Ensuring mobile apps are safe for the enterprise
We reported last week on how misconfigured apps are likely to account for many security breaches. This is a particular problem for companies that allow BYOD as it may put corporate data at risk.
Cloud-based mobile security specialist Mojave Networks has a solution in the form of a new application reputation feature to provide enterprises with detailed insight into the applications that are being run on employee mobile devices.
"The 'bring your own device' (BYOD) trend is transitioning to 'bring your own applications' (BYOA) as users download more and more apps to share data, increase productivity and stay connected," says Garrett Larsson, CEO and co-founder of Mojave Networks. "If any application running on a mobile device connected to the network is insecure, it can put highly sensitive corporate data at risk. Our new application reputation feature can help enterprises improve their mobile security posture by eliminating the risk of insecure applications".
Mojave's new feature includes integration with device management and network security; tracking of applications by platform, user and device; categorization of apps based on level of risk, and customizable analytics.
According to data collected by Mojave Threat Labs, a typical mobile device has about 200 apps, including pre-installed and user downloaded applications. Each one has an average of nine permissions that users must agree to before use, and five of those permissions are considered moderate to high risk as they allow the app to gain access to documents, logins, passwords and other sensitive data, which potentially pose a major security risk to an organization's private data.
"On the surface, an application may seem safe, but there are always hidden risks," says Ryan Smith, Mojave's Lead Threat Engineer. "Approximately 50 percent of applications fall into our category of medium risk, meaning that they have the ability to access large amounts of sensitive data, and while they may not be obviously malicious, they still have a potential risk of data loss or compromise. With the detailed data we collect about each application in the Mojave Threat Labs, we are able to properly identify and reduce the risk of malicious attacks and data theft".
The application reputation feature is available from today as part of Mojave's professional and enterprise services. Mojave Networks currently supports Android and iOS and there's a free trial period available via the company's website.