The marketplace for application security has become more innovative and complex in 2020 than any year prior. Indeed, it could be a full book’s worth of a topic. If you do any research, you’re sure to come across terms like “Beacon Technology” or “Application Performance Management.” There are concerns about the impact of 5G and the Internet of Things (IoT) will have in the field, as well as the proliferation of medical devices that are transforming the healthcare industry. Coupled with the new and the innovative, however, legacy devices and systems remain extremely vulnerable to attack, especially as their security lapses and IT teams are focused on other areas. Nor can we forget the impact of major new legal regulations like Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
What unites all these trends is a sense of urgency around the security of the data these apps are storing and processing. Applications collect troves of this big data from users, and it presents a tempting target to cyber thieves. Uncertainty reigns supreme at this stage. Rapidly changing regulations and methods of cyber attacks often cause organizations to scramble to keep up. In addition, companies find themselves needing to protect both client data from malicious actors, as well as their own intellectual property (IP) from competitors.
The statistics tell a story of risk. A report from Statista estimates approximately $33 billion in generated revenue from all the smart wearable devices in 2019. According to Mobile App Daily, the number of IoT devices in total is expected to be 20 billion. That is a massive spread of ‘things’ connected to the Internet, harvesting people’s personal data. Moreover, the number of apps continues to spike dramatically. Both the Apple and Google Play stores offer around 2 million apps each. People with smartphones download 80 apps on average and use about 40 of them per month, also according to Statista.
The attack surface for personal information has never been wider, and applications are among the most vulnerable vectors. Research from SAP indicates that 84% of cyber-attacks happen on the application layer. “Malicious attackers who exploit an application through a vulnerability or weakness will also have access to the data that application has access to,” says Amy DeMartine writing for Forrester. This is a modern reality that developers must take into account at the ground level.
Compounding this issue are new privacy standards and regulations that affect businesses around the globe. GDPR and CCPA have created strict guidelines around the handling of personal data, as well as strong enforcement measures. Both are intended to give consumers stronger control over their personal information (defined by GDPR as “any information which are related to an identified or identifiable natural person,”[i] and by CCPA “with reference to a broad list of characteristics and behaviors, personal and commercial, as well as inferences drawn from this information”[ii]). Any entity doing business with or handling the information of these citizens is subject to the new rules. Application developers are no exception.
Application security (AppSec) teams will need to ensure compliance for review before launching. In terms of apps specifically, GDPR Articles 5, 25, 28, 32, 33 and 35 are most relevant[iii]: these expound on how apps must securely classify data, process it, store and encrypt it, as well as outlining third-party guarantees and transparency. The CCPA followed GDPR’s example, although some view it as imposing fewer specific requirements, and being overall less strict and more balanced between businesses and consumer interests.
Ultimately, for CCPA and GDPR, any user interaction with applications falls under the domain of personal information and will thus be protected.
In order to address these complex challenges, organizations must ensure their data is secure and compliance is achieved. At NetLib Security, if your application is on the Windows platform, our Encryptionizer software can help you achieve compliance through an easy-to-deploy and cost-effective encryption solution for application developers. By simply checking off the “encrypted” box for any stored data on a server, workstation or tablet from physical, virtual or cloud environments. Developers of new applications can integrate encryption of stored data seamlessly into their applications without any reprogramming. Since programming is in fact never required, it can be used to help bring legacy applications already in the field up to compliance. That data can be anywhere, such as a SQL Server database, an MS Access database, Web Server attachments, even custom applications.
Founder and CTO of NetLib Security, Neil Weicher states that “most applications were or are being developed without thought to compliance, or by leaving compliance up to their own customers. Encryptionizer helps developers seamlessly build compliance into their applications without modification. Same with users of legacy applications, where the application may no longer be maintained by the manufacturer. People are throwing up their hands with what to do with legacy applications and medical devices that must be brought up to compliance. Flexibility, seamlessness, and ease of use are what we aim for with Encryptionizer.”
The need for application security continues to rise to the top of developers' priority list amidst an ever-evolving and expanding market landscape. Understanding the problem is the first step. Proactively addressing and finding a suitable solution to meet your needs is a business imperative.
For more information visit our website at netlibsecurity.com.