Home » Technology » Mobility » BYOD Success in the Enterprise
Lack of mobile app security will take its toll on BYOD success in the enterprise
While data security is among the biggest challenges when implementing BYOD policies for enterprises (71 per cent), 61 percent have not even identified which app behaviours they deem risky – i.e. apps’ ability to access social media functions on the device like Twitter, apps that report back user data to app producers, and such. A new report entitled The BYOD Trojan Horse: Dangerous Mobile App Behaviours & Back-Door Security Risks, prepared jointly by Flexera Software and IDC, shows that enterprises are not doing nearly enough to understand which mobile app behaviours hitting their networks and data are risky, nor are they testing apps for those risky behaviours to ensure proper enforcement of their BYOD policies.
Regardless, businesses are rolling-out their BYOD strategies – 48 percent of enterprises have already/are in the process of implementing BYOD policies, and another 23 percent plan on doing so within two years – and most CIOs and CEOs have no idea that many of the mobile apps allowed to touch corporate systems and data engage in behaviours that they may deem risky according to their own BYOD policy, and that could compromise data security and policy. 55 percent of enterprises have not identified specific mobile apps that exhibit risky behaviours that would violate their BYOD policies.
Already, an alarming percentage of mobile apps being used within the enterprise are able to access sensitive device functions, or otherwise exhibit behaviour that may pose security risks to the organisation. The flashlight app that illegally transmits user data to advertisers is one example.
This is because mobile operating systems include APIs that apps can use to access device functions, features and data that potentially are considered confidential, proprietary or sensitive, like location data, contact lists, photos, and calendars. Without understanding what these apps do and how, organisations are potentially playing Russian roulette with their security.
The risk to organisations is high, because most IT teams don’t have the same insight into and control over mobile app behaviours as they do with traditional enterprise software. So it’s essential that they adopt the same best practices and processes to prepare mobile apps for delivery, as they do with desktop and other applications. As IT teams begin to analyse mobile apps and start building institutional knowledge around their behaviour, they can substantially reduce the Russian roulette effect that mobile apps currently post.
Organisations need to incorporate the same Application Readiness best practices, processes and technology to prepare enterprise. This will provide a standardised best practice method for reliably and predictably testing, packaging and deploying apps into the enterprise.
Through Application Readiness automation, IT will gain essential insights into mobile app behaviour. For instance, application reputation scanning, which examines app properties and configuration, determines the mobile device features that the app uses and will issue a report that can be used to establish policies that define which behaviors are risky. These policies can then be used by the Application Readiness solution to automatically identify risky apps, allowing IT to manage them appropriately.
Identifying and effectively managing risky mobile apps not only minimises risk, but also enhances the user experience. Employees can use authorised apps with confidence, knowing they’ve been thoroughly vetted. And security officers will have greater confidence that danger has been averted by avoiding apps that exhibit risky behaviours, or by eliminating those risky behaviors before they’re allowed access to the corporate network.
Even the most innocent mobile apps can pose tremendous risk to organisations unaware of how their design and function can access sensitive data and, potentially, disseminate that data in violation of BYOD policies. By taking a comprehensive Application Readiness approach, organisations can leverage existing staff, expertise and technology to test mobile apps, understand their threat potential, and take appropriate measures.