Company sales grew over 50%, processed more than 2 million mobile app assessments of the most used enterprise apps, launched 7 offerings and advanced industry standards and the open-source community
CHICAGO – Feb. 9, 2022 — NowSecure, the leading standards-based mobile app security and privacy software company, today announced record results for calendar year 2021. Enabling organizations to deliver secure mobile apps faster, NowSecure empowers thousands of mobile app developers, security analysts and mobile DevSecOps pipelines with the industry’s only full suite of mobile app security testing software, training and pen testing solutions. Overall customers reported 30% improvement in release times and 30% reduction in security vulnerabilities. Across all facets of the organization, NowSecure experienced tremendous growth in 2021 cementing its leadership position as the experts in mobile application security.
Massive Mobile App Economy
2021 saw more than 200 billion mobile apps downloaded with the Apple App Store and Google Play swell to some 6 million total apps including 1 million new or updated ones. Mobile apps dominated with 70% of all digital time spent in mobile apps vs. web apps. Organizations are mobilizing their employees and customers at an ever-increasing rate, with nearly all of the Fortune 1000 offering mobile apps in public app stores for customers and employees together generating over $170 billion in mobile revenue. In fact, research shows that mobile leaders in the F1000 grew market value 15% faster than mobile laggards.
But attacks and breaches also grew alarmingly in 2021 — Amazon Ring, Apple iMessage, Park Mobile, Slack and U.S. Customs and Border Protection all experienced major mobile app security incidents. The mobile app industry has a way to go to improve security as shown in the the NowSecure MobileRiskTracker™ —85% of tested apps have security vulnerabilities and 70% leak private data while software supply-chain attacks grew 650% in 2021, further compounding the challenges for mobile app teams. Mobile app vulnerabilities expose organizations to a myriad of brand risk, revenue loss, organization disruption, shareholder loss, legal issues and compliance fines. These mobile marketplace risks and importance of apps to the organization drove NowSecure growth to new heights in 2021.
NowSecure Scores Record Performance Results
NowSecure grew dramatically in 2021 across all facets of the organization:
- Sales growth of over 50% demonstrating accelerated demand for full solution suite
- Customer count grew by 60% across multiple industries including finance, insurance, consumer, high tech, healthcare, and IoT
- Existing customer expansion growth rate of over 70% due to high-value ROI and far-reaching demand
- Employee growth over 50%, expanding diversity and global reach
- Performed more than 1.5 million automated mobile app assessments in DevSecOps and on-demand deployments identifying over 8 million vulnerabilities
- Pen testing and professional services doubled year over year
- Co-developed the ioXt mobile app profile and certified more than 85 IoT-connected mobile apps and mobile VPNs for ioXt
- 800% growth in mobile appsec training programs for dev and security teams
- Hosted virtual mobile appsec community event with over 645 participants including top experts and customers across the industry
- Launched mobile risk tracker dashboard informing more than 5,400 unique visitors
- Expanded executive team by adding industry veterans CFO Jim Keller, VP of Engineering George Anderson and VP of Product Management Ray Hernendez
“NowSecure has become the vendor and partner of choice for customers who want to increase mobile app release speed and protect the security of their mobile users and data,” said NowSecure CEO Alan Snyder. “With a mission to save the world from unsafe mobile apps, NowSecure is well positioned for continued growth in 2022 and beyond.”
NowSecure Delivers the Industry’s First Full Mobile AppSec Solution Suite
With more than a decade of building advanced tools, delivering expert services and actively supporting open-source and industry standards projects, NowSecure completed a multi-year growth strategy to deliver the industry’s first full mobile app security solution suite with the launch of an online self-service training and certification program and substantial enhancements to its existing solution portfolio.
- NowSecure Platform for continuous security testing, observability and remediation in the development pipeline for DevSecOps and on-demand scenarios
- NowSecure Workstation kit for pen tester productivity to test complex, high-risk mobile apps and IoT-connected mobile apps
- NowSecure Supply Chain Risk Management for continuous monitoring of mobile app stores, third-party mobile apps and mobile component risk
- NowSecure Pen Testing Services for full-scope and rapid pen tests delivered by experts using proven standards-based methodology
- NowSecure Academy training courseware for dev and security teams
Built on a foundation of standards and observability with experience pen testing more than 10,000 mobile apps and automatically scanning millions of mobile apps over more than a dozen years, NowSecure has the most comprehensive experience and technology base to offer one- stop shopping to help enterprises deliver secure mobile apps faster.
“With the dramatic growth in mobile apps, the accelerating velocity of mobile teams, and our collective experience helping clients with pen testing and mobile appsec program development, we recognized the critical need for more effective mobile appsec training for developers, QA and security teams,” said NowSecure Senior VP of Customer Success & Services Katie Bochnowski. “While we dramatically expanded our pen testing services to meet the explosion of demand, we partnered with our key customers to craft the world’s first mobile-only online courseware to launch NowSecure Academy with free training for all and paid certification options. This enables us to meet the customer where they are and help ensure success of their mobile appsec programs from start to finish.”
NowSecure Launches 7 New Offerings
NowSecure continues to innovate with new products and services to meet the needs of current customers and high-growth segments
- NowSecure IoXt Certification Service enables manufacturers of IoT-connected mobile apps to receive certification of the IoXt mobile app protection profile
- NowSecure Platform improves the developer experience with observability and embedded developer remediation to speed resolution of issues
- NowSecure Workstation 7.0 modernizes the pen tester toolkit with streamlined deployment, faster testing and richer advanced features
- NowSecure Academy offers the industry’s first mobile only self-service training and certification platform for developers, QA and security professionals
- NowSecure MobileRiskTracker™ free portal benchmarks security and privacy risk for the top 5,000 downloaded apps in the public app stores
- NowSecure SBOM delivers the industry’s first mobile app software bill of materials (SBOM) including OWASP CycloneDX support
- NowSecure GitHub Actions as the industry’s first dynamic mobile app security testing available in the GitHub Marketplace to support millions of developers.
“As mobile now dominates the global economy and all digital communications channels, the stakes are higher and higher for every organization in serving their employees and customers,” said NowSecure Chief Mobility Officer Brian Reed. “From mobile digital transformation to point of use needs, the modern enterprise cannot afford the risks of an ad-hoc mobile app security testing approach that relies on open-source tools, web AST tools or web pen testing services. Organizations recognize that NowSecure is the mobile partner of choice with deepest experience, best-of-breed technology and pen testing services, the only integrated solution suite and proven approach to scale their mobile app sec programs.”
NowSecure Extends Support of Critical Standards and Open Source
Standards-based testing and certification are critical for consistent predictability, safety and governance. Standards improve dev and security team alignment and collaboration, which ensures quality and speeds release times. NowSecure expanded support for leading industry frameworks, testing standards, compliance standards and open-source projects.
- ioXt Alliance led creation of new industry standard certification for IoT-connected mobile apps and VPNs partnering with Amazon, Google, and other security labs, then serving as approved ioXt Certification Lab delivering standards-based certification
- OWASP Mobile Project dedicating staff to standards spec evolution delivering substantial updates to OWASP MASVS and MSTG along with NowSecure serving as OWASP God Mode sponsor
- OWASP CycloneDX Project supporter partnered with OWASP and industry leaders Contrast Security, Sonatype, Lockheed Martin, Ion Channel, Jfrog and Xperi to launch the first industry standard for Software Bill of Materials (SBOM) including mobile apps
- Partnered with the U.S. Federal Mobility Group, Federal Information Security Modernization Act (FISMA) Mobility Metrics Working Group, and ATARC to produce updated standards for the mobile security ecosystem to formally add Mobile App Vetting (MAV) requirements
- Led mobile app testing, reporting and SBOM generation for White House Executive Orders #14017 – Protecting America’s Supply Chain and #14034 – Protecting Americans’ Sensitive Data from Foreign Adversaries
- Continued community support including critical open source software (OSS) security projects including Frida, Radare, Frida Swift Bridge, Limbo, Radius and more.
“Dev and security teams want to move fast in their familiar tools, and we continue to make substantial investments in our tooling and integrations to speed dev and testing by enabling security observability with deeper, easy-to-use insights,” said NowSecure CTO David Weinstein. “Our research team is continually developing advanced tooling, contributing to NowSecure solutions, the open-source community and OWASP projects. Our engineering team has delivered many integrations to fit dev and security workflows while scaling our advanced testing cloud to new heights.”
NowSecure Extends Strategic Partnerships and Integrations
From DevSecOps toolchain to application security testing vendors to security service providers, NowSecure has become the partner of choice for mobile application security.
- Expanded NowSecure Partner program adding more than 20 new reseller, services and integration partners
- Launched industry’s first GitHub Action for dynamic mobile app security testing as part of the new GitHub Advanced Security Program enabling more than 70 million GitHub developers
- Increased integration portfolio to include Azure DevOps, Bitrise, Brinqua, CircleCI, Coalfire ThreadFix, GitHub, GitLab, Cloudbees, Jenkins, Jira, Synopsys CodeDX, and more
- Extended partnership with many web application security testing (AST) vendors as product-completer to deliver mobile AST capabilities and services to augment their web-based solutions
- Enlarged partnerships and services with major telecommunications carriers including AT&T, AT&T First Net, T-Mobile, T-Systems and Bell Canada
- Hosted DevSecOps Bunch monthly series with top-tier experts and industry partners to share best practices
“Since I founded NowSecure over a decade ago, we have been focused on mobile security, standards, open source, automation and interoperability to deliver value to our customers and the global community at large,” said NowSecure Founder Andrew Hoog. “Because mobile is the platform of choice for developers and organizationes alike, the community is driving mobile into key initiatives like SBOMs, OWASP CycloneDX SBOM, NIST Secure Software Development Framework (SSDF), and developer-first security like GitHub Actions. As the industry’s recognized expert in mobile app security, we are pleased to partner and contribute with top cloud, platform and toolchain leaders like Google, Microsoft, GitHub, Jenkins and Jira to advance the state of the art for mobile appsec at mass scale.”
Sources: App Annie State of Mobile 2022, Comscore State of Mobile 2021, SensorTower 2022, NowSecure MobileRiskTracker, NowSecure Benchmarks 2020 and 2021, Sonatype State of the Software Supply Chain Report, 2021, How Mobile Is Fueling Fortune 1000 Success, 2018
As the standards-based mobile app security and privacy company, NowSecure protects the Mobile App Economy. The world’s most demanding organizations, innovative mobile developers and advanced security teams entrust NowSecure to safeguard millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers the full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing and training courseware with the depth, speed, accuracy, and efficiency to meet modern organization demands. Dedicated to the open-source community and standards including OWASP, ioXt and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber. www.nowsecure.com