How app dev puts business at risk — and what to do about it Posted on May 21, 2015 by Tim Burke In a recent survey, 43% of IT decision makers rated mobility — which is to say, mobile-friendly apps or sites — as the top business functionality or process that’s critical for applications. These days, the line between the web and mobility has blurred to the point of invisibility. Trouble is, successfully achieving secure mobile application development and web application development is hard for a significant majority of organizations. Source: Ponemon Institute, The State of Mobile Application Insecurity, 2015 Web and mobile app security: Fail The effects of this struggle are visible across the worlds of mobile application development and web application development: Last February, for instance, security firm McAfee (now owned by Intel) reported that mobile malware samples grew 14% during the fourth quarter of 2014. In particular, Potentially Unwanted Programs (PUPs), often posing as legitimate apps while performing unauthorized actions (including collection of user and system data), were detected on 91 million systems each day. Also, after a decline, in Q4 2014, the number of new ransomware samples grew 155%. McAfee Labs now detects 387 new samples of malware every minute. Understanding why The Ponemon Institute study referenced above cites six reasons that mobile application development and web application development churn out so many insecure apps: “Rush to release” produces vulnerable apps. Almost two-thirds of those surveyed say app security is sometimes sacrificed on the altar of customer demand or need. Too often, mobile apps get tested infrequently and/or too late. Testing tends to occur in development or post-development rather than in production. Plus, 55% of respondents say they don’t test apps at all or are unsure if apps are tested. It’s gonna get worse and there’s stalling. Some 61% of those queried say their organizations will need to address mobile app risks — but only 29% say they have ample resources for this. Spending on mobile app security lags. While annual mobile app development spending stands at $34 million, only 5.5% of that goes to mobile app security. Mobile app security policies are inadequate or nonexistent. Respondents say most employees are “heavy users of apps,” but 55% indicate their organization lacks policy defining acceptable use of mobile apps in the workplace. Organizations lack mobile app security expertise. Just 41% of respondents say they have it. Building secure apps Think of the list above as a to-don’t list — what not to do. You can produce the apps so essential to your competitive future without forsaking the security of your business. How? Get help from an experienced application development services provider with the resources and skillsets you need, starting with deep app security expertise; professionals comfortable with current mobile and web development technologies, languages, and platforms; and a global reach.