Securing Apps, Not Endpoints: A New Approach to Mobile Security presented at amphionforum 2012

by Mike Siegel,

Tags: Security

Summary : Smartphone endpoints are almost impossible to completely secure. Their is so large, and security solutions for them so scarce (and new) that most enterprise CSOs are at a loss to effectively them. That why many have given up on boiling the ocean and are refocusing their efforts on securing individual apps, instead.Unfortunately, most smartphone apps are developed without any security on-board at all. That makes most mobile apps unusable in an enterprise context, because companies cannot control the flow of sensitive company information into, out of and between mobile apps, the Internet, and their enterprise servers. Recently, however, technologies have emerged that can address the app security problem.
In this talk, we’ll review the problems of mobile security in detail, and discuss new offerings that promise the enterprise comprehensive app security with virtually unlimited and very fine-grained control over apps, in-line with todays complex organizational hierarchies and mobile app management requirements. Some of these solutions even be applied to an Android app after it is already completed, and does not require an app developer to incorporate any SDK code into their app, or change it in any way.The whole idea behind the capp security movement is to put the power back in ITs hands, allowing them to properly apply corporate security and control policies to enterprise apps before provisioning them to their users.