Today Veracode, a leader in protecting enterprises from today’s pervasive web and mobile application threats, released data and analytics they have developed which highlight some shocking number around application security in the enterprise despite the use of Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) solutions. The growth of enterprise mobility and the continued implementation of Bring Your Own Device (BYOD) programs have led to a huge number of devices in any given enterprise. The number of application residing on those devices is 10 fold (a conservative estimation we are sure). Of the thousands of applications floating around any given enterprise it is safe to assume a few unprotected or unsecure applications have slipped through the cracks right? Well the data Veracode released today shows that number being much more than a few.
Based on mobile applications that Veracode assessed their data shows that the “average global enterprise has approximately 2,400 unsafe applications installed in its mobile environment.” In total, Veracode’s analysis found 14,000 unsafe applications active and accessing sensitive corporate and personal information. Those 14,000 applications can lead to any number of breaches that can have negative impacts on both the employee and the enterprise. Phone location, call history, phone contacts, SMS logs and Device IDs can all be accesses through corrupted applications. Anti-malware can be disabled, firmware can be replaced credentials and passwords can be accesses as well as browser history and calendars. Of those 14,000 unsafe applications what were they most vulnerable to?
- 85 percent expose sensitive device data
- 37 percent perform suspicious security actions
- 35 percent retrieve or share personal information
Despite the use of MDM or EMM solutions the sheer number of applications deployed within enterprises can make it very difficult to monitor and secure every point of entry. Veracode writes that “Existing approaches for addressing unsafe mobile apps, such as manually-curated blacklists, are difficult to scale…As a result, they either fail to keep up with mobile threats or frustrate employees by prohibiting apps for no reason.” Veracode’s answer to this was to integrate their mobile application reputation service with major MDM and EMM provider such as AirWatch by VMware, MobileIron and Fiberlink an IBM company to automate that blacklisting process.
Veracode’s release states that, “Veracode’s integration with MDM solutions reduces enterprise risk by enabling organizations to automatically enforce corporate policies on all their managed devices. In particular, the integration allows organizations to implement policy-based controls such as automated application blacklisting. Veracode’s application reputation intelligence is continuously-updated and based on risk profiles from hundreds of thousands of mobile applications assessed using Veracode’s behavioral analysis and machine-learning technology.”
Click here to read to full release and for more information on the number of unsafe applications entering today’s enterprises.