Enterprise apps and security: An uneasy relationship

Now more than ever, enterprise apps are essential to getting work done. But securing these apps is a difficult process – and one that developers struggle with. 

According to Appthority, almost all iOS apps are noncompliant with the new standards Apple will institute in 2017. In fact, only 3% of the 200 apps the organization studied will comply with Apple’s App Transport Security (ATS), which will be mandatory for all new apps in the App Store as of Jan. 1, 2017.

Existing apps that don’t meet these standards won’t be removed from the App Store. But it shows just how far behind the curve many enterprise apps are when it comes to security.

Some of the key shortcomings were:

  • 55% of apps used HTTP instead of the more secure HTTPS
  • 83% had ATS disabled for all network connections, and
  • 26% had ATS disabled at a global level, with exceptions made for specific domains.

Pressure to meet security demands

Appthority isn’t alone in recognizing the security issues with applications. According to Veracode, developers are feeling pressure to both comply with security and meet launch dates frequently.

Two-thirds of devops managers (66%) reported that app security testing delays development and threatens deadlines in Veracode’s Secure Development Survey. And legacy app security processes and complexity added time-to-market according to 46% of devops managers.

And that could be a major reason why almost half (45%) of developers don’t always follow secure coding processes. It is notable, however, that 39% of devops managers said securing apps against data breaches and cyberattacks was their top priority – even more than meeting budget and delivery deadlines (23%).

Find a balance

Of course you expect apps to be convenient, on-time and on-budget. But with apps now acting as a main gateway to getting work done, the last thing you want to do is trade off security for convenience.

Make sure that any developers or vendors you deal with are making a secure app their priority. Those who are more concerned with getting a project out quickly could be introducing risks to your systems and data.