Keep out the 'bad' mobile apps to defend corporate data says Gartner

75 percent of mobile security breaches will down to bad apps in 2017

Although security breaches originating from mobile devices are rare, says analyst Gartner, they will continue to be mainly caused by mobile application misconfiguration.

The analyst firm says that by 2017, 75 percent of mobile security breaches will be down to bad apps.

"Mobile security breaches are, and will continue to be, the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices," said Gartner analyst Dionisio Zumerle.

"A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks that the organisation remains unaware of for the majority of devices," said Zumerle.

With the number of smartphones and tablets on the increase, and a decrease in traditional PC sales, attacks on mobile devices are maturing, Gartner said.

By 2017, Gartner predicts that the focus of endpoint breaches will shift to tablets and smartphones.

To do significant damage in the mobile world, Gartner says, malware needs to act on devices that have been altered at an administrative level.

"The most obvious platform compromises of this nature are 'jailbreaking' on iOS or 'rooting' on Android devices. They escalate the user's privileges on the device, effectively turning a user into an administrator," said Zumerle.

While these methods allow users to access certain device resources that are normally inaccessible, they can also put corporate data in danger.

This is because they remove app-specific security protection and the safe "sandbox" provided by the operating system. They can also allow malware to be downloaded to the device and open it up to all sorts of malicious actions, including extraction of enterprise data.

"Rooted" or "jail-broken" mobile devices also become prone to brute force attacks on pass codes.

The best defence, said Gartner, is to keep mobile devices fixed in a safe configuration by means of a mobile device management (MDM) policy, supplemented by app shielding and "containers" that protect important data.

Gartner recommends that IT security leaders follow an MDM/enterprise mobility management baseline for Android and Apple devices.

This involves asking users to opt in to basic enterprise policies, and be prepared to revoke access controls in the event of changes. Users that are not able to bring their devices into basic compliance must be denied or given extremely limited access.

Companies must also require that device pass codes include length and complexity as well as strict retry and time-out standards.

And firms should specify minimum and maximum versions of platforms and operating systems, disallowing models that cannot be updated or supported.

A "no jailbreaking/no rooting" rule should be enforced, and there should be restricted use of unapproved third-party app stores. Devices in violation should be disconnected from sources of business data, and potentially wiped, depending on policy choices.

Companies should also require signed apps and certificates for access to business email, virtual private networks, WiFi and shielded apps.

Gartner said IT security leaders needed to use network access control methods to deny enterprise connections for devices that exhibit potentially suspicious activity.

Join the CSO newsletter!

Error: Please check your email address.

Tags Mobile & WirelessGartnerapplicationssecuritysoftware

More about AppleGartner

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antony Savvas

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place