We’re all addicted. Consumers spent 37.5 hours per month accessing apps on their phones in 2014, up 63 percent in just two years, according to the consumer research giant Nielsen.
Because we use our mobile phones for both work and play, securing one from the other is a growing challenge. That was the message last week at the Citrix Mobility 2015 Government Summit.
Hackers are increasingly targeting mobile devices by installing malware in apps.
In the U.S., mobile malware rates jumped 75 percent in 2014, according to a report published in January by the mobile security firm Lookout. And according to Gartner, more than 75 percent of mobile applications fail basic security tests.
“Most enterprises are inexperienced in mobile application security,” Dionisio Zumerle, principal research analyst at Gartner said. “Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security.”
Split Personality
Government agencies want to keep up, but technology is moving faster than most can. “Blackberry was successful because they found a way to do secure mobile email,” said Tom Simmons, area vice president, public sector, Citrix. “It worked. And it’s why the status quo guys in IT will tell you, ‘You only need that [mobile device] for email, right?’”
Users, of course, increasingly want solutions that let them access work whenever and wherever they are. And IT managers know that they’ll bend or break the rules to do so, putting security at risk in the process.
Citrix is developing technologies that would enable agencies to empower users to employ their smart phones, but keep all their work-related apps, content and functions sealed off from their personal activity through virtualization. Your phone displays an image of your work, but actually downloads nothing. “It’s consumer-grade experience with enterprise-grade security,” Simmons said.
Mobile Military
The Defense Information Systems Agency (DISA) has been working on this issue for the past two years.
Kim Rice, program manager in the DoD Mobility Program Management Office at DISA, says the challenge starts with bringing user expectations and government solutions in line. “Why are users going out for Dropbox capability just to get access to a work file?” she asked. “Why are they forced to do that? We have to ask: How can we get that capability for them.”
“Our goal is to have a secure app store, like an Army Amazon, where all the apps that are available have been tested and are secure,” said Rick Walsh, Mobile Lead, Cybersecurity Directorate, Office of the Chief Information Officer, U.S. Army. Walsh was a panelist at last week’s Citrix Mobility 2015 Government Summit.
Mobile app security represents a primary goal of the app marketplace. Having a choice of approved apps helps guard against agencies and users downloading unapproved apps and taking unnecessary security risks.
“Tested by the Army, or tested by DISA, or by the Air Force. It would save us money. It would save everyone money.”
Success hinges on being able to do security checks quickly and reliably. “The most important thing is the speed at which mobile operates,” Walsh said. “We can’t take 90 days to make sure an app is safe. The time we take to make IT decisions has to change.”
Citrix is developing its own solution to ensure apps are safe – a technique the company calls dynamic containerization. The process insulates the actual device and the network from the app.
That’s one more critical step on the path to the future, Simmons said, when vendors will offer – and the government will buy – enterprise-wide mobility as a service. “That’s not ready today,” he said. “But it’s coming.”
Join the conversation by participating in the Citrix Mobility Survey.
Post a comment below or email me at bglanz@300brand.com.