Mobile technologies have been a part of our world for decades, but, with the proliferation of technology like smart phones and tablets that have access to corporate networks while users freely install non-corporate-approved third party applications, the risks to our client's organizations have changed.
Organizations have embraced mobile technology as it drives productivity throughout their connected workforce; however the threats have grown and IT and security professionals recognize the potential impact this technology will have on overall security, compliance, and risk.
NetSPI understands the security implications of mobile technology on your enterprise and provides a comprehensive suite of services to address application, system, network, and program-level considerations. We have a range of experience working with iOS, Android, Blackberry, and Windows Mobile devices and applications.
Advisory Services
Mobile Device Security Strategy. Not every security requirement fits neatly into a predefined project, particularly when working with technology that's often new to the enterprise environment. That's why NetSPI offers client-driven Strategic Security Services that fit your mobile technology and solution adoption. This customized security consulting can include a wide range of needs including policy and program strategy and development, establishing training requirements, and risk evaluation.
Mobile Application Security Architecture. While most organizations are impacted by the explosion of mobile technologies used within the boundaries of the enterprise, many companies are also developing mobile applications, either for internal use or as a customer-facing product or service. As with any development initiative, standardizing on a security framework and identifying application requirements for confidentiality, integrity, and availability is a key step in ensuring that the data managed by the application is kept secure. In order to achieve this goal, NetSPI offers application architecture strategy guidance. This consulting service will help your organization to develop a security strategy that will help you ensure strong and consistent security features across your full range of mobile applications.
Assessment Services
Mobile Application Security. NetSPI can help identify and mitigate risk through an in-depth assessment of your mobile applications and third party applications that support mobile deployments and integration into your corporate environment:
- Mobile Application and Web Services Penetration Testing
- Static code analysis of mobile applications and web services
- Security architecture review
- Database assessment
NetSPI focuses not just on the technical aspects of the mobile applications that we assess - we incorporate controls and context that go beyond the technical specification, including data-flow analysis and mobile-focused threat modeling, to make certain that our findings are relevant to your business and to your environment.
Mobile Device Security. As important as application security is to the mobile world, the devices themselves (and the systems that support them) are also potential security pitfalls and NetSPI is able to provide a comprehensive and holistic approach that incorporates these critical areas through:
- Mobile Device Penetration Testing
- Device configuration review
- Mobile implementation review
- Threat Modeling
These services are essential for corporate clients that need to ensure that the implementation of any mobile platform or broader management system does not create additional risk for the organization.
Compliance Assessment. Many organizations that are addressing mobility within their environments must also cope with security compliance requirements that may be impacted by the inclusion of mobile technology and applications. NetSPI's status as a PCI QSA, PA-QSA, our experience with large financial services companies, and our strong focus on HIPAA and HITRUST allow us to assist our clients as trusted advisor's (as well as auditors) that can help address mobility and its impact on their compliance strategy.
