MAM tool integrates security into software code
Businesses have had to deal with an increasingly mobile workforce in recent years and this has created both operational and security challenges. While companies have had to answer the question of how best to support employees equipped with mobile devices and which platforms to equip them with, IT staff have had to deal with the issue of protecting corporate data as it resides on a larger number of endpoints.
Mobile device and application management tools have become a central part of protecting corporate data, particularly in bring-your-own-device environments. These approaches have returned some control to IT managers, but are largely focused on securing the digital ecosystem the programs reside in. In an interview with Jack Madden, author of VDI Delusion, Metaforic CEO Dan Stickel explained that some gaps still need to be filled in the mobile application management space. The company's solution leverages encryption to insert "antibodies" into mobile software.
"The antibodies are small pieces of code that detect attacks in various ways, including through anti-debuggers, breakpoints, and making cryptographic hashes of short sections of the host app's code, in order to detect change," Madden wrote.. "These are all well-established software protection techniques, but injecting so many of them into a single app makes real-time attacks extremely difficult. The antibodies can even monitor each other, and an attack can trigger a warning to a user or admin to shut down an app entirely."
While this approach addresses one of the core challenges of securing mobile devices in that it doesn't significantly impact functionality, Madden stressed that it should not be seen as a complete replacement for other solutions. Network protections such as properly configured firewalls and measures such as digital code signing still have an important role to play in securing enterprise data.
Match policy with practice
Particularly given the proliferation of attacks that target the end user, it is critical that technology be supplemented with awareness and continued evaluation of practices. In a list of action items for government agencies, GCN columnist Shawn McCarthy provided several useful tips for improving mobile device security. For example, rather than adopt an entirely new solution, an agency may be able to utilize proven authentication or access control technology. In determining the best approach and how to implement it, McCarthy said organizations must take stock of their environments. By looking at the platforms and devices that workers are actively using, IT can identify the best and most feasible approach to meet their company's unique security needs.
Start building trust into your programs by getting a code signing certificate today.