Are mobile app reputation services (MARS) legit?

Should enterprises invest in mobile security solutions explicitly for ranking the trust model of some apps?

It depends on what your use cases, requirements, user base, & relevant jurisdictions are.  However, most orgs should not need a MARS solution as MDM, MAM, & even MTD should be able to handle most threats.

InfoSec Leadership: Initaitive = Enablement

Many CISOs & senior InfoSec leaders catch heat for slowing down processing or saying no to new initiatives due to risk.  

However, when InfoSec leadership takes initiative, embeds SMEs into other teams (at least part time), & partners with the business, then enablement will happen as InfoSec has assisted in the design from a grassroots level.

Now shadow IT will most certainly always be around, & projects / business lines need to be agile, but collaboration is possible via proaction.