In a newly released research note, Gartner discusses mobile security best practices as it applies to consumer facing apps. The piece, entitled “Avoiding Mobile App Development Security Pitfalls – March 2016” covers various aspects of the mobile app development landscape in detail, and offers a list of “do’s and dont’s” pertaining to mobile app security best practices. Especially noteworthy is Gartner’s inclusion of consumer-facing apps in the security stream of consciousness. CIOs and agile development teams around the world will soon be reading this fascinating report.
Allow me to provide an interpretation purely from Appdome’s point of view. In large enterprises for the last 15+ years, enterprise apps, servers, network infrastructure, and every other critical element of enterprise computing have typically been secured under an enterprise-wide security mandate. However, in the world of mobility, consumer facing apps have somehow been excluded from the security umbrella, even if those apps have been rolled out by the enterprise and handle highly sensitive data. To this day, this continues to be the Achilles’ heel of enterprise security and mobility. We know it and hackers know it.
After realizing the problem, the first generation of app wrapping techniques were developed – by this company and others. While implementation nuances varied from one vendor to another, the general architectural concept usually involved fairly kludgy attempts at ‘compartmentalizing’ the device and applications such that varying levels of control could be assumed by corporate IT for different ‘slices’ of the mobile environment, especially in BYOD environments. Even in situations where the company owns neither the device nor a majority of the stuff on it, they still need to protect the data flowing through the handful of business apps on that device, due to the fact that these apps usually connect back to sensitive systems in the enterprise. So if an employee-owned device that was also used for business functions is lost or stolen, then Corporate IT could remotely wipe the ‘enterprise portion’ of the phone, but leave untouched the photos from grandma’s big-game hunting trip (highly exaggerated example, but you get the point). Not a good situation from a mobile security best practices standpoint.
Fast forward to the present day, where ‘app-wrapping’ as we’ve previously known it is all but being declared dead. I’ll cover all the reasons WHY in a future blog post, but simply put, it didn’t work. One can make a credible argument that all of the woes of legacy app wrapping could be traced to one single root cause: Implementations required modifications to the application binaries and source code. Long story short: applications broke in unpredictable ways due to hard coded dependencies and lots of them, Dev cycles swelled and QA matrices exploded thanks to SDK conflicts and complex code integrations. User experiences degraded as native apps were no longer native, workflows were changed, clunky interactions were introduced, and security features were bolted-on in Frankensteinian fashion. The list goes on and on, and I don’t even need to mention dagger to the heart of legacy app wrapping with the introduction of iOS-9.
Making Mobile Security Best Practices Easy
So app wrapping has recently been superseded by Fusion – fusing security into existing apps, in a way that does not require the apps to change, and with zero impact on the user experience. Fusion makes it a lot easier to implement your mobile security best practices to all the Android and iOS apps used in the organization.The technology as well as the implementation are far superior for a myriad of reasons:
-No changes to application code…..absolutely zero. Fusing apps can be done in minutes, SDKs can largely be avoided which makes the whole process much easier to implement and far less work to maintain QA testing. Exactly what DevOps teams are looking for! Zero impact on functionality and performance.
Fusing apps takes just a few minutes and will not hold back your time to market. In other words the fusion process moves at the speed of mobile.
Appdome is cross-platform and OS agnostic. There are virtually no differences between fusing apps in iOS vs Android and extending to other platforms is far simpler than wrapping.
Zero code integration means developers can enjoy all the features included in a given SDK, but without the need to work directly with the source code.
Previous SDK integration technologies had serious limitations which discouraged developers from protecting consumer facing apps, or just rendered the endeavor simply non-feasible. SDK integrations often imposed sizable impacts on app behavior, including degraded functionality or altered workflows, modified look and feel, even significant performance taxes in some cases. Not to mention limited as well as inconsistent platform support – with different code required for each platform and months of integration time.
Our Fusion technology does all of the above in a seamless process. That’s why Gartner and other industry analysts are noting the change in the app security landscape.
2016 will be the year that consumer facing apps are secured!
We all live by our mobile apps. The times, they are a-changing! The wretched state of mobile app security is about to end. Appdome protects against man-in-the-middle attacks, malware attacks on local data, OS vulnerabilities and compliance breaches.
This breakthrough technology removes the obstacles and excuses standing in the way of securing consumer facing mobile applications. It’s easy and painless to your developers! And it’s good security. After all any security fabric is only as strong as its weakest link.
Here at Appdome, we strongly encourage your DevOps teams, Security Ops groups, CIOs and app Line of Business owners take a serious look at app fusing technologies as a way to create your Mobile Security Best Practices.