June 19, 2023

A Forrester and Build38 Q&A: The importance of In-App Mobile Security

Mobile In-App security: Forrester & Build38


A Forrester and Build38 Q&A: The importance of In-App Mobile Security

In today’s digital landscape, ensuring the security of mobile applications has become paramount for businesses of all sizes.   As cyber threats continue to evolve, App owners must prioritise safeguarding their users’ data and protecting their organisations from potential breaches.   To shed light on the topic of mobile In-App Mobile security and its significance, we bring you a comprehensive Q&A featuring Build38 and Forrester. Here we delve into the key aspects of mobile In-App Mobile security, discussing the challenges faced by app owners and the best practices they can adopt to fortify their applications against the ever growing vulnerabilities. We will provide valuable insight for business owners looking to enhance the security posture of their mobile applications.  

The Importance of Mobile In-App Security 

Q1: As the business owner of a Mobile App, I understand the need for security, but I have yet to fully comprehend all the various aspects and their importance. What steps should I take? 

As the business owner, start to engage with your security team to understand the key elements of application security and work with them to introduce security into your mobile app development and launch process. If you are just starting out, prioritise your Apps according to business criticality, and start to pilot application security tools and processes in your pipeline and deployment environment. You may wish to start with one application that has a high performing, agile team – as you prove out and adjust the process, you can gradually expand into other apps in your organisation.  

Q2: Maybe I could handle some security in-house. Why should I ask a 3rd party to do so, meaning outsourcing the security task? I am pretty sure I could handle part of our security in-house. Why should I outsource security tasks and processes?

Very few organisations have an unlimited supply of security experts that can address every issue. By strategically outsourcing some security tasks to trusted vendors and partners, your firm can focus on the security areas where your team has the most expertise, or you can let your team manage the security strategy and planning and leverage third parties to help address specific tactical needs. Chances are, you can address some security in-house – by strategically outsourcing, you can use your in-house resources more effectively.  

Q3: What is the difference between (Mobile) App security testing and application shielding (App hardening)? Why do I need both technologies?  

Application security testing finds flaws in the source code and guides developers on how to fix them – it’s an important part of the pre-release security process. However, with mobile applications, you must also contend with the security of the device itself (including the operating system) and that messy combination of device security and Mobile App security.   Also keep in mind that new vulnerabilities continuously appear in open source and third-party libraries, so even if your App had no critical issues before launch, there’s no guarantee that will remain the case. Having both post-deployment protections like application shielding and pre-release controls like mobile application security testing provides the necessary layers of security throughout the app’s lifecycle.  

Q4: How secure should a Mobile App be? Shouldn’t the basics be enough? 

When prioritising security controls and fixes for Mobile Apps, consider how an attacker could exploit the app if the control or fix is not in place and what the impact to the business would be if they can do so. Prioritise addressing security flaws that are high risk and exploitable and where the impact to the business is also high.   Customer-facing mobile apps and those that deal in personally identifiable information (PII) require more scrutiny and have a higher bar for security requirements. If apps do not protect PII properly (or all all), the company risks legal liability and a significant impacts to its reputation and revenue.  

Q5: How do I justify the investment in Mobile App security? 

The reality is that mobile applications are one of the most common paths for attackers to breach organisations. Investing in application security directly addresses how attackers are going after organisations such as yours.   Note that many of your peers do prioritise application security – in Forrester’s 2022 Security Technographics Survey, when asked about their top tactical security priorities for the coming year, more security decision makers pointed to improving application security capabilities and services than any other priority. 

Implementing robust Mobile, In-App security measures is a necessity 

As seen in this short but interesting Q&A session, we explored the critical aspects of mobile in-app security and the need of implementing robust measures to protect apps and mitigate potential security risks.   Ensuring the appropriate level of security for an App is crucial, as vulnerabilities can lead to severe consequences. Prioritising security controls and fixes based on potential impacts to the business and the exploitability of vulnerabilities is essential.  While it may be tempting to handle security in-house, few organisations possess an unlimited pool of security experts.   Outsourcing security tasks to trusted vendors and partners allows businesses to focus on areas where their teams excel and leverage specialised expertise for specific tactical needs. By strategically outsourcing certain security tasks, organisations can effectively utilise their in-house resources while addressing security concerns comprehensively.   Keeping these insights and implementing comprehensive security measures, helps businesses establish robust protection for their mobile applications. Protecting user data and preserving trust are critical in today’s digital landscape, and staying ahead of potential threats is a proactive step towards maintaining a secure environment for both the organisation and its users.  If you missed the webinar, you can watch the full recording “Trusted business in the mobile world, powered by application security” featuring Sandy Carielli, Principal Analyst at Forrester Research, along with Dr. Christian Schläger – CEO, and Torsten Leibner – co-founders of Build38. Gain valuable insights into how application security nurtures trust in the mobile landscape and fuels business growth. Don’t miss this opportunity to hear from industry experts and discover the keys to building trust in the mobile world and how application security supports that business goal.


Related posts

Discover the next generation 
of mobile app security