News Feature | October 9, 2014

Gartner Says Three Of Four Mobile Apps Will Fail Basic Security

Christine Kern

By Christine Kern, contributing writer

Collaboration To Improve Healthcare Via Technology Launched

Gartner, Inc. says, through 2015, more than three-quarters of mobile applications are not expected to pass basic security tests, leaving them exposed to attacks and violations of enterprise security policies. It doesn't help that more than 90 percent of enterprise bring-your-own-device programs use third-party apps, most of which are unsecure. And organizations don't have the expertise when it comes to handling security.

The problem, according to Gartner, is that enterprise employees download and use mobile apps that are capable of accessing enterprise assets or perform business functions, but that have little or no security assurances. That means these applications are vulnerable to attacks and violations of enterprise security policies.

"Enterprises that embrace mobile computing and bring-your-own-device (BYOD) strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance," Dionisio Zumerle, principal research analyst at Gartner said in the press release. "Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security."

In order to protect against risks, Gartner advises enterprises to conduct not only traditional SAST (static application security testing) and DAST (dynamic application security testing) testing, but also behavioral analysis, which can monitor a running application to detect malicious behavior. Gartner also advises testing the server layer.

Zumerle says, "App stores are filled with applications that mostly prove their advertised usefulness. Nevertheless, enterprises and individuals should not use them without paying attention to their security. They should download and use only those applications that have successfully passed security tests conducted by specialized application security testing vendors."

Gartner is predicting by 2017, endpoint breaches will shift to tablets and smartphones — and attacks to mobile devices are already three times as common as those to desktops. Recommendations include focusing on data protection and application containment solutions, such as application wrapping, software development kits, or hardening.