Mobile Application Security Maturity - Leveling Up.

Enterprises are struggling to understand the risk and privacy impacts of the mobile applications in use in their environment. As the consumerization of mobile continues to shove BYOD into the enterprise, the number of applications in use is growing exponentially. Organizations must get a better handle on just how much risk is accumulating from the proliferation of mobile apps on their user’s devices.

I'm currently researching a concept designed to help an enterprise know where they are on the mobile application security maturity curve. Understanding where one currently resides is the quickest method to determine the path required to improving your standing in the future.

Does your organization allow BYOD?
Do you inventory all of the mobile applications in use in your environment?
Do you execute security and privacy analysis on mobile applications in an organized fashion?
How do you define and enforce policies around mobile application security?

I’ve created a survey to determine current baseline enterprise mobile application maturity levels. If you are involved in the mobile management and security decisions of your enterprise now is your time to help. Please go to the survey link below and fill out the form. I will summarize some of the findings in a future blog post.


Yes, I definitely wants to

Yes, I definitely wants to execute security and privacy analysis on my mobile app.Security is a great measure on mobile app.

At the lowest level,

At the lowest level, companies conduct manual testing of applications on an ad hoc basis, relying on antivirus alone. They lack a formal approach and generally have no defined critera for accepting new mobile applications development company.

Mid-level enterprises use automated tools for security awareness, but not for application vetting. They have developed some application vetting policies, but may not have many approved applications due to the the labour intensive nature of the process.

Those at the highest level of maturity, however, use automated tools together with manual assessment for a full mobile control point. They segment their user base for a clear understanding of risk tolerance and have clearly defined application acceptance criterea for each.