Are mobile apps risky business?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.scmagazine.com/are-mobile-apps-risky-business/article/393038/

While the enterprise software market is predicted to grow to $4.5 billion
by 2016, the increasing prevalence of mobile applications is exposing new
security holes for businesses. Having an app for everything brings many
benefits, but also entices hackers to target apps as gateways to valuable
data. Businesses must meet the associated security challenges head-on with
structured approaches.

Both mobile and enterprise technology are exciting, well-funded IT sectors.
But it's where mobile and enterprise meet that we find the most profitable
sector of all: mobile apps.

The rise of mobile has fuelled the trend towards bring-your-own-device
(BYOD) as well as in-house developed applications. Apps help enterprises
build identity and engage customers, as well as increase efficiency. But
just as the web brought new IT security challenges, applications present
fresh risks to business.

Collaborative app development poses threats to unencrypted code which could
unlock login details of cloud services – and ultimately corporate networks.
Development risks must be managed in the context of commercial objectives,
but businesses must stay one step ahead of hackers.

Over a defined lifecycle, businesses must: review corporate architecture to
address all vulnerabilities; understand compliance requirements and ensure
security is built-in from the very start; use best practices and tested
secure modules wherever possible; test and test again in-line with emerging
threats; and perform configuration management to maintain consistent
application performance.

It's inevitable that hackers will target intellectual property stored
during app development. By addressing these complex risks, businesses will
create secure applications with confidence. As a result, they'll benefit
from innovative ways to interact, without worries over unlocked back doors.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!