Mobile
News
4/30/2013
09:14 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%
Repost This

IBM Makes Enterprise Mobile Security Move

IBM partners with mobile security vendor Arxan Technologies to secure apps created with its Worklight platform against malware and other attacks.

Samsung Galaxy S 4: 11 Clever Tricks
Samsung Galaxy S 4: 11 Clever Tricks
(click image for slideshow)
Since purchasing Worklight in January 2012, IBM has quickly made the app-building platform the centerpiece of its enterprise mobility catalog, now one of the most comprehensive on the market. Big Blue continued that trend Monday, partnering with mobile security vendor Arxan Technologies to make apps created with Worklight more impervious to malware and other attacks.

As a standalone news item, the deal adds another ostensibly attractive piece to IBM's offerings. Perhaps just as significantly, it also adds a new fork to the increasingly complicated path businesses must weave as they attempt to integrate smartphones, tablets and the bring-your-own-device (BYOD) phenomenon into the workplace.

For Worklight developers, the new product -- tongue-twistingly called Arxan Mobile Application Integrity Protection for IBM Worklight Apps -- adds beefed-up mobile app security without disrupting existing workflows. Though iOS's centralized app store gives it a security advantage over Android's looser rules and malware-prone unofficial marketplaces, Arxan VP of business development Jukka Alanen said in an interview that virtually any mobile app can be cracked in just a few minutes. Virus-injected versions of popular apps are freely available, and blithely installed by users, he said, from sources throughout cyberspace.

The IBM-Arxan union seeks to protect Worklight apps from these threats via a variety of defenses. Apps can detect illicit behavior, for example, and both shut themselves down if they observe a problem and also issue alerts.

[ Unpatched devices are often security risks. Read why Android Smartphone Sellers Should Patch, Refund Or Perish. ]

In addition to thwarting attacks while they happen, the product is also designed to make apps tougher to crack in the first place. Alanen said that even unskilled hackers can make progress against unfortified apps thanks to rootkits and other black market malware tools. But with the randomization applied by the Arxan-infused Worklight, he said, the task of decompiling and cracking apps turns into an intense and time-consuming technical challenge that few malware authors can manage.

This protection is applied via "guards" in the binary code that obfuscate the app's programming, apply extra encryption and otherwise make it more difficult for hackers to see how the app can be exploited. Hundreds of these guards can be implemented into a single app, if the developer chooses, with each one occupying a small, seemingly innocuous footprint that is difficult to detect within the overall body of code. The fact that each guard can independently apply obfuscation only extends this effect; each one can disguise itself in thousands of ways, meaning multi-guard networks can offer millions of permutations of defense.

To businesses such as financial institutions, whose apps transmit particularly sensitive data, products such as Worklight have an obvious place. But is this sort of proactive security a necessity for all enterprises? That's the urgent, and potentially expensive, question many businesses face as they attempt to turn smartphones and tablets from employee-friendly endpoints into productivity-enabling business devices.

The decisions are numerous. For a company whose mobile needs involve mostly document-sharing or light collaboration, Worklight represents a particularly costly and complicated solution. Depending on the sensitivity of the data, Dropbox, Teambox, Office 365 and other cloud-based approaches might be a better investment. When mobility plans start to include more complicated apps that need to hook into varied corporate backends, however, the challenges multiply. Are off-the-shelf apps adequate? If they need to be independently developed, is it better to work in-house or to hire a contractor? Should the apps be native, or is it practical to avoid OS fragmentation by relying on HTML5?

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.