Bring your own device has become one of the most significant trends in IT in recent years, and it is only expected to grow as mobile devices become more sophisticated. Yet as more smartphones and tablets are introduced into the enterprise, security is a major concern, and recent mobile software flaws have some people worried. If Android and iOS contain underlying development errors, then BYOD programs are of particular risk.
Recent issues such as an Android encryption error that led to vulnerabilities in Bitcoin wallet apps and a discovery by Georgia Tech researchers of a way to get a self-assembling piece of malware into Apple’s App Store underscore some of the threats faulty software can pose to mobile devices, Mobile Helix CEO Seth Hallem wrote in a recent column for Help Net Security. Citing his experience with source code analysis, Hallem explained that flawed code is more or less inevitable, particularly as software becomes more complex.
While IT is adept at responding to vulnerabilities in the enterprise, managing updates when end user devices are involved becomes more complicated, he added. IT needs to develop a plan for handling vulnerabilities when they don’t control the devices, which generally requires a centrally managed, device-independent solution such as a separate software container for managing cryptography.
Protecting devices from buggy code
The knowledge that protection against vulnerabilities is limited in a BYOD environment may be a critical decision criterion for many organizations. In particular, the healthcare sector, in which BYOD is popular, should pay close attention to any threats that might expose sensitive patient data, HealthITSecurity’s Patrick Ouellette wrote in a recent article.
“Keeping patient data safe and secure should be the primary goal, and knowing that mobile OSes are, by nature, prone to flaws and security gaps should be taken into account when forming BYOD policies and procedures,” he explained.
The flip side is that mobile developers – both those working on OS architecture or firmware and individual application developers – need to be aware that software quality is likely to be a point of concern for any organization, healthcare or otherwise, considering a BYOD policy. Implementing a secure development lifecycle that incorporates static analysis and other code review techniques is essential for building mobile software that is as flawless as possible. By implementing code that organizations can trust, developers can ensure the BYOD market continues to be a source of growth for their applications rather than a venue for skepticism.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.