breaches, and enterprises need to implement containment methods such as application wrapping or hardening to protect themselves, according to the report.
[For more on security, check out: Now Flatter, Cheaper Networks Can Be Secure, Too.]
The good news from the research is that providers of application security testing will modify their offerings to test mobile applications, Gartner predicts. Static and dynamic application security testing technologies are commonly used by enterprises, but mobile application testing is a new space for these technologies that will need to be adjusted to meet the security challenges around mobile apps, the report says.
Enterprises rarely perform security testing on mobile applications today, Dionisio Zumerle, principal research analyst at Gartner, said in a statement regarding the research: “Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are more concerned with the functionality of applications, not their security.”
Mobile applications also offer up a new method of application security testing -- behavioral testing. This emerging testing method monitors a running application for malicious behavior in the background. Enterprises should also apply security testing to the server layer of mobile applications and to help prevent the loss of data from their servers in the case of an attack, Gartner recommends.
“App stores are filled with applications that mostly prove their advertised usefulness,” says Zumerle. “Nevertheless, enterprises and individuals should not use them without paying attention to their security. They should download and use only those applications that have successfully passed security tests conducted by specialized application security testing vendors.”
[Learn more about the Internet of Things at Interop's Internet of Things Summit on Monday, September 29.]
Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio