Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Enterprise app stores can reduce mobile security threat

For months it has been the talk of concerned CIOs, IT security administrators and analysts: How best to control the flood of mobile devices and applications accessing the corporate network while protecting confidential data and providing staff the flexibility of working how they want.

There's no such thing as a silver bullet when it comes to IT security. But there are options available for organizations grappling with managing the security of mobile apps and devices nowadays. One option that is increasingly gaining traction is the concept of the private enterprise app store.

As noted in a research2guidance report last October, the world's two leading marketplaces – the Apple App Store and the Google Android Market – are loaded with apps. However, over the course of 2011, 37 percent of Android apps and 24 percent of Apple apps were removed from their respective marketplaces for reasons ranging from poor quality to incompatibility with current mobile operating systems. And lest we forget, 2011 was hailed far and wide as the year mobile malware took center stage.

Also noteworthy, in its top 10 strategic technologies for 2012 recommendations, leading IT analyst firm Gartner suggested companies take a hard look at forging private app marketplaces, primarily because doing so would help “segment apps by risk and value.” Gartner further predicts that by 2014, 60 percent of corporate IT will deploy private app stores.

More recently, security vendor McAfee's "2012 Threat Predictions" report highlighted the escalation in mobile device threats and warned that cyber criminals would increasingly target mobile devices. To that end, Doug Cooke, director of sales engineering at McAfee Canada, said that over the course of 2012 the successful techniques that hackers used in the PC realm would become prevalent in the mobile world.

It's widely predicted that digital wallets will flourish in 2012 and that too makes smartphones a bigger target for hackers. Generally speaking, the expansion of mobile apps with security flaws only heightens that risk.

Dave Lewis, the founder of Liquidmatrix and a security practitioner of more than 15 years, who has worked for the likes of the FBI and the U.S. Department of Defense, notes that a lot of organizations lack a solid strategy for managing and securing mobile devices.

In Lewis' view, information security is the net below the trapeze artist. Mobile devices will be lost, and when that happens data can be compromised or, in the case of Android devices, mobile apps installed on a users' device could be unknowingly siphoning data from a corporate network.

Thus, setting up a mechanism to pre-test and pre-approve mobile apps before they're deployed on employee devices simply makes sense.

Another mobile trap enterprises need to avoid is the threat of an “app overload.” Yes, consumer app stores offer an astounding abundance of smartphone and tablet applications, but the last thing any IT department or CIO wants to contend with is an unmanaged app free-for-all that could prove detrimental to worker productivity or worse, to corporate security.

Charles King, president and principal analyst at Pund-IT, weighed in on the subject. Traditionally, we tend to think of business security risks coming from the outside. But if you take a close look at the statistics of security breaches that happen in businesses, the majority tends to happen from the inside, he said.

With companies embracing bring your own device (BYOD) – something King insists they must – comes a wider variety of devices and apps into the workplace. Hence, there's a confluence of people bringing in potential dangers from the outside that now presents a new class of security concerns that businesses haven't had to consider before.

From a security perspective, can a business risk trusting what Apple or Google is doing in their respective app marketplaces? That's a situation where King said an enterprise app store makes a great deal of sense.

Within the scope of the so-called "consumerization of IT," or BYOD, gone are the days of ignoring employees' mobile device preferences. True, mobile device management (MDM) is a key component to keeping reigns on devices, but without the mobile app management (MAM) aspect offered via an enterprise app store, your organization will be left struggling with the Wild West nature of consumer app stores.

And it's important for businesses to remember: The reason behind allowing employees to use whatever mobile device they desire is to keep them satisfied and productive.

Moreover, an enterprise app store isn't restricted to servicing smartphones and tablets. It can be a new way of distributing and managing apps across a variety of endpoints that cover laptops, netbooks and ultrabooks – whatever form factor mobile apps are downloaded onto.

Ignoring BYOD isn't an option for your organization. However, choosing the right solution to manage devices, data and apps, while providing your team with the flexibility they desire to be more productive, is well within your grasp.

Liam Lahey is an online community manager with mobile app management and marketplace solution provider Partnerpedia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.