A colleague just received an “Urgent Security Alert - Action Requested” email from Nest (see the image below). At first glance it looked like either a phishing attempt or one of the way-too-often breach notifications we all receive these days.
Adhering to best practices, operational discipline and emerging standards in both web and mobile applications is paramount to to staying ahead of the cyber criminal. Thorough benchmark reporting, OTA continues to discover misconfigured servers and mobile apps which are vulnerable to abuse. As mobile usage and application development continues to grow, the need to adopt best practices in data security, app security and privacy have been highlighted. In an effort to aid site and app developers while enhancing online trust, consumer protection, and regulatory compliance, OTA has provided the resources and best practices. As learned in the development of website and software applications, developers can overlook basic standards and guidelines and fail to uniformly apply and maintain them between versions and device platforms. Creating a security and privacy discipline including robust integration from inception throughout an app's life-cycle pays long-term dividends to a company and to its users. Note as the landscape is rapidly evolving, developers need to conduct their own review for regulatory compliance.
These resources serve as a tool to help developers understand the criteria in which their applications will be evaluated in the 2014 Online Trust Audit & Honor Roll. OTA’s 2014 Audit tracks current guidelines and will evaluate and score apps against leading best practices. OTA recommends brands and developers move from a minimal compliance point-of-view to one of stewardship, making security and privacy a competitive business advantage. As outlined, it is paramount that developers implement adequate security controls, provide appropriate notification and understand privacy implications and boundaries of collection and use of data