For too long, IT and security professionals have relied on closed ecosystems of managed devices to implement security that may be hard to penetrate from the outside but once in had little to no real protection. But ecosystems are no longer protected by a hard shell: they’re open, highly distributed and alarmingly susceptible to attack. We don’t control the devices—too many of them are BYOD. We don’t control the mobile operating systems—we can’t get low enough to defend the OS level from threats. What we can do is get security controls and risk mitigation technologies as close to the data and access as possible. This goal is the logical one we’ve been working toward for many years with database security, desktop security and web apps security.
In this new mobile world, our best chance is to protect applications, and we have a real duty—a real responsibility—to manage them, secure them and use them to safeguard the data that end users consume and produce. The application is an endpoint that enterprises can manage, much as we manage APIs and other endpoints. We can put security frameworks into our apps to defend against threats. We can enforce secure coding. We can utilize mobile app management products to enforce policies or to remove offending apps.
Realizing that mobile apps are our new endpoints forces us into a more mature strategy for data protection. Forward-leaning companies are embracing this challenge as a new opportunity to ensure that no matter where an application goes, no matter what mobile operating system or device its users employ, data and users are protected—as is access to the things that matter.