The perimeter of the enterprise is disappearing. What happens to Security?
Sramana Mitra: Let’s start by introducing our audience to Appthority and to yourself.
Anne Bonaparte: I’m CEO of Appthority. Appthority is a venture-backed company. It’s a mobile security company and we’re focused on protecting what matters most in the enterprise context, which is enterprise data and employee privacy. As we all know, we can’t live without our phones, both for personal and business use.
Because of that, we have not just a very strong tool but also a tool that can be weaponized against the enterprise. Appthority was founded to be able to assess the risk that is being brought into the environment with their mobile phone. We provide a platform for enterprises.
Sramana Mitra: What is the architecture? Where do you get inserted into the system?
Anne Bonaparte: Our thesis is that the greatest threat vector coming from the mobile ecosystem is from the mobile apps that we all use day in and day out. It’s really the apps on the phone that are the greatest threat. Of course, you have the devices itself, the operating system, the network, and the app.
We protect all of those, but where we’ve been focused from the beginning is deep analysis of mobile apps and what they’re doing from both a static analysis as well as dynamic analysis to really run them through the paces to understand what kind of information they are collecting, what kind of calls they are making, and how they are using data. We are all about protecting the data.
As you know, with the whole app ecosystem that we have created as an industry, many of these apps are collecting way more information than individuals or maybe enterprises might be aware of. We do all of our analysis in the cloud so we can assess what apps are on the phone and then we do the analysis on the cloud. It’s a very light touch for the mobile phone itself.
Sramana Mitra: What are some of the heuristics of what you look for in the architecture that you described? What are some of the heuristics of what you’re looking for in terms of threats?
Anne Bonaparte: Of course, we’re looking for malware. We’re also looking for behaviors that may be problematic. It could be credentials access. It could be sensitive data access like PII, calendar or location. We’re evaluating secure data handling for use of encryption and understanding whether the data storage being employed is secure. Then because we’re doing this in-depth analysis, we’re also able to check it against policy compliance.
Each enterprise has a different framework for how they evaluate regulatory compliance. We have about 170 threat indicators we’re checking against. We have these templates that companies use to be able to test their mobile apps against their already existing compliance policies. They’re able to, not only have a high security test, but also ensure that they’re meeting their regulatory compliance.