Discover Performance

HP Software's community for IT leaders // November 2013

5 questions for real mobile security

In the fast-changing mobile ecosystem, you’ll need the answer to these questions to inspire a security strategy that fits your business.

The bottom line

What: Mobile represents great business opportunity—and security risk. The challenge is to maximize one and minimize the other.
How: Five key questions will help you formulate a mobile-app security strategy.
More: Download the free, original ebook “Mobile software security done right” (reg. req’d).

Threats and vulnerabilities targeted toward mobile devices are on the rise. Today’s security-conscious users will hold someone accountable for every security misstep they encounter—even if that accountability is ultimately misplaced.

The repercussions of a real or perceived security blunder can be devastating. To avoid landing in the crosshairs of angry mobile device users, your organization needs to plan ahead, creating a mobile app strategy that offers the best protection for the business and for users.

Jacob West, CTO of HP Enterprise Security and head of HP Security Research, has written an ebook on the primary considerations of mobile security, in which he sets a foundation for a robust, cost-effective mobile applications security strategy. The key, he writes, is for the enterprise to ask—and answer—the following five questions:

1. Why is mobile security an imperative?

The global shift from traditional desktop computers to mobile devices has made mobile the major area of growth for IT and development investment. Organizations that fail to properly consider mobile security requirements are taking a tremendous risk.

2. Who will users hold accountable?

As mobile breaches increase, users will surely look for someone to hold accountable. Who will pay the price?

  • App owners: While not the only choice for blame, it is the most obvious.
  • App developers: Savvy users may figure out that the logo on the app is not necessarily who’s at fault for the offending security errors.
  • Network service providers, device manufacturers, and OS authors: Not all users understand the mobile marketplace and, as a result, may place the blame for security oversights in unlikely places.

3. What platform strategy makes sense?

  • Native vs. hybrid: In the early days of smartphones, a lot of companies jumped straight into native app development, and faced a corresponding multitude of security challenges as a result. Companies are wising up and choosing non-native app development instead.
  • Delivery: Increasingly, the app store is going to be the control point for mobile security. This differentiator will impact not only commercial app stores, but also enterprises that want to provide secure apps for their workforce.
  • Programming language: While security issues won’t be the only factor in your platform decisions, complications with mobile development languages are a major driver pushing enterprises back to mobile-optimized web applications.

4. Where should you develop your mobile apps?

Few companies today write all their own code, but the outsourcing vs. in-house development question is growing more complex. You’ll need to weigh the pros and cons of each option to know which will provide the best tradeoff between cost, control, speed, and security.

5. How do we build secure mobile apps?

Building securely in the mobile world isn’t terribly different from security for traditional application development. Organizations with a high level of security maturity can easily transfer their expertise and assurances to mobile app development. The trick is knowing where you fall on the maturity continuum.

  • Level 1—Reactive: A small central team assesses and remediates code. 
  • Level 2—In place: Security practices are applied to code before production.
  • Level 3—Proactive: Security best practices are instilled into software methodology now and in the future.

To dive deeper into mobile security, download the free, original ebook “Mobile software security done right” (reg. req’d).


IT leader assessment

This tool evaluates the correlation between IT attributes and business success and, based on how your answers compare with average scores, will advise you where to invest in IT.

It is based on data HP collected from 650 global companies about a range of IT characteristics (server capacities, approach to information management, security, BYOD, etc.) and how they correlate to revenue gain. This assessment will compare your answers to the average scores in that study.

There are 12 questions that will require an estimated 10 minutes of your time. You'll receive a summary of your rating upon completion.

Let's get started

Please select an answer.


Your answer:
Your score:
Average score:
Revenue leaders' score:


Please select an answer.



Your score:
Average score:
Revenue leaders' score:

Get detailed results:


Popular tags


Discover Performance Weekly

HP Software’s Paul Muller hosts a weekly video digging into the hottest IT issues. Check out the latest episodes.

Enterprise 20/20

Security 20/20

Preparing today for tomorrow’s threats.

Introduction to Enterprise 20/20

What will a successful enterprise look like in the future?

CIO 20/20

Challenges and opportunities for the CIO of the future.

Dev Center 20/20

How will we organize development centers for the apps that will power our enterprises?

Marketing 20/20

Welcome to a new reality of split-second decisions and marketing by the numbers.

IT Operations 20/20

How can you achieve the data center of the future?

Employee 20/20

What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.

Mobility 20/20

Looking toward the era when everyone — and everything — is connected.

Data Center 20/20

The innovation and revenue engine of the enterprise.

Read more

HP Software related

Most read articles

Discover Performance


Tweets @ HPSecurity