When people refer to ‘mobile security’ it most often refers to the enterprise mobility management(EMM) solutions in place to hedge against the risks of mobility and BYOD policies. The problem with this is that it ignores the wider requirement for mobile app security testing as a part of ‘mobile security’.
EMM aims to do two things, enforce the enterprise’s policies on each device e.g. stopping jailbreaking or rooting of the device, and give control over enterprise applications.
Vincent Tan, part of VantagePoint Security, has undermined the confidence in EMM after looking at the solutions of Good Technology and VMware’s Airwatch. Tan points out that the it’s simple for malware to get around the jailbreaking and rooting protection making it “relatively simple for anybody to disable the entire security policy that is set by the organization.”
Further to this Tan discovered that the Good Dynamic Platform for building enterprise apps exposes the application servers to the internet due to problems with the implementation of the VPN.
Tan’s research shows that enterprise companies are overconfident in the capabilities of EMM solutions, believing that EMM is “a magic shield that will protect them from all sorts of threats”. Tan points out that the vendors take some blame as well by overselling the potential of the solution with undertested products prone to critical security vulnerabilities. This is a traditional sales approach in security where vendors present prospects with the ‘silver bullet’ that will grant protection against all kinds of threat without reliance on mobile app security testing or other security processes.
There needs to be recognition that ‘mobile security’ has multiple definitions, whether it’s data encryption products, EMM, or mobile app security testing. It will be interesting to see what becomes of the crowded EMM market at this critical time for mobile and security considerations.
Codified Security is here to help make your mobile app secure whether it’s for iOS, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing in under a minute try out Codified Security.