Managed Security Service Provider Mobile Apps Boon?

By Michael Vizard  |  Posted 2016-01-29
managed security service provider, mobile app security

The first fact solution providers should appreciate about mobile applications is that from a security perspective not all of them are created equal. For example, there's been no major compromise of the mobile applications that users download via the Apple App Store. Not only has Apple validated each of those applications, but they also run inside a container that makes them a major challenge to hack.

Nevertheless, there is an emerging opportunity to deliver managed security services for mobile applications. Many IT organizations are now building custom applications for their employees. While mobile applications aimed at consumers are usually validated by an app store (Apple's or Google's, for example), many custom mobile applications enterprises are developing are still subject to the same security issues that bedevil all applications.

In fact, a new survey of 1,950 enterprise developers conducted by Bock & Company on behalf of Alpha Software finds that 96 percent identify security as an essential requirement for mobile applications. Enterprise IT organizations often look to build applications that need to run on multiple platforms for employees, said Richard Rabins, CEO of Alpha Software, a provider of application development tools. For that reason, there's a tremendous focus on protecting applications that need to run across multiple platforms at a time when app security in general is often deeply flawed.

"Security often comes down to a question of degree," Rabins said. "There's always a tradeoff between security and convenience."

Most of those custom enterprise applications, however, are still in development. The Alpha Software survey finds that 63 percent of developers are expecting to create two to five applications this year. At that rate, it might take time before there is enough critical mass to support a managed service for securing mobile applications.

A survey of nearly 400 managed service providers conducted by Kaseya, a provider of an IT management platform for MSPs, finds that only 9 percent are focusing on both mobile device management and services, such as containerized apps for email, docs and browsers.

Managed Security Service Provider Market Potential

Make no mistake. In an age where worry over data breaches and bad actors is significant, security is paramount. Overall, the managed security service provider market is robust. Time will tell how significant the opportunities for securing mobile apps will be for managed security service providers.

The good news is that as the number of endpoints that IT service providers need to manage steadily increases, according to a survey of 1,100 IT service providers conducted by Autotask, a provider of professional services automation software. The study suggests that increased reliance on cloud services should, in general, make it easier to manage mobile computing.

With that goal in mind, Bluebox Security is trying to drive the adoption of self-defending mobile applications using containers and analytics in collaboration with traditional IT security vendors, such as F5 Networks and GlobalSign. Bluebox CEO Pam Kostka acknowledged that it's still early days in terms of building out the company's partner program. But over the coming year, a significant opportunity for securing mobile applications will emerge, she added.

"We don't think customers will want to rely on the operating system for security," Kostka said. "We're trying to enable the application to protect itself."

Ingram Micro is also expanding the scope of its mobile application security ambitions. The distributor recently formed an alliance with Lookout Inc., a provider of a cloud service that makes use of sensors and machine learning algorithms in an effort to protect data residing with thousands of mobile applications. The goal is to enable MSPs to better secure those applications without requiring them to absorb a lot extra capital costs, said David Helfer, vice president of world channel development and inside sales at Lookout.

"We think this will be a big opportunity for MSPs," Helfer said. "A lot of them don't have the skill set needed to deliver this service on their own.

Already moving to expand the scope of its mobile application service is NTT Communications. The MSP has inked an alliance with Bromium, a provider of software that uses micro-virtual machines to isolate applications, to better secure endpoints. Bromium CTO Simon Crosby said that most of the mobile application opportunity for solution providers in the channel clearly surrounds Windows platforms that are prone to be more vulnerable than Apple's iOS.

To address that challenge, Microsoft is working with Bromium to embed support for micro virtual machines (micro VMs) in Windows 10. However, it will be years before Windows 10 supplants all the previous iterations of Windows running on notebooks and tablet PCs. NTT plans to apply Bromium micro VMs to the broad range of Windows devices that it needs to support, Crosby said.

"Solution providers need to distinguish between when customers just want a compliance solution versus needing to really secure a mobile application," Crosby said. "Smartphone manufacturers already do a good job on hardware isolation. That's why you don't see any breaches involving mobile apps that have been certified in an app store."

The challenge facing solution providers is determining what mix of security technologies to bring to bear to turn both mobile application and mobile device security into an opportunity that drives a profitable set of repeatable services. Today, many MSPs already deliver services to secure mobile devices. The next frontier is going to be securing more of the applications themselves.

Michael Vizard has been covering IT issues in the enterprise for more than 25 years as an editor and columnist for publications such as InfoWorld, eWEEK, Baseline, CRN, ComputerWorld and Digital Review.