TL; DR: NowSecure, a Chicago-based mobile security provider, is on a mission to save the world from unsafe mobile apps. The company delivers the tools and data necessary for users to verify safety on apps they’ve built, apps they use, and those on the devices of their customers and employees. By providing a fast, easy, and cost-effective solution, NowSecure helps businesses and mobile app and site-building teams establish and grow scalable security programs.
In 2017, the media analytics company Comscore announced that mobile app usage had officially surpassed that of web applications in the United States.
Just two years later, in 2019, the company presented data showing that mobile apps — not browsers or desktops — account for 70% of the time Americans spend with digital media.
Unfortunately, where users go, hackers follow. In the mobile arena, they’re leveraging vulnerabilities to steal personal information from smartphone users worldwide.
“The bad guys are really going for it out there, surveilling users and collecting data from smartphones,” said Brian Reed, Chief Mobility Officer at NowSecure. “The amount of data they can harvest from your phone dwarfs the data on your laptop. Think about it: Apps have geolocation functionality, they have sensors, and they share information with one another.”
NowSecure, a mobile-first app security provider, is working to make rapid, consistent mobile security testing both cost-effective and reliable for all. Users can determine the safety of the apps they’re building and using with the company’s full suite of mobile security solutions, designed to provide a fast and reliable path to continuous security.
The company’s range of options include everything from automated security testing within the software development life cycle (SDLC) to intelligence on a broad array of security threats, compliance gaps, and privacy issues. NowSecure customers can choose automated software hosted in the cloud or on-premises, professional penetration testing and managed services, or a combination of products and services.
Enterprises, financial institutions, retailers, healthcare providers, and government agencies worldwide currently trust NowSecure to make mobile app security testing easier to scale than ever before.
Pioneering the Mobile App Security Space Since 2009
NowSecure has specialized in mobile security for more than 10 years. The company was founded by Andrew Hoog and his wife, Chee-Young Kim, in 2009. At the time, iPhones and Android devices were just making a splash in the world of IT communications.
“Our founder was working as a CIO inside of a large global packaging and distribution firm a role focused on early technology adoption,” Brian said. “At the time, banks were very BlackBerry-centric, so he began working with iPhones and Androids to discover what the technology meant for the business.”
In his role at the firm, Andrew realized the extent of the data being collected and shared through mobile apps — and the lack of protections. Determined to take matters into his own hands, he left the company so he and his wife could establish NowSecure as a mobile forensic company.
“At that point, he was working with federal agencies and banks on everything from lost-device data recovery to corporate employment and legal issues,” Brian said. “He realized there was a real business there he could grow and scale, so he evolved the mobile forensics business into a mobile pen-testing business.”
As banks and retailers began building mobile apps for transactions, NowSecure started creating penetration-testing software.
“The team used open source and created our own open-source tools until 2015 when a light bulb went off, and they decided to build commercial software,” Brian said. “Today, we are a full-service mobile application security testing company. We offer software services, pen-testing, forensics, training, and automated testing tools. Our customers use these tools to test the security, privacy, and compliance of the mobile apps they build, as well as that of the mobile apps they download from Google Play™ or the Apple App Store™.”
Using Pen Testing to Inform Better Software Automation
The NowSecure team grew in step with the expanding app scene over the years. As of the fourth quarter of 2020, Google Play was the largest mobile application store, with 3.14 million apps for Android users to choose from. Coming in second place, the App Store offers 2.09 million iOS applications.
“There are approximately 5 million apps in the App Store and Google Play alone,” Brian said. “Then there are somewhere between 20 and 40 million mobile apps built by companies for internal use that never make it into an app store.”
Faster, more agile development cycles mean some of these apps are updated quite frequently. While multiple releases mean new features and bug fixes, Brian said they also present new risks.
“With each software update, you can also get new security holes, new backdoors for attacks, and bad guys chasing new exploits,” he said.
Brian said it wouldn’t be possible to start a business like NowSecure today because it took 10 years on the road building a giant database of security, privacy, and compliance information on more than 5 million apps.
“That’s a huge level of intelligence that we have in turn built into our software solutions,” he said. “And some of our technology was created when iOS and Android were less locked down, so it would be difficult to come up with the same secret sauce that we have.”
NowSecure’s vision is to become somewhat of a global safety organization — as Brian put it, the Underwriters Laboratories of the mobile technology industry — that mobile developers and site-building teams can turn to for guidance.
The SOC2-certified company is well on its way with recognition as a global leader via the 2019 IDC MarketScapes for Mobile Application Security Testing vendor assessment. NowSecure was also named a DevSecOps Transformational leader by Gartner in 2020.
Expert-Driven, White-Glove Services Around Advanced Tech
NowSecure offers a wide selection of privacy and security testing automation tools and risk assessments. Strategic combinations of these tools can be used to create mobile application security programs tailored to each customer’s needs.
“We’re not a drive-by product technology company — we’re here to provide our customers with expert-driven, white-glove services wrapped around very sophisticated technology,” Brian said.
“For example, I was just on a call with a company that we’re helping upscale what’s been a very piecemeal approach to mobile security. Our goal is to ensure all of their development teams have a solid security baseline.”
The company works with its clients’ existing infrastructure, whether they’re running on legacy systems or wish to leverage a mix of cloud solutions. Banks, for example, may have a setup where a mobile application is communicating with a more traditional backend.
“The hypothetical Giant Bank Inc., for example, is still not moving its customer transactions to the cloud,” Brian said. “But we have other customers like iRobot who makes Roomba, where the mobile app talks to my device through wifi through a cloud service. All of that has to be secured.”
Up Next: A Focus on Mobile IoT and Autonomous Security
As for what’s on the horizon, Brian predicts an increased focus on securing the internet of things (IoT). He said that smart home automation and devices have skyrocketed in popularity due to pandemic-related lockdowns.
“The amount of home IoT in 2020 roughly doubled compared to the year before in terms of purchase and deployment,” he said. “So now you’ve got a bazillion endpoints at home, and even companies are deploying IoT infrastructure for office management because nobody’s there. The same applies to production lines — businesses are putting robots run by mobile apps in factories to assist with social distancing.”
Businesses leveraging such technology will need to turn to companies like NowSecure to mitigate sophisticated attacks on the mobile apps powering them.
“Unfortunately, there are bad guys chasing mobile IoT as well,” Brain said. “You have to think about the implications if someone is intercepting my autonomous car or remotely turns off electricity to damage freezers storing vaccines. The attackers are getting more and more sophisticated. We have to ensure everyone stays safe.”