Businesses of all sizes and in all industries have had to quickly get up to speed with modern IT security demands shaped by a variety of new trends and deployments that create complexity in information governance strategies and the like. From email security and data center protection to enterprise mobility risk management and beyond, suffice it to say that the average organization faces a wide range of challenges when trying to protect itself from breach.
Now, although network, infrastructure, device and user security are certainly critical, few threats can compare to the persistence and complexity of mobility, as endpoint management has been challenged by the dramatic rise in operating system diversity and more. As a positive note, organizations in the public and private sectors have become a bit more aggressive and aware with respect to device management and security, and it did not take all that long for them to do so.
However, this is only one portion of the whole picture, as applications represent even more significant threats to security when looking at the common tactics use by hackers today, as well as the most popular vulnerabilities in companies that are leveraged to steal and expose data. Information governance is becoming more challenging as a direct result of trends like enterprise mobility and the Internet of Things, but companies cannot cower in fear as the threats begin to pile up.
Rather, taking a proactive, comprehensive and courageous approach to mobility security - as well as general IT and digital asset protection - will begin to reduce the risk and ensure that the organization is prepared to quickly deal with breaches and other problems as soon as they arise. More often than not, leveraging the support and services of a proven provider of managed security solutions can put companies in a far better position to succeed.
So, what's the deal with apps?
Gartner recently made some headlines when it released a statement that called upon organizations to recognize just how threatening mobile apps have become to corporate security and operational continuity. Now, it goes without saying that there is virtually no business that could remain competitive without the help of apps in the current market, as these pieces of mobile software have helped to drive efficiency and productivity on such a large scale.
However, the security threats that come along with these tools are significant, and it does not appear as though matters are getting any better as time goes on. According to the researchers, through 2015, roughly three-quarters of applications available to consumers and businesses will not meet the demands of some of the simplest security evaluations, meaning that they will represent some form of risk to the companies at which they are being used.
First, remember that the vast majority of organizations are already using third-party provided applications.
"Today, more than 90 percent of enterprises use third-party commercial applications for their mobile BYOD strategies, and this is where current major application security testing efforts should be applied," Gartner's principal research analyst Dionisio Zumerle affirmed. "App stores are filled with applications that mostly prove their advertised usefulness. Nevertheless, enterprises and individuals should not use them without paying attention to their security. They should download and use only those applications that have successfully passed security tests conducted by specialized application security testing vendors."
With this in mind, it should be relatively harrowing that so many companies are not taking precautions to defend themselves from these threats.
"Enterprises that embrace mobile computing and bring your own device (BYOD) strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance," Zumerle added. "Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security."
Getting it under control
Gartner noted that the biggest problem is a lack of proper configuration within the applications, which generally leads to vulnerabilities that can be used by hackers to break into systems, steal data and wreak general havoc on a given organization. One of the most important takeaways from this study, even looking past the realm of mobility, is that accuracy in management and oversight is so critically important to the overall protection of a given business.
In many ways, simple missteps like misconfiguration are some of the most consistent threats to data and system protection, yet this risk can be quickly mitigated when IT departments are supported and the company is taking more intelligent approaches to general management of all digital assets.
Decision-makers who do not feel entirely comfortable with handling the complexities of these challenges should consider leveraging the support of a proven email security, data center protection and other defense services provider.