STAMFORD, Conn. (9/22/14)--By 2015 more than 75% of mobile applications will fail basic security tests, placing a security risk not only on personal but business data, according to new data from Gartner Inc.
Employees download from app stores and use mobile applications that can access enterprise assets or perform business functions, and these applications have little or no security assurances, Gartner said. These applications are exposed to attacks and violations of organizational security policies.
"Enterprises that embrace mobile computing and bring your own device (BYOD) strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance," said Dionisio Zumerle, Gartner principal research analyst. "Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security."
Mobile testing is a relatively new area of security, Gartner said. Gartner predicts that by 2017, the focus of endpoint breaches will shift to tablets and smartphones--already, there are three attacks on mobile devices for every attack on a desktop. But the security features that mobile devices offer today will not suffice to keep breaches to a minimum.
Gartner predicts that by 2017, 75% of mobile security breaches will be the result of mobile application misconfigurations, rather than the outcome of deeply technical attacks on mobile devices. A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks of which the organization remains unaware.