Secure Mobile Application Development: Making the Business Case for App Shielding
In the increasingly crowded and competitive financial services market, financial institutions (FIs) are prioritizing mobile app development and the mobile user experience in order to maximize customer acquisition and retention. So why does it seem that secure mobile application development isn’t receiving the same amount of attention?
Cybercriminals are doubling down on their efforts to attack mobile users by exploiting security weaknesses in mobile devices and apps, with a particular focus on mobile banking. At the same time, consumers and business users are increasing their use of mobile services. According to Juniper Research, there are as many as 2 billion people (50% of the entire global banking population) using their mobile device for banking services. And we know that is not limited to bank apps; users have more choices for mobile financial services than ever, due to continued innovation and new competitors in the mobile financial services space.
As financial institutions confront these two trends, we are seeing DevSecOps take on the role of promoting secure mobile application development – especially when it comes to empowering banking apps to protect themselves through mobile app shielding. Mobile app shielding hardens a mobile app against attacks in hostile environments, such as compromised mobile devices, and automates real-time interception of malicious actions targeting a mobile app.
But, the value of app shielding extends beyond mitigating mobile threats on the client-side. To successfully make the business case, it’s important to be able to explain to the business how app shielding can also increase trust, improve the customer experience, and positively impact revenue growth, revenue retention, cost reduction, and cost avoidance.
Mobile App Shielding and Secure Mobile Application Development Helps FIs Grow and Retain Revenue
To cement competitive advantage in the mobile channel, banks and other financial services providers have smaller and smaller windows to bring new mobile innovations to market. While they need to move fast, taking shortcuts when it comes to mobile security only puts the business at risk, creating a bigger problem in the future.
Research suggests that mobile users who trust their financial institution to protect their personal, account, and payments information are more engaged and transact more in the mobile channel. App shielding, along with a comprehensive mobile app security program, greatly reduces mobile app security risks, which in turn increases trust in a bank.
For example, a Javelin survey of 300 financial institutions in France, Germany, the U.S., and the U.K. found that FIs whose customers trust the security of their digital offerings reported higher monthly usage of their online portals (8% higher) and mobile apps (5% higher). Having more engaged customers in turn leads to more revenue – in some cases, 72% more than branch-only customers.
In terms of retaining customers (and thereby revenue), cybersecurity concerns remain at the top of the list when people look for or consider switching to a new financial services provider. A study by Carnegie Mellon University researchers has shown that banking customers are more likely to end their relationship with a financial institution six months after an incident of unauthorized fraud occurs on their account.
While that conclusion seems self-evident, a common refrain is that consumers are becoming desensitized to security incidents. However, research suggests otherwise when it comes to financial services. Ponemon Institute’s annual Cost of a Data Breach study shows that of 17 industry sectors FIs that suffer a security breach see a higher customer churn rate in the aftermath of a breach. This is second only to healthcare.
Mobile App Shielding and Secure Mobile Application Development: Increasing Efficiency of Development and Security Teams
Regardless of how many mobile developers or security professionals you currently have on staff, there’s a good chance you wish you had more. In a Salesforce survey of 2,200 IT leaders around the world, 48% reported experiencing a mobile development skills shortage, and 47% reported a security skills shortage. With so many organizations operating short-handed, security deficiencies are only exacerbated by pressures to launch new features more quickly.
According to the 2018 DevSecOps Community Survey, 48% of developers report not having adequate time to spend on security. The same survey revealed that on average developers (mobile and otherwise) outnumber security staff 100 to 1. Security teams are spread thin in general and especially so when it comes to mobile app security expertise, which is less common than other disciplines.
Is it really any wonder then that 85% of 45,000 publicly available Android and iOS apps were found vulnerable to one of OWASP’s Top 10 Mobile Risks? There does not seem to be enough time in the day for developers and security teams to ensure secure mobile application development.
Any tools that can help save time for these teams will have a serious effect on the bottom line.
Tools might include mobile SDKs that drastically reduce the effort in integrating security and authentication capabilities into a mobile app. Automated testing throughout the software development lifecycle can catch security bugs earlier in the process when they are less expensive to fix and save the security team time for more in-depth penetration testing.
Finally, app shielding technology takes only minutes to deploy, does not require deep development expertise, and proactively defends a mobile app. This advanced protection safeguards against the latest mobile banking Trojans, reverse-engineering techniques, and more – going far beyond what the majority of organizations are capable of building internally.
Promoting Secure Mobile Application Development Today
Failing to invest appropriately in mobile app security creates a debt that must be paid in the future. To prevent this, savvy organizations are taking action now and applying mobile app shielding to their mobile apps. Using mobile app shielding with runtime protection, financial institutions are able to reduce fraud while also realizing efficiency in their IT security and development teams, thereby releasing a protected app without adversely affecting development schedules.
For more data points supporting the business case for app shielding, read Mobile App Shielding: How to Reduce Fraud, Save Money, and Protect Revenue.