Custom apps often lack proper security

Mar 31st, 2014 / Category: Managed File Transfer

To provide secure file sharing solutions for their employees, some companies create custom apps. However, by virtue of the way they're developed, these programs might not be able to provide an adequate level of security. Instead, organizations that need to keep their confidential data safe might require more robust systems that are designed with comprehensive, high-end safeguards.

Custom apps can be vulnerable 
According to a recent report by Aspect Security, 98 percent of applications included in the study contained at least one security risk. The average application presented 22.4 risks. Many of these vulnerabilities are caused by manual code review shortcomings, and the threat profiles extended evenly across various industry sectors, the report explained.

Referring to the results of this study, Dark Reading contributor Jeff Williams, CTO of Contrast Security, elaborated on the difficulty of making custom applications sufficiently secure. He said that even well-funded, advanced AppSec programs don't fully test their Web apps and services. Consequently, this exposes organizations to threats as though they had no real security program in place.

Asserting that 54 percent of breaches come from the faulty security of custom apps, Williams explained that AppSec programs aren't working well because they don't know what to protect, since custom code can vary so drastically. Most testing programs cover about 10 percent of applications, leaving 90 percent vulnerable - or "naked," in his words. 

Although organizations have unique needs and requirements, these insights should encourage decision-makers to consider whether a program supplied through a trusted vendor could better ensure the safety of their information resources when security is of utmost importance. With the threat of data breaches on the rise, shortcuts are becoming a dangerous liability.

Other solutions 
Instead of consumer-facing products or custom apps, businesses can turn to solutions such as Wide Area File Services (WAFS) to provide system-wide data management resources. These secure programs offer employees convenient tools that adapt to a variety of devices, furnishing the flexibility and customizability that cause many organizations to seek custom development. However, high-end providers can offer greater support and maintenance, in addition to fully testing and bolstering their products with top-notch, evolving security measures. 

Information security is something that no company can afford to take lightly. Protecting mission-critical information and keeping sensitive data private must be pursued through an ongoing, vigilant, comprehensive process. Having the right apps and tools forms the foundation for this initiative.