Video Interviews 

Mobile App Security: Why It’s Still the Weakest Link in Enterprise Defense

Avatar photo by Alan Shimel on October 6, 2025

Alan Snyder, CEO of NowSecure, discusses the growing challenges and overlooked risks in mobile app security. Despite the explosion of enterprise mobile use, Snyder notes that mobile applications remain one of the most under-secured components of modern IT ecosystems.

Snyder, who has spent over 15 years in mobile app and mobile security companies, traces how the attack surface has evolved alongside the mobile economy. Organizations have become increasingly dependent on third-party and open-source components, mobile SDKs, and cloud integrations—all of which can introduce vulnerabilities that traditional AppSec tools fail to catch.

One key issue Snyder highlights is the mismatch between mobile development speed and security oversight. As businesses race to deliver new apps and updates, security testing often lags behind. This creates blind spots—particularly in permissions, data privacy handling, and API interactions—that attackers are eager to exploit. The problem isn’t limited to consumer apps; enterprise tools and internal applications face the same risks.

Snyder also points to the growing need for automation and continuous testing in mobile DevSecOps. Manual scanning and static testing can’t keep up with today’s mobile release cycles. Instead, organizations need security integrated directly into development workflows, using real-time analytics and AI to detect and remediate vulnerabilities before deployment.

The conversation reinforces a larger truth: while cloud and endpoint security dominate headlines, mobile remains a critical—and frequently neglected—vector for breaches. As Snyder puts it, mobile is where users and data meet, and where security must now evolve fastest.

Alan Shimel , , ,
Avatar photo

Alan Shimel

Throughout his career spanning over 25 years in the IT industry, Alan Shimel has been at the forefront of leading technology change. From hosting and infrastructure, to security and now DevOps, Shimel is an industry leader whose opinions and views are widely sought after.

Alan’s entrepreneurial ventures have seen him found or co-found several technology related companies including TriStar Web, StillSecure, The CISO Group, MediaOps, Inc., DevOps.com and the DevOps Institute. He has also helped several companies grow from startup to public entities and beyond. He has held a variety of executive roles around Business and Corporate Development, Sales, Marketing, Product and Strategy.

Alan is also the founder of the Security Bloggers Network, the Security Bloggers Meetups and awards which run at various Security conferences and Security Boulevard.

Most recently Shimel saw the impact that DevOps and related technologies were going to have on the Software Development Lifecycle and the entire IT stack. He founded DevOps.com and then the DevOps Institute. DevOps.com is the leading destination for all things DevOps, as well as the producers of multiple DevOps events called DevOps Connect. DevOps Connect produces DevSecOps and Rugged DevOps tracks and events at leading security conferences such as RSA Conference, InfoSec Europe and InfoSec World. The DevOps Institute is the leading provider of DevOps education, training and certification.

Alan has a BA in Government and Politics from St Johns University, a JD from New York Law School and a lifetime of business experience. His legal education, long experience in the field, and New York street smarts combine to form a unique personality that is always in demand to appear at conferences and events.

alan has 171 posts and counting.See all posts by alan