Security is still an afterthought with IoT and Mobile

A recent hack of the Nissan Leaf highlights the worst fears of companies racing to extend their businesses to IoT and mobile platforms.

From a browser far away from the vehicle itself, in a different country, a hacker was able to access data about the car and its owner, in addition to gaining control of the car’s HVAC system so he could turn on the heater, A/C or climate-controlled seats.

For those of us working in technology, the Leaf exploit is not surprising at all. You’ll find numerous similar examples of published exploits in automotive, retail, energy, social media, and numerous other sectors.

What is surprising is that we’re seeing the number of these exploits increase.

Security demands are not what they used to be

In the digital world, demands on security have changed. IT security pros are no longer tasked with protecting assets within a contained, closed environment. Today, important components of your systems hang off of public networks and share your most private information.

There’s the mobile app on your smart phone, the Fitbit tracking steps and sleep patterns, the telematics device in your car tracking how you drive, or even the car itself. All of these are sophisticated software elements operating “in the wild”, as it were.

And those elements need to communicate with each other, and almost always with server software doing heavy lifting like data storage, analytics, account management, and billing, either on premise or in the cloud.

And there’s the rub. Too many software and systems development organizations – comfortable with developing systems all nested safely behind firewalls on private networks – have little or no experience managing the risk of components outside of the firewall.

Worse, having lived in a protected bubble for so long, the risks often go unrecognized.

Reducing the number of exploits

I’m an API subject matter expert. My colleagues at CA Technologies and I have spent a lot of time building solutions that enable the development of new, secure digital channels that leverage mobile and IoT components.

CA Mobile App Services adds access control and security to both the public network-resident and server-side components of your new digital channels, so that you can continue to pursue aggressive development goals without lying awake at night worrying about your system getting hacked.

CA Mobile App Services solution is built on top of CA Mobile API Gateway, which is recognized by analysts as the market-leading solution for securing mobile, IoT, and cloud connect-in scenarios introduced by new digital channels development.

Features layer on top each other to first make sure the communication between the components of your highly distributed systems are secure, and then adds tools for developing great new digital properties, while still leveraging the secure foundation.

API management tools fill a gap for developers

API management solutions make it easy for developers to include essential components in an app that they either want (but don’t get due to current security restrictions), see as non-essential (but it is essential) or simply forget about.

These elements can include often overlooked security and application integrations.

If you are eager to learn more, go to to get started today. You can also download our brand new eBook, “Accelerating the Development of Enterprise Mobile and IoT Apps” to understand more about offering a better developer experience to your development team.

Greg is a Senior API Strategist for CA Technologies, providing top-level IT consulting services to…


Modern Software Factory Hub

Your source for the tips, tools and insights to power your digital transformation.
Read more >
Outsmarting Outages: Bloomberg Banks on SRE for ReliabilityBarrier Breaker: Erica Peterson Cracks the Code for Moms Entering TechDigital Transformation is a Virus That Business Execs Should Catch