There are more than 5 million apps available for download through Google Play and Apple App Store.

Chances are, whatever it is, there really is an app for that.

Mobile app development has become commonplace – morphing from a fringe offering to a key success factor for most businesses. And it’s no longer a feature that’s limited to large corporations. In fact, a 2018 report from Clutch, a B2B ratings and reviews firm, found that 42% of small businesses have a mobile app. Likely your neighborhood pizza joint, your local credit union, and even your dog groomer are all getting into the mobile app game.

With tons of mobile apps on the market gathering, processing, and storing all kinds of customer data – from location to email addresses to credit card numbers and bank accounts – the question becomes: how secure are these apps really?

According to the research, not very.

 

App Security by the Numbers

Data breaches caused by unprotected applications affected nearly 75% of companies in 2018, with the average cost reaching a whopping $3.86 million. And while an average of $34 million is spent annually on mobile app development, only 5.5% is allocated to mobile app security.

A majority of companies admit they don’t adequately invest in app security until after they’ve suffered significant loss, and nearly half said they don’t have visibility into their apps in the wild.” Arxan, 2018 Global Study on Application Security

Why the disconnect?

Is building a secure mobile app really that difficult?

It doesn’t have to be.

It just takes some development forethought and a strong knowledge of app security best practices. Unfortunately, most companies don’t have this kind of expertise on hand. In fact, only 41% of organizations say they have sufficient mobile application security expertise.

Perhaps that’s why app security is so often pushed up the stack. In fact, many applications are developed with few in-app security measures in place – instead relying on the cloud provider to provide security. In fact, around one-third of enterprise IT spending was on hosting and cloud last year…

“…Indicating a growing reliance on external sources of infrastructure, application, management, and security services”.  – ZDNet 

Don’t Outsource App Security

The best, most secure mobile apps are those built with app-layer security, in addition to the layers of security delivered by cloud providers. This means:

  • Understanding all the internal (e.g. company privacy policy) and external (e.g. GDPR) security needs
  • Conducting a security design review of the application before it goes into development
  • Containerizing to isolate the app and all of its dependencies from other workloads in the cloud environment
  • Using continuous development to test, find, and fix all bugs
  • Implementing app security best practices, like SSL/TLS, two-factor authentication, and strong PKI
  • Ongoing monitoring of app security to maintain integrity

If your organization is looking to build a new or modernize an existing mobile app, and you want to understand how to build in security from the very beginning, let’s connect. We’ll show you how our Inception process, acceleration frameworks and PKI expertise can help your organization develop secure, scalable apps and get them to market quickly.


 

James Shelby

CTO, multiple patent holder, & flip-phone collector.