Inside the Briefcase

Augmented Reality Analytics: Transforming Data Visualization

Augmented Reality Analytics: Transforming Data Visualization

Tweet Augmented reality is transforming how data is visualized...

ITBriefcase.net Membership!

ITBriefcase.net Membership!

Tweet Register as an ITBriefcase.net member to unlock exclusive...

Women in Tech Boston

Women in Tech Boston

Hear from an industry analyst and a Fortinet customer...

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

In this interview, JumpCloud’s Antoine Jebara, co-founder and GM...

Tips And Tricks On Getting The Most Out of VPN Services

Tips And Tricks On Getting The Most Out of VPN Services

In the wake of restrictions in access to certain...

Enterprise Application Risk in a BYOD-driven World

February 22, 2016 No Comments

Featured article by Maureen Polte, Vice President of Product Management, Flexera Software

Mobile devices are almost ubiquitously used by employees in today’s workplace. These devices have the power to vastly increase productivity, connectivity and the ability to collaborate, but they also present significant challenges in maintaining privacy and security. Employees can easily access corporate networks and sensitive enterprise data with just a flick or a swipe – whether they are using their own device (BYOD) or a corporate-owned device.

As mobile devices make it easy for us to access our entire lives at a glance, the dividing line between professional and personal is getting fainter. Employees commonly install personal apps on devices they also use for work. Often, employees don’t even think twice about whether an app they’re using could potentially expose the corporate network to risk. In fact, an alarming percentage of mobile apps being used within the enterprise are able to access sensitive device functions, or otherwise exhibit behavior that may pose security risks to the organization and violate its BYOD policies. Without understanding what these apps do and how, organizations are playing Russian roulette with their security.

It may seem far fetched that a seemingly innocuous consumer app could have a major impact on an organization’s security, but the dangers are more rampant than you may think. A Federal Trade Commission lawsuit revealed that a flashlight app maker was illegally transmitting users’ precise locations and unique device identifiers to third parties, including advertising networks. And the Environmental Protection Agency (EPA) recently faced embarrassment when an employee playing on a Kim Kardashian Hollywood app tweeted out to the agency’s 52,000 Twitter followers, “I’m now a C-List celebrity in Kim Kardashian: Hollywood. Come join me and become famous too by playing on iPhone!” That employee was using the Kardashian app on her mobile phone and didn’t realize that the app had the ability to automatically access the phone’s Twitter account and tweet out messages when certain game thresholds were reached. Unfortunately for the EPA, the phone in question was configured to use the EPA’s official Twitter account and not the employee’s.

These examples show that mobile app security risk is not just limited to malevolent hackers and unfriendly governments. Threats to corporate data and reputation can be hidden in the most seemingly harmless apps, and can be unleashed on the organization by the most well-intentioned employee. Because of these hidden risks, enterprises must understand the risky behaviors associated with mobile apps that could compromise data security.

These everyday apps that are on employee’s mobile device could serve as that unexpected bullet in the chamber. This is because mobile operating systems include APIs that allow apps to access potentially confidential, proprietary or sensitive data. Examples include contact lists (that include customer details), photos (that could include proprietary location sites or whiteboards with confidential data on them), and calendars (that include sensitive appointments). In addition, apps could access corporate social media accounts accessible on the device as well as built-in hardware features like GPS, camera, audio recorder, etc. In fact, many apps have undocumented features that could be used for malicious or harmful purposes. For example, a recent study from Flexera Software found that 88 percent of iOS dating apps tested, including Grindr, OKCupid and Tinder, are capable of accessing a device’s location services. For some companies, this might not matter – but for others, sharing location data could be a serious problem, such as when sharing location data with third parties would violoate certain laws, regulations, or company policies.

As more and more employees use their corporate-issued or BYOD phones for personal use, it can present an increasing security risk to the organization. Therefore, it is necessary for CIOs and CSOs to fully understand what the mobile apps on employees’ devices can do – what data, features and functions they can access – and then determine whether this behavior is acceptable based on the organization’s BYOD policy. Testing mobile apps to discover their behavior and risks should be part of any organization’s centralized Application Readiness processes.

By adopting Application Readiness processes, organizations can ensure that the necessary tools are in place so IT can reliably test, package and deploy apps into the enterprise. Through Application Readiness, IT teams can gain essential insights into mobile app behavior. For example, IT can leverage application reputation scanning, which examines an app’s properties, to determine if the mobile device features that the app uses violate the company’s BYOD and privacy policies. By doing so, IT can use these findings to establish policies that define which behaviors are risky and which are not.

Even the most innocent mobile apps can pose tremendous risk to organizations unaware of how their design and function can access sensitive data and, potentially, share that data in violation of BYOD policies. It’s essential for organizations to adopt an Application Readiness process so that they can fully identify and effectively manage risky mobile apps. As a result, employees can then use authorized apps with confidence, knowing they’ve been thoroughly vetted, and IT will have even greater confidence that danger has been averted by avoiding apps that exhibit risky behaviors. By taking a comprehensive approach to managing the entire enterprise application lifecycle, organizations can substantially reduce the Russian roulette effect that mobile apps currently pose.

Maureen-Polte_Dec11

Maureen Polte is the Vice President of Product Management at Flexera Software responsible for driving strategic product direction for the Installation and Application Readiness Solutions. She works with both Software Producers and Enterprise IT Operations to ensure that the world’s business and consumer applications are reliably and optimally deployed on millions of computers worldwide. Prior to Flexera Software, Maureen worked as the Executive Vice President and Group Leader, Product Development at Infogix, Inc. and as the Vice President of Development at Cyborg Systems (now Accerro). She graduated with a Bachelor’s degree in Actuarial Science from the University of Illinois at Urbana-Champaign.

Check out infographic below for more info!

Valentine_Infographic

 

Leave a Reply

(required)

(required)


ADVERTISEMENT

DTX ExCeL London

WomeninTech