With the world moving towards mobile technology, the buzzword that has garnered attention is "app". Increasingly, there are apps available for almost every daily activity that one does, at their fingertips. The more apps one uses, the more they open up for cyber attacks. "The security landscape is at a very aggressive state right now," says Himanshu Dwivedi, Founder and CEO of Data Theorem. "Hackers, governments, and corporations are all very active in cyber security and cyberattacks, as compared to 1990s." No longer are just a user's credit card or social security number at risk, but by using mobile apps, a user's private pictures, SMS messages, call logs, contact lists, and possibly their health information could all be exposed to attackers. Dwivedi believes that offensive tools and techniques used by hackers are far wider, more available, and cheaper than the defensive tools employed.
In order to provide defensive solutions, cyber-security companies must develop targeted technologies instead of being jack of all trades. This is the reason why Data Theorem caters only to the security needs of mobile apps. Data Theorem performs static analysis of the binary code, dynamic analysis of the application, and an app logic analysis to all the user flow. Data Theorem's model allows their customers to keep existing developer practices intact, with little impact to speed and performance, and baking security into the app. "Essentially developers do what they do best i.e. write code, and we do what we do best i.e. analyze the app, flag issues, and make sure the security holes are fixed," remarks Dwivedi. "Scanning and securing mobile apps on every release is now just as simply as watching a movie on Netflix. Simply sign-up and review the results, no heavy lifting required."
Data Theorem also provides third party attestation for mobile properties, known as Data Trust. The Data Trust certificate attests to the ongoing security and privacy program for a given application. The certificate allows the companies to provide assurance to their customers about the ongoing efforts to protect customer data. "Data Trust allows customers to market the ongoing efforts to protect data within mobile apps," expounds Dwivedi. There is also a lack of developer level solutions when a security issue is encountered. Realizing this need Data Theorem came up with "Secure Code". It provides developer level code fixes in Objective-C, Java and C#.
Dwivedi also emphasizes on the need to stay ahead of their customers instead of following the clich'd thought of walking into your customer's shoes. "We have commercial apps in the app store, which is not related to our company. This allows us to face the issues our customers face before they do, learn from such experiences, and build solutions to solve these problems," explains Dwivedi. Once the company encounters an issue, Data Theorem already has a fully functional, ready-to-use solution, months before a customer might face the same issue. When a Fortune 50 customer was affected by a well-known security issue that unfortunately allowed customer data to be exposed to unauthorized remote attackers, Data Theorem was able to find this issue before the app was released to the production app store. "We were able to supply the code to fix the issue, before it reached production and exposed customer data," exclaims Dwivedi.
Dwivedi strongly believes in creating a more challenging environment within the company than what customers may provide. "If one trains in tougher conditions than what may appear in the real world, most barriers to success can be blown away when faced with actual road blocks," maintains Dwivedi. With this attitude, Data Theorem is embracing the mobile app environment and getting ready to tackle security and privacy issues that wearable technology will bring along.