I've seen that "stale" or "dead" apps, as well as devices that run on outdated operating systems, are emerging...
as an enterprise mobile security concern. What are the issues caused by outdated apps and old OSes, what is the best way to deal with them, and how can enterprises detect when users have dead apps on their mobile devices?
Outdated apps or OSes have been an issue since the first applications were deployed on computers. One of the benefits of mainframes was that only the single mainframe itself needed to be updated. But in the current scenario today, all client systems and some servers need to be updated, along with the software on those systems. The difficulty in keeping an accurate inventory of systems and applications is that keeping the applications updated -- or even uninstalling an app -- contributes to dead apps staying on a device or system much longer than desired. Enterprises have tried to manage PCs -- and to some extent, Macs -- using centralized management tools like Microsoft's System Center Configuration Manager, Dell KACE, IBM's BigFix and others that push software updates for applications or new OSes. Enterprises try to keep up with security patches and new functionality and stay in licensing compliance by using these tools. Virtually every security standard or best practice recommends, for good reasons, that all enterprise apps have current security patches in place.
Mobile devices have the same challenges; they have a different model and typically use an app store provided by the OS developer or device manufacturer, but there are similar enterprise mobile device management products like AirWatch, Good, MobileIron and others that fill in the gaps from app stores. Enterprises can use these tools to centrally detect when users have outdated apps or dead applications on their mobile devices, but this typically requires the end user or IT department to manually install the management tool on the device. Once the MDM is installed, the devices can be secured to meet the enterprise's security policy.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Discover why enterprises should update their applications and security policies after Heartbleed
Read more on why security updates can be difficult to manage
Find out if state-sponsored malware attacks on mobile devices can be traced
Dig Deeper on Microsoft Patch Tuesday and patch management
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading