ICSA Labs Offers Five Tips for Keeping Enterprises Safe From Mobile App Threats

Full Transparency

Our editorial transparency tool uses blockchain technology to permanently log all changes made to official releases after publication. However, this post is not an official release and therefore not tracked. Visit our learn more for more information.

Learn more

We're committed to building trust.

Going forward more of our content will be permanently logged via blockchain technology—enabling us to provide greater transparency with authoritative verification on all changes made to official releases.

Learn more
ICSA Labs logo

MECHANICSBURG, Pa. – As the number of mobile devices continues to grow and companies develop unique apps to engage with employees and customers, security remains a major concern for IT departments.

While research from the “Verizon 2013 Data Breach Investigations Report” shows data breaches involving mobile devices are uncommon today, experts agree these security threats will become more prevalent in the near future. 

According to Jack Walsh, mobility program manager, ICSA Labs: “With more mobile payment systems coming online, and as more devices connect to the cloud, we will begin to see an uptick in security threats to mobile devices. Add to this the bring- your-own-device and bring-your-own-app trends, and it’s easy to understand that mobile devices will be the next frontier for hackers. By layering on additional security proactively, enterprises will be in much better position to protect their assets.”

To help enterprises stay ahead of the curve, ICSA Labs offers these five tips: 

  1. Dynamic analysis is a must. If deploying security tested mobile applications is required by your company’s IT organization, consider mobile applications that have undergone dynamic analysis. This involves testing a mobile application while it is running in a live environment including all the appropriate back-end systems with which the app normally communicates.
  2. Conduct due diligence when selecting a mobile application developer. Make sure the mobile app developer is legitimate, trustworthy and has a history of quality app development. Another good due diligence step is to ask app developers if they have their own testing and certification practices.
  3. Build an enterprise app store. If, as an enterprise, restricting certain mobile apps seems like a futile effort, build your own enterprise app store. The store should only include independently tested and approved mobile applications. Also, build and share a list of mobile apps from the enterprise app store, as well as other apps deemed secure. This can help prevent employees from downloading apps from other, possibly rogue locations.
  4. Develop and share broadly your mobile device policy with employees. They need to know and understand the ground rules for bringing their own devices into the work environment, and know if this practice is forbidden. Be sure to develop and clearly communicate your policies. Nothing wreaks as much havoc on an organization as ill-informed employees.
  5. Don’t fight a losing battle. Research and implement the right mobile device management solution that adequately supports the bring-your-own-device policy, so you are not swimming upstream. Enterprises should be in the driver’s seat when it comes to managing the mobile device environment. It is far easier to get ahead of the curve and then to make corrections after the fact.

Earlier this year, ICSA Labs launched its Mobile App Testing program to test the security and privacy of mobile applications. Enterprises can learn more here: https://www.icsalabs.com/technology-program/mobile-app-testing.

About ICSA Labs
ICSA Labs, an independent division of Verizon, offers third-party testing and certification of security and health IT products, as well as network-connected devices, to measure product compliance, reliability and performance for many of the world’s top security vendors. ICSA Labs is an ISO/IEC 17025:2005 accredited and 9001:2008 registered organization. Visit http://www.icsalabs.com and http://www.icsalabs.com/blogs for more information.

####

Related Articles

Cloud security
10.15.2013
Verizon Enterprise Solutions is expanding availability of its next-generation, cloud-based identity platform – Verizon Universal Identity Services – to Europe.
Internet server
11.19.2013
To address an emerging technology risk, Verizon has launched Managed Certificate Services, a cloud-based platform.