IBM has announced security software that helps enterprises proactively reduce the security risk to iOS enterprise apps.
With the new software, users will be able to build security testing into the initial design of mobile apps so that vulnerabilities can be detected early in the development process, before being deployed to customers or employees. IBM’s new AppScan release further expands the company’s MobileFirst portfolio, which marries deep expertise with a set of mobile software and cloud-based services.
“This new capability showcases IBM’s execution in our strategy to help clients incorporate security into their infrastructure and solutions from the design, development and testing phases rather than leaving security to become an afterthought,” said Caleb Barlow, director of application, data and mobile security at IBM, in a statement. “It also aligns with the IBM MobileFirst strategy by empowering organizations with confidence to aggressively evolve and seize the business potential that mobility promises.”
According to Gartner, more than 45.6 billion mobile apps were downloaded in 2012. As the rate of app use on mobile devices increases, securing smartphones and other endpoint devices is a top priority for organizations and chief information security officers. With the proliferation of BYOD strategies and consumer and enterprise mobile apps, organizations cannot easily control or restrict the apps installed on user devices, so they must test how apps send and save data. IBM’s new security software can automatically identify where data enters and leaves a mobile app, helping to prevent mobile data leakage.
In addition, the pace of mobile application releases and updates can be overwhelming for organizations trying to maintain strict security guidelines and policies. IBM AppScan Source 8.7 for iOS provides the ability to improve security quality without sacrificing time-to-market of mobile app projects. This allows organizations to better protect each mobile app release in the face of constant updates. IBM previously announced AppScan for apps running on the Android platform.
AppScan Source 8.7 for iOS includes complete language support for Objective-C, JavaScript and Java. And it features the ability to do call and data flow analysis that will generate trace information. This new capability enables organizations to build secure enterprise mobile apps, regardless of technology choice, for employees and partners. It also supports Internet Protocol version 6 (IPv6) and the use of a Federal Information Processing Standard (FIPS) 140-2 validated cryptographic module.
Moreover, IBM Security Research conducted a comprehensive analysis on the iOS Software Development Kit (SDK) to include coverage of APIs that might introduce security risks. The API profiles have been added to the IBM AppScan Source Security Knowledgebase and tied to the analysis engine. Combined with the research conducted on the Android SDK, IBM AppScan Source has researched and characterized the security risk of approximately 40,000 mobile APIs, IBM officials said.
“AppScan for Mobile provides developers with an unmatched view into where vulnerabilities appear in their mobile apps due its deep cognizance of platform APIs,” Vijay Dheap, a master inventor and mobile security strategist at IBM, told eWEEK. “Each time a vulnerability assessment is run, the developer can gain better understanding of the security implications of API use and therefore improve the security quality of each subsequent mobile development project. With its emphasis on the quality of its vulnerability assessment of iOS and Android apps, AppScan for Mobile enables development teams to reduce the number of false positives allowing developers to quickly zero in on vulnerabilities that need to be remediated without onerous effort that will impact tight development schedules.”
KiwiTech, a mobile technology firm headquartered in Washington D.C., with offices in New York and New Delhi, has developed more than 750 apps that have generated more than 3 million downloads on iOS and Android. With more than 200 mobile development and related professionals focused on app development, including security is a top priority for the organization.
“Over the last four years, KiwiTech has developed hundreds of iOS and Android mobile apps for organizations around the world,” Rakesh Gupta, CEO of KiwiTech, in a statement. “As the risk from mobile malware and data leakage grows, our customers are looking for ways to secure their iOS and Android apps and protect corporate data.”
AppScan will allow KiwiTech to secure mobile apps and automate security testing so that customers can keep up with constant updates, he said.
In addition, AppScan Source 8.7 for iOS can help reduce the cost of developing secure apps by building security analysis early into the development cycle. It provides developers with a view into where vulnerabilities appear in their mobile apps, which improves security quality without sacrificing time to market of mobile app projects, IBM said.