The Information Security Forum (ISF) has released Securing Mobile Apps: Embracing Mobile, Balancing Control. That’s a guide for those managing mobile apps and related devices. The paper describes the security challenges associated with acquiring, using and operating mobile apps, and suggests ways to manage those, while maintaining the business benefits.
Steve Durbin, Managing Director, ISF, said: “Mobile devices are always on, continuously network connected, and have an affinity for being lost or stolen – yet typically lack the security protection afforded to IT systems. Consequently, app security is tightly interlinked with mobile devices and the environment in which they operate.
“Locking down the mobile app environment may tempt individuals to side-step security controls to run their favorite, yet unapproved and insecure apps on unmanaged personal devices. However, both locking down the mobile environment or leaving it wide open can bring the same result: unapproved apps used for business. Securing Mobile Apps: Embracing Mobile, Balancing Control helps organizations find the right balance.”
As the paper says, mobile devices have become the consumer computing platform of choice, originating half of website traffic in 2017; consumers spent twice as much time on them as desktop computers or laptops. As more currency and valuable information flows through mobile apps, the motivation and capability of malicious entities is increasing, turning security challenges into business issues, according to the paper.
Hackers are hacking mobile apps. Hacking, including tampering, debugging or reverse engineering, may be performed without detection because organisations typically lack the capability to observe attacks against many of the apps in use, particularly those running on unmanaged devices. Failure to address the security challenges associated with apps may result in outages, exposure of sensitive information or unreliable services. However, these impacts can be managed or prevented by finding the right balance of control, enabling the effective exploitation of mobile apps.
