Excerpt page from:
Mobile Apps in the enterprise
Potentials and Pitfalls
 
 
9 April 2011 fiercemobileit.com April 2011 10  Security software vendors have long sounded the alarm over the security vulnerabilities presented by smartphones. Now, the perfect storm is brewing to make smartphones a significant threat to the enterprise. Smartphones have become mini-computers complete with significant storage capabilities. Employees are bringing the devices into the workplace and touching the enterprise server with requests. The mobile OS market has been fragmented in the past, making it difficult for attackers to target a large group of users, but two mobile platforms— namely Apple iOS and Android—are leading the market, with developers typically supporting both. According to ComScore, Android now holds a commanding 31 percent of the U.S. smartphone market share, making it the most popular smartphone OS in the country. “This is a wake-up call to the mobile industry. The number of devices out there in the past were not significant enough, so people ignored the issue,” said Peter Galvin, chief marketing officer with enterprise email security firm Proofpoint. “We’re going to see a lot more focus on securing mobile devices as they move into corporate IT. Enterprises need to be focused on making sure their environments are secure and meet compliance regulations.” Android is particularly problematic because Google has a hands-off approach when it comes to policing the app store —unlike Apple, which has strict policies for its App Store. Android apps are examined only after problems are discovered. To wit: In March, Google pulled nearly 50 malwareinfected, repackaged versions of legitimate Android apps from the Android Market. The malicious code stole mobile device information and provided unauthorized users root access to an infected device. According to Google, a total of 58 malicious apps were downloaded to 260,000 Android smartphones. Google remotely activated a kill switch which removed the tainted applications from the phones. Google has since vowed to tighten up security. Enterprises are well aware of the potential security pitfalls. Frost and Sullivan, in its “2011 Global Information Security Workforce Study,” cited mobile security as the second highest security concern for IT organizations. Application vulnerabilities was the top concern. A survey conducted by Kelton Research and commissioned by Sybase found that concerns over mobile app security had caused 75 percent of enterprises to delay launching mobile apps at one time or another. “Android is more of a concern,” said Mattias Tornyi, director of IT with brokerage firm Wedbush Securities. “The Android platform is much more open, and we don’t have any control over what a manufacturer might do to the operating system and how our software might interact with it.” Today, Wedbush allows its some 1,000 employees to bring their own devices to work, including Android devices. It uses mobile management platforms, including software from Good Technology that provides over-the-air device management, on-device encryption of data and remote wiping of data. The firm also uses the secure email solution from Proofpoint. that pain somewhat because developers can create apps with richer experiences across a multitude of devices, said Eugene Signorini, vice president with Yankee Group. Still, there is debate about whether web-based apps can match the functionality of native apps. James Harnedy, CEO of apps developer Appesque, said many enterprises at this point don’t have the skills to build apps for the Apple iPad, which is the device driving the uptake of mobile apps in the enterprise in the first place. “Most of the iPad work we have done is in the enterprise for internal sales force applications,” he said. “Field force and CRM systems are the ones paying off for enterprises.” For the do-it-yourself enterprises, a plethora of development tools and platforms are available for building apps. Apperian offers a cloud-based platform that gives enterprises an SDK and app template to build their own apps and distribute them to Apple iOSpowered devices and, in the near future, Android devices. MobiFlex and Red Foundry offer a self-service cloud-based portal for enterprises to create customized smartphone apps without any coding at a significantly lower price and time commitment than using codes. The tools also allow enterprises to take advantage of smartphone native apps such as GPS and cameras. “One of the big challenges we see is that there is plenty of talent to develop really great mobile apps, but the model is $25,000 to $50,000 and it can take you several months to do it,” said Jeff Hamilton, vice president of marketing with Red Foundry. Mobile middleware providers such as Sybase and Antenna Software are now getting into the apps game too, evolving their offerings from server-based solutions to Software-as-a-Service-based, hosted solutions that enable mobile app development by offering connections to all major ERP systems and databases along with pre-packaged vertical solutions, Weldon said. Benedict, also an SAP mentor volunteer, is an advocate of the Sybase Unwired Platform where enterprises can develop apps, plug and play pre-packaged apps, manage them, manage devices, and secure apps and devices. Sybase has been signing up a number of partners and is poised to roll out a number of pre-built apps this year that can be customized. Then there are the big wireless operators who are hungry for a piece of the mobile enterprise apps business and are including consulting and application management with app development, devices and voice and data plans. AT&T Mobility is working with Antenna software for its Mobile Enterprise Applications Platform (MEAP) and Sybase is powering Verizon Business’ Mobile Service Enablement Platform (MSEP). Weldon believes operators are in the position of helping enterprises mobilize apps of different kinds, including custom-developed and third-party apps. “Not only can they play a role as an aggregator of apps with the extra bonus of providing relevant management and security, but they can also help alleviate the enterprise headaches that come with having to contract separately with each application software vendor,” Weldon said. l There are the big wireless operators who are hungry for a piece of the mobile enterprise apps business and are including consulting and application management with app development, devices and voice and data plans. Mobile Apps Present Security Challenges for the Enterprise By Lynnette Luna continued from page 7 continued on page 11 | Mobile Apps in the enterprise: Potentials and Pitfalls Page 5 | Apperian
9 April 2011 fiercemobileit.com April 2011 10  Security software vendors have long sounded the alarm over the security vulnerabilities presented by smartphones. Now, the perfect storm is brewing to make smartphones a significant threat to the enterprise. Smartphones have become mini-computers complete with significant storage capabilities. Employees are bringing the devices into the workplace and touching the enterprise server with requests. The mobile OS market has been fragmented in the past, making it difficult for attackers to target a large group of users, but two mobile platforms— namely Apple iOS and Android—are leading the market, with developers typically supporting both. According to ComScore, Android now holds a commanding 31 percent of the U.S. smartphone market share, making it the most popular smartphone OS in the country. “This is a wake-up call to the mobile industry. The number of devices out there in the past were not significant enough, so people ignored the issue,” said Peter Galvin, chief marketing officer with enterprise email security firm Proofpoint. “We’re going to see a lot more focus on securing mobile devices as they move into corporate IT. Enterprises need to be focused on making sure their environments are secure and meet compliance regulations.” Android is particularly problematic because Google has a hands-off approach when it comes to policing the app store —unlike Apple, which has strict policies for its App Store. Android apps are examined only after problems are discovered. To wit: In March, Google pulled nearly 50 malwareinfected, repackaged versions of legitimate Android apps from the Android Market. The malicious code stole mobile device information and provided unauthorized users root access to an infected device. According to Google, a total of 58 malicious apps were downloaded to 260,000 Android smartphones. Google remotely activated a kill switch which removed the tainted applications from the phones. Google has since vowed to tighten up security. Enterprises are well aware of the potential security pitfalls. Frost and Sullivan, in its “2011 Global Information Security Workforce Study,” cited mobile security as the second highest security concern for IT organizations. Application vulnerabilities was the top concern. A survey conducted by Kelton Research and commissioned by Sybase found that concerns over mobile app security had caused 75 percent of enterprises to delay launching mobile apps at one time or another. “Android is more of a concern,” said Mattias Tornyi, director of IT with brokerage firm Wedbush Securities. “The Android platform is much more open, and we don’t have any control over what a manufacturer might do to the operating system and how our software might interact with it.” Today, Wedbush allows its some 1,000 employees to bring their own devices to work, including Android devices. It uses mobile management platforms, including software from Good Technology that provides over-the-air device management, on-device encryption of data and remote wiping of data. The firm also uses the secure email solution from Proofpoint. that pain somewhat because developers can create apps with richer experiences across a multitude of devices, said Eugene Signorini, vice president with Yankee Group. Still, there is debate about whether web-based apps can match the functionality of native apps. James Harnedy, CEO of apps developer Appesque, said many enterprises at this point don’t have the skills to build apps for the Apple iPad, which is the device driving the uptake of mobile apps in the enterprise in the first place. “Most of the iPad work we have done is in the enterprise for internal sales force applications,” he said. “Field force and CRM systems are the ones paying off for enterprises.” For the do-it-yourself enterprises, a plethora of development tools and platforms are available for building apps. Apperian offers a cloud-based platform that gives enterprises an SDK and app template to build their own apps and distribute them to Apple iOSpowered devices and, in the near future, Android devices. MobiFlex and Red Foundry offer a self-service cloud-based portal for enterprises to create customized smartphone apps without any coding at a significantly lower price and time commitment than using codes. The tools also allow enterprises to take advantage of smartphone native apps such as GPS and cameras. “One of the big challenges we see is that there is plenty of talent to develop really great mobile apps, but the model is $25,000 to $50,000 and it can take you several months to do it,” said Jeff Hamilton, vice president of marketing with Red Foundry. Mobile middleware providers such as Sybase and Antenna Software are now getting into the apps game too, evolving their offerings from server-based solutions to Software-as-a-Service-based, hosted solutions that enable mobile app development by offering connections to all major ERP systems and databases along with pre-packaged vertical solutions, Weldon said. Benedict, also an SAP mentor volunteer, is an advocate of the Sybase Unwired Platform where enterprises can develop apps, plug and play pre-packaged apps, manage them, manage devices, and secure apps and devices. Sybase has been signing up a number of partners and is poised to roll out a number of pre-built apps this year that can be customized. Then there are the big wireless operators who are hungry for a piece of the mobile enterprise apps business and are including consulting and application management with app development, devices and voice and data plans. AT&T Mobility is working with Antenna software for its Mobile Enterprise Applications Platform (MEAP) and Sybase is powering Verizon Business’ Mobile Service Enablement Platform (MSEP). Weldon believes operators are in the position of helping enterprises mobilize apps of different kinds, including custom-developed and third-party apps. “Not only can they play a role as an aggregator of apps with the extra bonus of providing relevant management and security, but they can also help alleviate the enterprise headaches that come with having to contract separately with each application software vendor,” Weldon said. l There are the big wireless operators who are hungry for a piece of the mobile enterprise apps business and are including consulting and application management with app development, devices and voice and data plans. Mobile Apps Present Security Challenges for the Enterprise By Lynnette Luna continued from page 7 continued on page 11