Appknox helps CISOs deal with various aspects of mobile app security testing in their enterprises
As more and more enterprises and organisations adopt and rely on mobile applications or apps today, data leaks and app security remain the prime concerns of their CISOs. And this is where the mobile app security testing company Appknox plays a crucial role in securing apps against data leaks, malware and cyber threats. In a way, Appknox helps CISOs deal with various aspects of mobile app security testing in their enterprises.
Mobile app security testing
However, mobile app security testing is a bit complex process. It mainly involves Vulnerability Assessment (VA) and Penetration Testing (PT) commonly known as VAPT. Along with that devices-based testing to conduct software and security checks are also done before the app is released.
This entire process is time-consuming and continuous because every version of the mobile app needs a thorough evaluation and testing before its release.
Interestingly, today many enterprises leverage common or third-party mobile apps for internal usage. While others either build the app in-house or outsource the entire mobile app development.
Depending on the needs and nature of businesses, the use of mobile apps may vary from internal to external functions and purposes.
Why mobile app security testing is bit complex?
According to Bangalore-based Founder and CEO of Appknox, Harshit Agarwal, each of these enterprises and organisations is at different stages of security maturity, leading to a diverse set of challenges for CISOs. And that brings complexity to the entire mobile app security testing space.
First set of companies
To simplify, Agarwal broadly segments enterprises and organisations into three sets. The first set comprises companies that have not set up anything related to mobile app security.
“They are unsure of what checks and security measures have to be taken and are not aware, if their apps are even vulnerable or not,” he says.
One-time three-month engagement
For such enterprises and their CISOs, Agarwal urges them to initiate a one-time three-month engagement. During this period, they get to understand how their app works, and their teams will get to know and understand issues and then fix them.
“If they see a value, they look at long term engagement and we have seen that works very effectively because these companies do not have much of process,” reveals Agarwal.
Since they lack mobile app security-related processes, Appknox offers them automation tools enabling them a complete on-boarding of all their teams, including security, technical, development and product.
“Everybody has to come on-board and make sure that security becomes part of their development life cycle,” he emphasizes why security across the enterprise is significant.
“So the three-month journey enables them to do that and post that, we have seen upwards of 80 to 90% people moving to our annual engagement,” says Agarwal.
Second set of companies
Unlike the first set of companies that lacks mobile app security-related processes, the second set group works with traditional security vendors or managed security service providers (MSSPs).
“They go to MSSPs to get VAPT for their mobile app done and then the report is shared. However, one of the challenges over there is time because their release cycles get delayed. And definitely, there is a cost involved,” says Agarwal.
“The cost is involved because they have to put their team and then for every engagement they have to pay to these vendors, the price as per man days they are putting in,” Agarwal explains the cost factor for enterprises.
Many organisations are struggling with mobile app development, release cycles and security. Because this is done in silos and not with an integrated approach, it often triggers vulnerability issues and security risks, which Agarwal calls a ‘broken process.’
Broken process, CI/CD and DevOps
“There’s ‘broken process’ as it does not align in their CI/CD (continuous integration and continuous delivery) process,” points out Agarwal. However, that is changing with companies transitioning towards the CI/CD process as part of their DevOps strategy.
For such companies, Appknox offers a platform on an annual engagement basis, ensuring the CI/CD and other processes are done within a month. This means that every app release will go through its security lifecycle. “And it’s part and parcel of their DevOps engine,” says Agarwal.
“A lot of enterprises are now transitioning to CI/CD process but they want to move into DevOps. Because it’s more agile, more fast and that is required as the enterprises grow,” Agarwal explains the technicalities.
Third set of companies
And the third set consists of companies which have everything related to mobile app security and even are using some testing tools. “However the challenge for these companies is in-depth security testing,” asserts Agarwal.
Mobile app security and Competitors
While, Appknox’s competitors offer mobile, web and everything as a portal together, he says that they don’t have a niche in mobile security. “Most of Fortune 500 companies that we work with, have come from that bucket, where they were using competitors tools but were not happy,” says Agarwal.
Though competitors have many offerings, they lack the depth required for mobile app testing. And this had resulted in cases where the customers found lapses in-app security testings and were not 100% relying on those tools, claims Agarwal.
Today, many of these enterprise customers have switched to Appknox. For that Agarwal credits the niche of mobile security testing that his company Appknox has established in the market against the competitors.
A majority of Fortune 500 companies are Appknox’s customers, leveraging its cloud and on-premise mobile app security platform and tools.
Device farms and the differentiator
Appknox has set up two device farms in Singapore and India. These farms enable customers to interact with a wide range of devices and conduct app testing on real devices and not on software-based simulations (software-generated device images).
“We are rated as one of the top or recommended vendor in Gartner Hype Cycle 2021. We focus in that niche and make sure that we are the best. So that is primary thing that differentiates us from other competitors or any other player in this space,” concludes Agarwal.
As per industry forecast, the mobile app security market was estimated to reach around $2.1 billion in 2020 and is projected to grow at a CAGR of 23.6% over the forecast period between 2021-2028.