Effectively Implementing App Protection

March 14, 2018 3899 Views Gabriel Torok

Development’s Journey to Effectively Implementing App Protection

Because data is created, accessed, and changed through applications, hardening and shielding your applications is a key component to protecting your data. Adding application protection to your secure software development lifecycle will make it more difficult for people and machines to exploit them. But, what are the factors to consider when thinking about application risk? Effective application risk management is a sustained, consistent practice and technology selection and implementation is a specialized discipline within that practice. The initial steps below offer a roadmap to selecting and implementing application hardening and shielding as a part of a broader application risk management program.

The full Infographic in pdf form is available here.

Does app have intellectual property?

Does app gate access to value?

Does app access private information?

Is the app subject to regulation?

Does app run in an untrusted environment?

Protect against IP theft

Mask vulnerabilities

Protect against data theft

Hinder tampering and fraud

Reduce piracy

Features

Services

Viability

Focus

Longevity and viability of company

Support offered

Reputation

Internal references

External references

Features

Support services

Ease of integration

Internal references

Validation against requirements

For additional steps, download the full Development Buyer Guide for Application Protection PDF.

Today, application hardening and layered security measures are recognized as a critical feature of overall IT compliance. In addition to feature, quality, and cost requirements, development organizations must additionally:

Implement preventative, detective, and responsive controls to manage evolving application risks,

Document proof of effective risk management meet future audit requirements,

Re-evaluate supply chain risk when selecting third party technologies and applications, and

Respond to market forces as user organizations incorporate their own risk management requirements into their selection and evaluation criteria.

Make sure you understand the threats and get familiar with applicable standards and regulations; and implement app development best practices to boost basic security for all your apps worth protecting.

Learn more about shielding mobile or IOT apps here.

And, learn more about shielding desktop or server applications here.

Is your Mobile App GDPR Compliant? Learn how to secure your App

Before I start, I would like to thank PreEmptive for inviting me to write a guest post.

I would like to start my blog with a discussion about the growing cyber threats all over the world. I assume readers are well aware of cyber threats and how they are addressed by people, process, and technology. The continuous planning and advancement of security in the cyber world including but not limited to applications is an interesting read. Here, in my blog, I would like to discuss how companies can support mobile application security for better and safer use of stored data.

On June 11, NIST released Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework. While a solid piece of work in its own right, this document is noteworthy because it stands as one more proof point - in an already long list of proof points, that development processes, the developers themselves, and the organizations they belong to, ALL share some degree of responsibility (liability) for:

Untrusted Environments, Valuable Apps? Put the Protection in the App.

IT environments are evolving. Disappearing are the days of in-house, fixed-endpoint, limited access server stacks — replaced instead by a combination of private and public cloud solutions, mobile applications and IoT devices.

As noted by research firm IDC, public cloud spending now outpaces all other IT infrastructure with a growth rate topping 10 percent year-over-year, while Statista reports that users downloaded more than 178 billion apps in 2017 alone — and are on track to break 250 billion over the next few years.

What does this mean for organizations? That application environments are quickly moving beyond the purview of in-house IT, exposing both apps and network services to steadily growing risk. It creates a paradox: Companies can’t deny the benefits of third-party environments and application partnerships, but also can’t ignore the threat of app and data compromise or reverse-engineering and tampering.

In a recent developer survey, Xamarin.Android developers were 50% less likely to have included rooted device detection or anti-tamper prevention as their Java Android peers were. Yet, both sets of apps are being deployed through the same marketplaces onto the same devices and are governed by the same regulations (PCI, GDPR, HIPAA to name just a few that expect these kinds of controls).

Why are more Xamarin.Android apps going unprotected?

I recently had the opportunity to sit down with Sebastian Holst, PreEmptive’s Chief Strategy Officer, to talk about his most recent trip to Capitol Hill where the topic of the day was copyright protection for small businesses – and for development shops in particular.

Effectively Implementing App Protection

Development’s Journey to Effectively Implementing App Protection

Is your Mobile App GDPR Compliant? Learn how to secure your App

Latest NIST publication reinforces Developer Obligations (and liability)

Put the Protection in the App

Untrusted Environments, Valuable Apps? Put the Protection in the App.

Are Xamarin.Android app users at risk?

Changes are coming for US Copyright – Should Developers Even Care?

Latest Blog Posts

Is your Mobile App GDPR Compliant? Learn how to secure your App

Latest NIST publication reinforces Developer Obligations (and liability)

Put the Protection in the App

Are Xamarin.Android app users at risk?

Changes are coming for US Copyright – Should Developers Even Care?

Twitter