In its Interagency Report 7695, the National Institute of Standards and Technology (NIST) defined an application as “a system for collecting, saving, processing, and presenting data by means of a computer.” This broad term covers enterprise applications, consumer applications, and even phone apps. Security is important in all these types of applications, but the focus is not always the same. Let’s explore how below.

How Security Differs Across These App Types

Enterprise applications are applications used by businesses and corporations, and they are often required to meet compliance standards like PCI DSS and HIPAA. As such, there can be legal and financial issues if their software is knowingly left unsecure. Take an organization’s Point-of-Sale (POS) systems as an example. Some organizations might link these systems to other enterprise applications that lack proper PCI protection. If they do, they could incur penalties such as monetary fines and damage to their reputation.

For another example of an enterprise application, consider an organization that’s responsible for protecting patients’ protected health information (PHI). It’s their obligation under HIPAA to store that information securely and to prevent unauthorized individuals from obtaining access to that data. Transmitting PHI via a public fax line or via unencrypted emails does not uphold their compliance obligations and thereby puts them at risk of incurring a HIPAA violation fine.

These security requirements change with consumer apps and phone apps. Programs in the former category do not generally get the same security scrutiny as enterprise applications, so they come with fewer compliance obligations. And phone apps have the lowest security of all.

Why Application Security Is Lacking

Not all organizations are too concerned with their applications’ security these days. Provided below are a few reasons why:

  • Time to market is king: Amid the ongoing IoT craze, every (Read more...)