As a standalone news item, the deal adds another ostensibly attractive piece to IBM's offerings. Perhaps just as significantly, it also adds a new fork to the increasingly complicated path businesses must weave as they attempt to integrate smartphones, tablets and the bring-your-own-device (BYOD) phenomenon into the workplace.
For Worklight developers, the new product -- tongue-twistingly called Arxan Mobile Application Integrity Protection for IBM Worklight Apps -- adds beefed-up mobile app security without disrupting existing workflows. Though iOS's centralized app store gives it a security advantage over Android's looser rules and malware-prone unofficial marketplaces, Arxan VP of business development Jukka Alanen said in an interview that virtually any mobile app can be cracked in just a few minutes. Virus-injected versions of popular apps are freely available, and blithely installed by users, he said, from sources throughout cyberspace.
The IBM-Arxan union seeks to protect Worklight apps from these threats via a variety of defenses. Apps can detect illicit behavior, for example, and both shut themselves down if they observe a problem and also issue alerts.
In addition to thwarting attacks while they happen, the product is also designed to make apps tougher to crack in the first place. Alanen said that even unskilled hackers can make progress against unfortified apps thanks to rootkits and other black market malware tools. But with the randomization applied by the Arxan-infused Worklight, he said, the task of decompiling and cracking apps turns into an intense and time-consuming technical challenge that few malware authors can manage.
This protection is applied via "guards" in the binary code that obfuscate the app's programming, apply extra encryption and otherwise make it more difficult for hackers to see how the app can be exploited. Hundreds of these guards can be implemented into a single app, if the developer chooses, with each one occupying a small, seemingly innocuous footprint that is difficult to detect within the overall body of code. The fact that each guard can independently apply obfuscation only extends this effect; each one can disguise itself in thousands of ways, meaning multi-guard networks can offer millions of permutations of defense.
To businesses such as financial institutions, whose apps transmit particularly sensitive data, products such as Worklight have an obvious place. But is this sort of proactive security a necessity for all enterprises? That's the urgent, and potentially expensive, question many businesses face as they attempt to turn smartphones and tablets from employee-friendly endpoints into productivity-enabling business devices.
The decisions are numerous. For a company whose mobile needs involve mostly document-sharing or light collaboration, Worklight represents a particularly costly and complicated solution. Depending on the sensitivity of the data, Dropbox, Teambox, Office 365 and other cloud-based approaches might be a better investment. When mobility plans start to include more complicated apps that need to hook into varied corporate backends, however, the challenges multiply. Are off-the-shelf apps adequate? If they need to be independently developed, is it better to work in-house or to hire a contractor? Should the apps be native, or is it practical to avoid OS fragmentation by relying on HTML5?
InformationWeek Elite 100Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?