Warning: Big threat for enterprise BYOD – focus on 3rd party apps.
75% of mobile apps are reported to fail basic security tests through 2015, warns Gartner.
Gartner principal research analyst Dionisio Zumerle said: "Enterprises that embrace mobile computing and bring your own device (BYOD) strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance.
"Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security."
Moving ahead, existing static application security testing (SAST) and dynamic application security testing (DAST) traders will change and amend these technologies to deal with mobile application cases as well as comply with mobile application security testing challenges.
In addition, behavioural analysis has now turned out to be an emerging test for mobile applications, which monitors a running app to spot malicious and/or risky behaviour in the background.
Zumerle said: "Today, more than 90 percent of enterprises use third-party commercial applications for their mobile BYOD strategies, and this is where current major application security testing efforts should be applied.
"App stores are filled with applications that mostly prove their advertised usefulness. Nevertheless, enterprises and individuals should not use them without paying attention to their security.
"They should download and use only those applications that have successfully passed security tests conducted by specialized application security testing vendors."
By 2017, endpoint breaches will transfer their target to tablets and smartphones, with the latest security features offered by mobile devices would not be adequate to bring down breaches, Gartner added.
Through 20147, mobile application misconfigurations would account for 75% of mobile security breaches, rather than the deeper technical attacks on mobile devices.