According to John Aisien there is a pressing need for better in-app security to avoid these types of snafus from an enterprise perspective. The matter has come about, according to Forbes, following the testing of leading apps by security researchers at Zimperium.
The researchers examined 30 “best deal” travel applications, the types of software that aim to provide deals and easy booking for lights, hotels, car rental and so on. The apps, available on Google Play and Apple, failed poorly to the extent that every single iOS app failed to receive a passing privacy or security grade. With the Android apps, 45 percent failed the privacy tests and all but one failed on security.
According to John Aisien, CEO of Blue Cedar travel apps have a fundamental flaw in their design philosophy. He states: “Focusing on device-level security as a means to protect corporate data doesn’t address the need to use corporate data on unmanaged devices.”
He further notes that: “This data usage scenario is growing significantly faster than use of data on corporate-managed mobile devices.” This is something that needs addressing, as Aisien finds: “If this use case is not addressed by IT departments, users will find ways to use corporate data on their devices outside of IT’s control, which becomes a huge business risk.”
A means to overcome the problem is through new security protocols. Here Aisien recommends that by “enabling the widespread adoption of app-level security controls on mobile is the way that organizations can ensure protection of corporate data wherever it is used.”
However, for this to work effectively a degree of automation is required as few IT department will have sufficient resources to address app-level security.
Here Aisien recommends: “Automating the integration of different mobile app security techniques into apps will ensure the robust protection of an enterprise’s data on mobile devices, regardless of the security state of other apps on the mobile device or whether the device is managed by the enterprise.”