What's Holding Mobile Threat Detection (MTD) Adoption Back?
Nikfar Khaleeli | Nov 6, 2019
Mobile devices are increasingly an integral and indispensable part of our lives. Consider commerce. Since 2015, mobile transactions have increased 72% YoY, illustrating how consumers are embracing mobile to access virtually all goods and services. But with that comes an increasing focus from criminals and nation states on how to benefit from this trend. In the first half of 2019, there were 111 million mobile attacks representing a 9% growth on 2018’s attacks, in just six months.
While there aren’t that many headline-grabbing successful attacks on mobile devices—partly because mobile operating systems were designed to address the security failings of operating systems for desktops and laptops—enterprises are investing in technology to secure their data on mobile devices. Mobile device management (MDM) is one such solution that provides an additional defense layer, in addition to the protections built in mobile OS platforms. MDM gives enterprises control over a worker’s mobile device, such as restricting what apps are allowed to be installed, or run on a device, or remotely wiping the device. However, MDM requires that end users sacrifice some of their privacy.
But when enterprises want to enable end users not using corporate-controlled devices, alternative mobile security options are needed. In-app protection technologies, which includes mobile app management (MAM), mobile threat defense (MTD), anti-tampering, code obfuscation and more, enable enterprises to extend protection for corporate data to unmanaged mobile devices, without sacrificing users’ privacy. An app-level security approach provides enterprises with the ability to maintain control over corporate data, while end users maintain control over their personal apps and the device.This type of security is the key to securing unmanaged devices: Analysts estimate that by 2022, at least 50% of successful clickjacking and mobile app attacks could have been prevented with in-app prevention.
I believe that the in-app protection potential of MTD controls is large, but given that it was only a $200m worldwide market in 2018 it seems that enterprises aren’t in a hurry to adopt MTD solutions at scale, across all devices and applications. Part of what is limiting MTD’s growth prospects is that it is viewed as a companion to Unified Endpoint Management (UEM) solutions. MTD solutions were initially delivered as a separate app that requires elevated privileges to be effective. UEM solutions are one way that enterprises can enforce MTD protection on devices, but that immediately restricts MTD’s addressable market to enterprise-managed devices. And though MTD vendors have now expanded their offerings to include SDKs to allow for the embedding of MTD functionality into apps that manifest sensitive corporate data, this hasn’t yet translated into a meaningful bump in enterprise MTD adoption.
The issues hindering mainstream adoption of in-app MTD controls isn’t related to the inherent value of MTD functionality, but is instead related to the cost and effort required to manually manage the lifecycle of integrating these controls into enterprise mobile apps. Enterprise app developers are under continuous pressure to rapidly develop and iterate mobile apps that boost productivity. When IT halts the deployment of an app that they’ve been working on because security hasn’t been considered in the design, developers must take time to get up to speed on the app security SDKs necessary to deliver the security functionality that IT requires. This delay interrupts the creative flow and demotivates developers. After all, they are interested in developing innovative apps, not integrating ancillary but necessary things like security. Plus, time-to-market is of tremendous importance to the Lines-of-Business (LOBs) who are setting the requirements and funding for the apps.
Automating the integration of MAM controls, such as from Microsoft and BlackBerry, into mobile apps is already allowing app developers to more effectively focus on app innovation. No-code integration of MTD solutions furthers this catalyst and will also be a tremendous growth catalyst for the MTD market. Enterprises will now be able to easily enable multi-layered protection—MAM and MTD—for corporate data on iOS or Android apps, without requiring a separate MTD app. Such multi-layered app-level protection also allows organizations to push the innovative behavior-based app protection of MTDs to individual apps to protect against all kinds of malware, without requiring users to cede device control to their employers.