Application security isn’t just a developer’s problem. IT staff and the security team also have roles to play in setting up the infrastructure and implementing security controls. When IT administrators forget the security basics for the app’s back-end servers, they undermine the developer’s good security decisions.

Researchers at mobile security company Appthority recently analyzed apps installed on enterprise devices (including both mobile devices issued and managed by enterprise IT as well as personal devices in a BYOD scenario) and found more than 1,000 apps where data was being exposed because the apps’ backend servers lacked security controls.