According to Gartner (Forecast: Information Security, Worldwide, 2012-2018, 2Q14 Update) in 2014 organizations spent nearly $9.1 billion on firewalls and intrusion prevention systems and almost $2.4 billion for secure Web gateways. This $11.5 billion is massive when compared to their estimate of little more than $500 million spent on application security. And yet,its applications and their reliance on data are generally considered the most valuable enterprise assets.
Compounding the security threat to applications is the heavy reliance on mobile devices for access and the use of these mobile devices within the enterprise network. The BYOD growth has helped fuel some of the growth in this perimeter security spending increase, but perimeter protection simply won’t cut it in today’s intrusion landscape; applications need self-defense or as Gartner calls it, runtime application self-protection (RASP).
Also, if a mobile app isn’t properly protected, it is vulnerable to another pernicious attack, “trojanization”. Trojanization is where a cybercriminal takes a legitimate app and modifies it so that instead of the app performing the tasks originally designed for it, the app actually performs tasks for the cybercriminal such as stealing information from the mobile device. Trojanization is particularly a threat to Android devices because apps distributed through Google Play undergo a less strenuous vetting process and Android devices can also be set to download apps from sources other than Google Play.
Gartner sees RASP as an emerging security trend that will become critical in protecting applications. In their research report – Maverick Research: Stop Protecting Your Apps; It’s Time for Apps to Protect Themselves – Gartner predicts “25% of Web and cloud applications will become self-protecting, up from less than 1% today.”
This trend is important as today, viruses, Trojans, key loggers, and other harmful software are serious problems reaching smartphones, tablets, and other embedded systems. If your application is not sufficiently self-protected, it will be exposed to theft of sensitive data and intellectual property, reverse engineering/analysis, license checks removal, performance-loss, and unwanted behavior.
Runtime application self-protection is the next smart application security protocol. Make sure you’re ahead of the threats to your enterprise by thinking inside the box.