Recently I joined my colleagues Will Hickie and Andrew Hoyt with Security Boulevard for a webinar on Automating App Security with AI: How to Secure a Million Lines of Code in Five Minutes!
We had a great talk about machine learning and automation, and why these really are the tools for our times when it comes to protecting mobile apps. During the webinar, we asked the audience an important question…
How would your company tell if one of its mobile apps had been hacked?
Just 23% of the people who responded were confident that their company had the tools in place to notice a breach – and I’m not surprised. In many cases, app developers have no way of knowing if users’ data is being stolen from their app unless users start to complain or unless a breach becomes a news story.
Unfortunately, by the time a company has experienced a hack, the damage is done. A better approach is to prevent an app from being the target of an attack in the first place.
Don’t MDMs solve the problem? Not entirely…
We had a lot of great questions from the audience during the webinar, and one of the attendees asked, doesn’t a Mobile Device Management (MDM) solution effectively solve this problem? Doesn’t MDM solutions prevent attacks on apps?
To answer that question, it’s important to step back and think about the threats that MDMs are designed to meet.
Traditionally MDMs are tools that IT departments use to manage the security profile of devices that connect to their networks, primarily to protect corporate data from exfiltration. MDMs can provide a secure container in which authorized apps use and share corporate data without the risk of exposing company secrets to malicious actors.
The threat MDMs are concerned with is an unauthorized person or app getting access to the company assets.
But if an MDM is set up to protect corporate data, it doesn’t necessarily mean that it will protect an app’s data or an app’s logic. It’s up to the app developer to protect the app itself. And recently we’ve seen that MDM solutions can raise a threat in and of themselves. Earlier this year we saw an MDM server attacked to widely distribute malware As my colleague Andrew pointed out, where MDMs fail is where application security becomes the second line of defense.
MDMs are important, but protecting apps is important too!
MDM solutions clearly are important, but much like network security is often a layering of solutions, from VPNs to network scanners to anti-malware software, good mobile security requires a layering of techniques as well. Application security has a special role in protecting app developers and app revenue and if you can find a solution that does that automatically, there’s no excuse not to add that layer too.
Click here to get in touch with Irdeto’s Trusted Software team to learn more!