BYOD Fuels App Security Job Growth

Use of Personally-Owned Devices Creates New Opportunities

By Upasana Gupta, May 1, 2012.
BYOD Fuels App Security Job Growth

Ajoy Kumar, a financial industry security expert and (ISC)2 advisory board member is looking to expand his team in the second quarter to support a significant growth in the number of applications employees are using on personally-owned mobile devices in the workplace.

See Also: OPM Breach Aftermath: How Your Agency Can Improve on Breach Prevention Programs

"We need to hire more staff to put controls on each application used on personally-owned devices," Kumar says. "Our growth is reflected in our need to protect the increased data and applications on these devices."

Many organizations are now allowing employees to use their personally-owned devices for work purposes with the goal of achieving improved employee satisfaction and productivity. The need for more resources to effectively secure applications is common among many organizations that are embracing the "bring your own device" trend, in which consumer preference, not corporate initiative, drives the adoption of technologies and applications within the enterprise.

Jeff Williams, CEO of Aspect Security, a web application consulting company, says his team has grown 10 percent since last year to support his clients' growing reliance on mobile technology.

As companies focus on building custom applications for these devices, he says, "It is directly driving growth for application security practitioners, who are deeply involved in ensuring that policies and controls are set right."

High Demand

A catalyst behind the BYOD trend is the personal preferences of employees for devices other than those that companies have typically provided.

For example, until recently, HDFC Bank, an Indian financial services company, allowed its employees to use only Blackberry devices to connect to its corporate network because the bank perceived the devices to offer better security than other options. But last year, the bank, bowing to employee demand, began accommodating a variety of personally-owned devices.

Vishal Salvi, HDFC Bank's chief information security officer, believes the shift from a device-control approach to BYOD is inevitable and has created a new trend: "Instead of managing devices, [we're] managing the data and applications on these devices."

Therefore, many organizations now need more application security specialists to help ensure that every type of employee-owned device, and the applications running on them, is up to par in terms of meeting performance and security standards. "This can get daunting, especially when the program moves beyond iOS [Apple] and BlackBerry to operating systems with more variants," says John Pironti, president of IP Architects, a global IT security consulting company and an advisor with ISACA.

Another trend pushing the growth for application security professionals is the need for companies to invest in building their own mobile application stores. Employees want their user experience tailored to their devices. As a result, companies, in order to balance IT security requirements and their employee's needs, are building their own app stores.

For example, IBM has implemented an app store called WhirlWind as a way to deal with the operating system fragmentation that occurs when employees are allowed to use their own tablet or smart phone at work instead of receiving a company-issued device. IBM's store is a one-stop shop for Android, BlackBerry, iOS and Windows apps.

HDFC Bank plans to set up its own app store as well. Salvi predicts demand for application security professionals will grow as more companies like his build and distribute custom mobile applications. "I envision their role getting more defined in access control and in proper distribution of these apps," Salvi says.

When it comes to mobile apps, application security professionals typically are involved in writing custom code, designing controls and verifying that these controls are functional and work properly. However, as more companies build custom applications, "there will be greater collaboration and overlap of app professionals into areas like IT security, authentication, access control and encryption," Pironti predicts.

3 Must-Have Skills

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Investors Assess Corporate IT Security

In conducting due diligence, investors spend more time than ever assessing the cyber-risk posed by...

Latest Tweets and Mentions

ARTICLE Investors Assess Corporate IT Security

In conducting due diligence, investors spend more time than ever assessing the cyber-risk posed by...

The ISMG Network