Home Interviews “Smart technology for automated coding is the answer to securing mobile apps”

“Smart technology for automated coding is the answer to securing mobile apps”

Tom Tovar is CEO and co-creator of Appdome, the mobile industry’s first no-code mobile solutions platform. Prior to Appdome, Tom served as executive chairman of Badgeville, an enterprise engagement platform acquired by CallidusCloud; He was also the CEO of Nominum, a DNS security and services provider that was acquired by Akamai; and chief compliance officer and VP of corporate development and legal affairs at Netscreen Technologies. He began his career as a corporate and securities attorney with Cooley Godward LLP. Tovar also holds a JD from Stanford Law School and a BBA in finance and accounting from the University of Houston.

 In an exclusive interaction with Augustin Kurian of CISO MAG, Tom talks about the trends in cybersecurity startups, the no-code model adopted by the company and several initiatives and partnerships of Appdome.

 You began your career as a corporate and securities attorney with Cooley Godward LLP. You then moved to Netscreen Technologies before starting a few of your own ventures. Tell us a bit about your journey in the information security domain.

That’s right. As a lawyer in Silicon Valley, it doesn’t take long to zero in on risks and strategies needed to preserve intellectual property, and the value of data and user privacy. To get these parts right, you have to understand the systems that protect all the elements of the value chain. NetScreen’s market-defining firewall-protected the enterprise perimeter, as well as the data and users behind it. Today, Appdome focuses on securing mobile apps inside the enterprise and in the public consumer markets. As consumers and digital workers, we all use mobile apps to conduct our work, enjoy mobile commerce, as well as share and learn from one another. Our data flows into the mobile apps we use at work and at play. Breaches, compromised processes, loss of data, identity theft, or hacked code; APIs and SDKs threaten how we use our apps. Appdome created a one-of-a-kind solution that secures the mobile data, code, connection and user in seconds, adding the highest levels of security without work, source code, IP or privacy risks.

You have closely seen the startup culture in the information security industry. You helmed major startups which were later acquired by other major infosec tycoons. Can you elaborate on the current startup scene in the cybersecurity industry?

The security market has grown into one of the most dynamic and exciting spaces ever. And when you think about it, it has to be. Threats to digital and mobile economies evolve at lightning speeds. Entrepreneurs and start-ups have to step in to close the gaps. I like companies that leverage A.I., data, and crowdsourcing to deliver solutions that customers need. Customers will continue to reward innovation, for fast outcomes and systems that work. The highest growth potential rests with those start-ups that can combine all three into a single offering. That’s what excites me about Appdome.

What are your tips for budding cybersecurity professionals who want to jump on the entrepreneurial bandwagon?

First of all, do it. Innovation comes from people and the market needs more people stepping forward to start companies. To be successful, look at the market. The companies that are winning are solving something worth solving. They’ve zeroed in on a problem that’s real, pervasive and persistent. They’ve also delivered something that is unique to them. Customers teach each company where to go and what to do next, but the entrepreneur has to take the first step.

One of the biggest concerns at endpoints is securing the mobile app’s APIs. Tell us about how Appdome is securing the mobile app’s APIs with AI and no-codes.

Inside each mobile application rests a treasure trove of business, backend, and user data. Mobile APIs are a big part of that story as developers rightly use APIs to enrich mobile applications for all of us. For example, at this year’s Money 2020 trade show, I saw so many awesome API-based services for everything from biometric authentication, to customer engagement and more. Appdome’s SecureAPI™ secures APIs in mobile apps in minutes, protecting the API itself, as well as the credentials used, and the payloads delivered by the API into mobile apps. Appdome’s SecureAPI™ does not rely on a gateway or highly specialized security development expertise. Users simply click a button to encrypt and shield all the API fundamentals (API URLs, Keys, Secrets, etc.), as well as protect API payloads in motion.

The U.S. Navy’s MyNavy Portal Mobile App using Appdome was one of the news that made headlines early this year. How does Appdome fare against state-sponsored actors considering the U.S. Navy would always be targeted by other nations?

Appdome is honored to provide the U.S. Navy military-grade security for the My Navy Portal mobile apps. We helped them deliver the project faster, with better security than originally scoped. Our technology ensures the Navy, and all of our other customers have the highest levels of security to protect them from all bad actors.

Tell us a bit about the anti-bot services of Appdome and even that doesn’t require coding?

Appdome has a phenomenal partnership with F5 Networks to defend mobile businesses against bots. F5 Anti-Bot SDK does the heavy lifting to protect the mobile backend from bots, while Appdome does the heavy lifting to secure the mobile client from tampering, reversing and debugging. It’s a fast, easy-to-use, end-to-end solution that helps F5 customers defend their mobile businesses without doing any manual coding. Like all of our solutions, Appdome for F5 Anti-Bot is compatible with all native, non-native, and hybrid Android and iOS apps.

This brings us to the last question. A lot of services from Appdome are no-code. Why is that? Do you think no-code formats must be an industry standard?  

The best technologies help us do more in our work and daily lives. That’s why all features, SDKs, APIs and mobile standards available on Appdome are 100 percent no code out-of-the-box. Manually building or coding security into apps takes a lot of time and expertise. Security researchers and engineers are highly specialized professionals. So, it’s easy for the rest of us to fall behind, make mistakes, and more. Appdome believes that using smart technology to perform automated coding is the answer to securing the world’s mobile apps. Build by build, app makers can use Appdome to build standard, self-adjusting, templates of mobile security features into mobile apps with the click of a button. Appdome ensures that mobile security objectives will be achieved no matter how the app, OS, SDK or API changes.

Augustin Kurian is part of the editorial team at CISO MAG and writes interviews and features.