IBM Makes Enterprise Mobile Security Move - InformationWeek
09:14 AM
Connect Directly

IBM Makes Enterprise Mobile Security Move

IBM partners with mobile security vendor Arxan Technologies to secure apps created with its Worklight platform against malware and other attacks.

Samsung Galaxy S 4: 11 Clever Tricks
Samsung Galaxy S 4: 11 Clever Tricks
(click image for slideshow)
Since purchasing Worklight in January 2012, IBM has quickly made the app-building platform the centerpiece of its enterprise mobility catalog, now one of the most comprehensive on the market. Big Blue continued that trend Monday, partnering with mobile security vendor Arxan Technologies to make apps created with Worklight more impervious to malware and other attacks.

As a standalone news item, the deal adds another ostensibly attractive piece to IBM's offerings. Perhaps just as significantly, it also adds a new fork to the increasingly complicated path businesses must weave as they attempt to integrate smartphones, tablets and the bring-your-own-device (BYOD) phenomenon into the workplace.

For Worklight developers, the new product -- tongue-twistingly called Arxan Mobile Application Integrity Protection for IBM Worklight Apps -- adds beefed-up mobile app security without disrupting existing workflows. Though iOS's centralized app store gives it a security advantage over Android's looser rules and malware-prone unofficial marketplaces, Arxan VP of business development Jukka Alanen said in an interview that virtually any mobile app can be cracked in just a few minutes. Virus-injected versions of popular apps are freely available, and blithely installed by users, he said, from sources throughout cyberspace.

The IBM-Arxan union seeks to protect Worklight apps from these threats via a variety of defenses. Apps can detect illicit behavior, for example, and both shut themselves down if they observe a problem and also issue alerts.

[ Unpatched devices are often security risks. Read why Android Smartphone Sellers Should Patch, Refund Or Perish. ]

In addition to thwarting attacks while they happen, the product is also designed to make apps tougher to crack in the first place. Alanen said that even unskilled hackers can make progress against unfortified apps thanks to rootkits and other black market malware tools. But with the randomization applied by the Arxan-infused Worklight, he said, the task of decompiling and cracking apps turns into an intense and time-consuming technical challenge that few malware authors can manage.

This protection is applied via "guards" in the binary code that obfuscate the app's programming, apply extra encryption and otherwise make it more difficult for hackers to see how the app can be exploited. Hundreds of these guards can be implemented into a single app, if the developer chooses, with each one occupying a small, seemingly innocuous footprint that is difficult to detect within the overall body of code. The fact that each guard can independently apply obfuscation only extends this effect; each one can disguise itself in thousands of ways, meaning multi-guard networks can offer millions of permutations of defense.

To businesses such as financial institutions, whose apps transmit particularly sensitive data, products such as Worklight have an obvious place. But is this sort of proactive security a necessity for all enterprises? That's the urgent, and potentially expensive, question many businesses face as they attempt to turn smartphones and tablets from employee-friendly endpoints into productivity-enabling business devices.

The decisions are numerous. For a company whose mobile needs involve mostly document-sharing or light collaboration, Worklight represents a particularly costly and complicated solution. Depending on the sensitivity of the data, Dropbox, Teambox, Office 365 and other cloud-based approaches might be a better investment. When mobility plans start to include more complicated apps that need to hook into varied corporate backends, however, the challenges multiply. Are off-the-shelf apps adequate? If they need to be independently developed, is it better to work in-house or to hire a contractor? Should the apps be native, or is it practical to avoid OS fragmentation by relying on HTML5?

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll