DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Leadership Suite
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Blogs » DevOps Practice » Why Mobile App Security is Like a Rubik’s Cube

Mobile App Security

Why Mobile App Security is Like a Rubik’s Cube

By: Nikfar Khaleeli on October 17, 2019 Leave a Comment

Now more than ever, mobile applications are driving modern business, and developing and launching them are top priorities for companies across industries.

Related Posts
  • Why Mobile App Security is Like a Rubik’s Cube
  • Role of DevOps in Mobile App Development
  • Testing Mobile Apps? Consider a Mobile Device Cloud
    Related Categories
  • Blogs
  • DevOps Practice
  • DevSecOps
  • Enterprise DevOps
    Related Topics
  • mobile app security
  • mobile applications
  • no-code security
Show more
Show less

As of 2018, more than 194 billion applications had been downloaded from app stores, according to Credence Research. The global mobile app market was valued at $109.67 billion in 2018 and, at the time of the report, was set to see a 15.60% compound annual growth rate during the forecast period (2019-2027), according to the firm.

DevOps Connect:DevSecOps @ RSAC 2022

Although only a small fraction of mobile applications will be used in the enterprise, the tidal wave of mobile apps off-the-shelf, corporate-developed and sponsored creates substantial new challenges. For DevOps teams, it means they must make their internal processes more agile and efficient. That’s a good thing. But it also means they face a critical step securing those apps, which can add weeks to development times and cycles.

One problem is mobile apps run outside of the confines of corporate networks and can access services across the public internet. This makes mobile applications a huge security vulnerability point–especially if they aren’t architected properly and configured with proper security and access controls.

A report by WhiteHat Security offers a stark reminder that mobile apps are riddled with security flaws, many of which go unremedied. Based on 17 million application security scans carried out in 2018, the firm found a 20% increase in vulnerabilities in the applications organizations tested for security flaws. Complicating matters, most enterprises face the risks presented by the use of personal mobile devices by their employees.

It is not uncommon for enterprise users to have 15 to more than 80 enterprise applications on their devices. Enterprise must have control over the app and the data in the app before permitting widespread deployment.

“That simply visiting a website can lead to your iPhone being hacked silently by some unknown party is worrying enough,” said Thomas Brewster, a cybersecurity reporter for Forbes, in reference to a recent, successful hack of an iPhone. “But given that, according to Google researchers, it’s possible for the hackers to access encrypted messages on WhatsApp, iMessage, Telegram and others, the attacks undermine the security promised by those apps.”

Challenges of Securing Mobile Apps

Why is app security such a challenge? For one thing, securing apps before release doesn’t happen just once; every time an app or OS is updated, whether pre- or post-release, it must be secured again.

Today, it takes an average of five weeks to secure a mobile app before launch.

What’s more, when third-party libraries used by the app are updated, the app must be secured again. DevOps teams need to ask themselves: “How much of the time during which this app is in production will it be vulnerable to a security breach?”

But integrating security into mobile apps gets even more complex. Here’s why: Integrating app security by manual coding is hugely time-consuming and error-prone, given that implementing cybersecurity isn’t everyone’s cup of tea. For example, a developer may not implement the data security APIs everywhere in the app, resulting in some data being written unprotected.

And another factor tangential to security–device adoption–enters the picture. Employees expect corporate-authorized and distributed mobile apps to provide the same user friendliness as any consumer app they are accustomed to. If an app is not easy to use they will shun it, and enterprises won’t derive the business and process benefits they expect from mobility. Enterprises that attempt to secure their mobile apps may resort to forcing employees to use a managed, corporate-supplied device in order to use the app, or introduce a cumbersome VPN/login experience that will allow employees to access key data on remote servers from within the app.

In short, such security practices, while they may secure data, make the mobile app inconvenient, cumbersome and difficult to adopt and use.

What Can Be Done?

Today, many of enterprises’ mobile security protocols and practices are rooted in manual methods, and DevOps and security teams struggle to place security-hardened devices and apps in production. But two practices remove virtually 100% of the issues that plague enterprise teams today.

  1. No-Code Security Integration: A no-code security integration solution can embed military-grade data encryption into apps and deliver the enterprise-level security controls that organizations need to ensure that corporate data is always safe, even when the device isn’t under enterprise controls.
  2. Securing the App, Not the Device: Securing mobile apps–not the endpoint devices or device-resident containers they run in–decomplicates security while significantly reducing security risks. This practice enables developers to automatically embed the security controls into the organization’s apps, and it enables employees to use those apps without having to deal with device security restrictions.

What’s more, when an app or the OS behind it changes, it’s a trivial matter to re-secure the app.

Smart users of mobile devices take precautions to safeguard their data from hackers. While that’s a prudent move, the real job starts with the DevOps and security folks to solve the security-integration Rubik’s Cube once and for all.

— Nikfar Khaleeli

Filed Under: Blogs, DevOps Practice, DevSecOps, Enterprise DevOps Tagged With: mobile app security, mobile applications, no-code security

Sponsored Content
Featured eBook
The 101 of Continuous Software Delivery

The 101 of Continuous Software Delivery

Now, more than ever, companies who rapidly react to changing market conditions and customer behavior will have a competitive edge.  Innovation-driven response is successful not only when a company has new ideas, but also when the software needed to implement them is delivered quickly. Companies who have weathered recent events ... Read More
« Automation Anywhere Brings Bot Development to the Cloud
Building Hybrid and Multi-Cloud Architectures for Analytics and AI »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Continuous Deployment
Monday, July 11, 2022 - 1:00 pm EDT
Using External Tables to Store and Query Data on MinIO With SQL Server 2022
Tuesday, July 12, 2022 - 11:00 am EDT
Goldilocks and the 3 Levels of Cardinality: Getting it Just Right
Tuesday, July 12, 2022 - 1:00 pm EDT

Latest from DevOps.com

Rust in Linux 5.20 | Deepfake Hiring Fraud | IBM WFH ‘New Normal’
June 30, 2022 | Richi Jennings
Moving From Lift-and-Shift to Cloud-Native
June 30, 2022 | Alexander Gallagher
The Two Types of Code Vulnerabilities
June 30, 2022 | Casey Bisson
Common RDS Misconfigurations DevSecOps Teams Should Know
June 29, 2022 | Gad Rosenthal
Quick! Define DevSecOps: Let’s Call it Development Security
June 29, 2022 | Don Macvittie

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

The State of Open Source Vulnerabilities 2020
The State of Open Source Vulnerabilities 2020

Most Read on DevOps.com

Rust in Linux 5.20 | Deepfake Hiring Fraud | IBM WFH ‘New No...
June 30, 2022 | Richi Jennings
Chip-to-Cloud IoT: A Step Toward Web3
June 28, 2022 | Nahla Davies
The Two Types of Code Vulnerabilities
June 30, 2022 | Casey Bisson
Common RDS Misconfigurations DevSecOps Teams Should Know
June 29, 2022 | Gad Rosenthal
Quick! Define DevSecOps: Let’s Call it Development Security
June 29, 2022 | Don Macvittie

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.