'Bring Your Own App': risks and solutions

Apps on tablet
They're attractive, but they can be dangerous

Employees are sourcing and downloading their own enterprise applications, giving a whole new meaning to the 'bring your own' trend. The move to portable - and multiple - devices is taking control away from traditional IT and putting it into the hands of staff, resulting in a struggle to cope with a deluge of unapproved applications.

IT strategy is often at fault. According to Ovum: "If employees are sourcing their own applications to do their job, then IT is not delivering the right tools or a good enough user experience for its employees."

In addition, 'bring your own application' (BYOA) comes with significant risks, especially from file sync and share applications such as Dropbox. These types of apps allow employees to store large amounts of company data in the cloud, potentially exposing the business to threats.

But BYOA can have positive effects too, helping to discover enterprise tools that can increase staff productivity. The first step is to secure your devices and company information. Then you can look at provisioning useful apps to your employees and if necessary, re-work your IT policy.

Changing IT

IT is changing, with employees provisioning their own applications and social networks. As such, users need approved enterprise apps and a clear policy if you are to avoid, unmanned, possibly unsafe tools entering the business.

There is an increasing demand for file sharing apps such as Box, as well as messaging tools such as email and instant messaging. Ojas Rege, VP of Strategy at security management platform MobileIron says: "This is striking fear into the hearts of IT; corporate data is ending up in apps over which they have no control."

IT is often about restricting and controlling, rather than what users want, according to Mubaloo Planning Director Gemma Coles. She thinks management is a mix of control and letting people use apps.

For example, staff might use apps other than Skype when it works perfectly well. In this case it's advisable to block other tools. "And it works the other way too," she says.

Richard Absalom, Analyst, Consumer Impact Technology at Ovum agrees. "People want ways to do their jobs better and provisioning apps like Box will allow them to do this under your control," he says. "IT needs to be an enabler rather than dictating what to do."

Coping with security

Amid this complex BYOA environment, mobile malware is growing. IT security firm Kaspersky is seeing 11 new types an hour, according to David Emm, Senior Security Researcher at Kaspersky Lab. He advises businesses to consider encryption and how to manage if the device is lost; and then look at containing the data.

"If you are going to manage devices from a business level you can control them from a central computer," says Emm. "You can push down settings to a device and if it's lost or stolen you can get GPS tracking on it."

Kaspersky is seeing situations where attackers are producing an application that mimics a legitimate one. At the same time, a lot of malware is targeted at the Android platform, even if it's purchased from the official app store, Google Play, so businesses with staff using this operating system must be vigilant.

A malicious app will access information by presenting users with options such as 'this app needs access to' and 'this app needs to change', Emm explains, adding: "As with many end user agreements, people don't read them, they just gloss over it. If they give these permissions and the app can get into their system, it can then steal company data."

Solutions

It's important to implement a solution: the legal fine arising from a big security incident could be the end of an SMB. Devices can be managed through mobile device management (MDM) products - such as Samsung Knox or BB Balance, or apps like Cellrox - which can include the use of a partition to separate work and personal data. Nothing with a partition is available on iOS but SMBs using iPhones can employ an app 'container' to separate corporate data.

On the apps side, Absalom suggests free or cheaper options such as Amtel Mobile or Globo - which sells 10 licences at a time, specifically aimed at the SMB sector. "You get the basics for free and you can buy more if you like it," he says.

MDM is also part of the Kaspersky Business Security Solution. "You can pick and choose different elements; it's aimed at SMBs as its flexible," says Emm.

Other options include MobileIron's platform AppConnect, a secure solution which handles apps once downloaded and notifies the user if there's a problem.

If security products are combined with a secure but flexible IT strategy, you are on your way to coping. Emm advises: "Have a list of apps and tell employees to come to you with new ones. You want people to be onboard."

BYOA is becoming a growing issue for business and a big part is management. But SMBs with a solution-based approach and the right attitude can take advantage of the trend, resulting in more productive and engaged staff.