The Ponemon Institute and IBM have jointly released a report which they said displays “the alarming state” of mobile insecurity.
According to the research, 40 percent of large companies – including many in the Fortune 500 – aren’t protecting the mobile apps they build.
And they’re not good against protecting their BYOD (bring your own device) gizmos against cyber attack. That leaves the gates to their corporate treasure chest effectively open.
The survey looked at security practices in over 400 large enterprises and claims that the average company doesn’t test half of the mobile apps they build. And what’s even worse is that 50 percent of these enterprises don’t devote any budget whatever towards mobile security.
IBM and the Ponemon Institute estimate that malicious code infests and infects over 11.6 million mobile devices.
The organisations surveyed spend an average of $34 million a year on mobile app development, with only 5.5 percent spending part of the budget on security.
“End user convenience is trumping end user security and privacy,” IBM said.
Major CRM company Salesforce said it has introduced a version of Salesforce1 called Lightning, intended to help customers build mobile apps.
According to the company, developers and users can create purpose built apps for screens of every type of shape and size, including tablets, laptops, smartphones and wearables.
Lightning has a new interface and Salesforce claims is optimised for any device.
Salesforce dubs this tehnique as Platform as a Service (PaaS). People can use pre-built components such as feed, list chart, search navigation or build their own Lightning Components.
The Lightning Process Builder lets people create enterprise workflows and visually automate complex operations including follow up emails, vendor porcurement and order fulfilment.
Lightning Framewrk and Schema Builder are now generally available, while Lightning Components is in beta test and likely to appear in February 2015, along with other elements of the product.
A Gartner report claimed that 75 percent of mobile applications fail the most basic security tests.
That poses threats for corporations, it said. Enterprise employees download apps and also use mobile apps to access business networks. Such apps can violate enterprise policies and expose enterprises to threats.
Dionisio Zumerle, a principal analyst at Gartner said: “Enterprises that embrace mobile computing and bring your own device (BYOD) strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security.”
He claimed that vendors supplying static and dynamic application testing can prevent problems on the enterprise. And a new test, called behavioural analysis, is emerging for mobile apps.
He added: “Today, more than 90 percent of enterprises use third-party commercial applications for their mobile BYOD strategies, and this is where current major application security testing efforts should be applied,” said Mr Zumerle. “App stores are filled with applications that mostly prove their advertised usefulness. Nevertheless, enterprises and individuals should not use them without paying attention to their security. They should download and use only those applications that have successfully passed security tests conducted by specialized application security testing vendors.”
Often the biggest problem is misconfiguring devices, so for example by misusing personal cloud service through apps on smartphones and tablets.
An app that lets you connect Android tablets and Apple iPads to business applications and networks is being introduced by Citrix.
ShareConnect lets people access and edit files using native desktop applications on business networks.And it can use business applications that require resource intensive functions running on an enterprise network.
Desktop applications, said Citrix, are optimised for tablets and open in full screen mode. And you can use tablet functions such as swiping, pinching and zoom and can edit Microsoft Word files and the like.
The company said that ShareConnect also comes with 1GB of cloud storage from its ShareFile service.
The software is available for freedownload in Apple’s App Store and in Google’s Play store.
Jesse Lipson, a VP at Citrix said: “Not all data is stored in the cloud and many desktop apps are not fully functional through mobile apps. With ShareConnect, users can access and edit files, use industry specific desktop apps, and even use their business neworks.”