Mobilizing Security Failure

by

Legendary football coach Vince Lombardi once said that "Winning isn't everything; it's the only thing." But decades after Lombardi's Green Bay Packers dominated the NFL, a new slogan joined the sports lexicon - "moral victory."

A moral victory, as best I can tell, is the "power of positive thinking" approach to the loser's lament. Rather than suffer in indignity and wallow in self-pity, the losers bolster their efforts in their own minds by trying to find the "good" that came from the loss - whether it's an improved performance or a great effort. I don't know; to me, it still sounds like a loss.

Many corporate IT departments have taken a similar approach when it comes to allowing employees to link their smart phones and tablets to the corporate network. They've accepted the inevitability of "Bring Your Own Device" - aka BYOD - while making it seem like a posittive for the company and its employees. A recent article in The New York Times notes that Kraft Foods now gives its employees stipends and they can select whatever laptop they want from Amazon.com, Best Buy, Apple or any other retailer.

Comfortably Numb

Clearly, IT departments are hoping that the more comfortable employees are with their devices, the more available and productive they will be. An important side effect of this trend is that companies such as Dell and HP have suffered because they have always relied on corporate IT departments making massive purchases of laptops, desktops, servers, storage devices and peripherals to make their numbers.

A similar phenomenon is happening on the software side. Solutions such Google Docs, Dropbox and Skype are gradually finding favor in businesses, threatening the hegemony of Microsoft Office and similar enterprise applications.

On the security side of this equation, security software leaders, such as McAfee and Symantec, have recognized there’s an opportunity to protect mobile devices from malware that can read text messages, contacts and other company/personal information and/or add charges directly to mobile phone bills.

At the moment, the security vendors are ahead of the hackers. Mobile hacking is not yet a pervasive issue, but as applications such as mobile shopping and products such as Google Wallet become increasingly commonplace, hackers will “follow the money.”  A few instances of mobile hacking show the potential harm to users and merchants alike.  Last year, for example, more than 260,000 Android users were hit by DroidDream malware, which pirated 80 applications and allowed the hacker to remove any information that was stored on infected devices.

Another Brick in the Wall

One component of achieving high-quality, effective mobile security is ensuring the underlying software quality of the apps is structurally sound. This is critical for app developers and device manufacturers alike. High software quality enables developers to meet their deadlines and avoid costly launches, helps the app functions as well as it should and assures the app is as easy to maintain as possible.

Development teams should think about three types of software quality when evaluating their work.

  1. Functional quality measures if the software does what it’s supposed to do
  2. Non-functional quality calculates how well the code performs the tasks it was designed for, and
  3. Structural quality looks at how well the software will continue to perform moving into the future.

Using a comparison to a house, functional quality are the parts you see - the number of rooms, the paint on the walls, and whether or not the windows and doors work.   Non-functional quality might be a measure those things you cannot see - wiring, plumbing and insulation. But structural quality is the most critical; it’s the measure of how well the house is built, such as where load-bearing walls are placed, are the materials being used up to current code, are all the joints properly fastened and similar questions.

Just as security for mobile devices and content is a new frontier, evaluating and ensuring structural quality is also a new concept. But as both consumers and business users increasingly move critical apps and content onto smartphones and tablets, structural quality becomes increasingly important.

Savvy mobile app developers and device makers will recognize the importance of structural quality and use it as a competitive differentiator in the very near future.  If executed properly, staying on top of structural quality will mean failure is not an option.

Filed in: Technical Debt
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom
Jonathan Bloom Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|