A recent study conducted by the research firm Ovum
revealed that 70% of employees who own a smartphone or tablet use it to access corporate data through enterprise mobile apps
. This staggering figure that points to the surge in the popularity of bring your own device (BYOD)
policies among enterprises. While the advantages of BYOD are clear (it is strongly linked to increased employee productivity
), it doesn't come without its downsides.
The bottom line is: mobile security and privacy threats are a major challenge for IT departments with a BYOD policy that includes enterprise mobile apps.
Major security and privacy threats
The growth of the BYOD movement has also coincided with growth in the bring-your-own-application (BYOA) movement. As employees continue to become more tech-savvy, they've begun downloading and using 3rd
party business applications that offer file sync/share, IM/VoIP, and networking features.
Though employees have good intentions, the use of third-party enterprise mobile apps puts both the user and the enterprise at risk. The existence of malware and spyware in such is always a possibility. In fact, Trend Micro estimates that there are over 700,000 malware and/or adware-laden apps
available to Google Android users alone. These apps do everything from steal data to initiate malicious downloads. Such threats not only put the device owner at risk, but could also compromise confidential corporate data. To compound the issue, many third-party apps are unintentionally malicious as a result of poor coding practices. Poorly written software can inadvertently gain access to or expose data and/or metadata stored on a device.
Threats to enterprise mobile apps can also exist on a network level, especially when employees use third-party apps. Though most enterprise networks are secure, there is no guarantee that the networks employees connect to outside of the office are. Unsecured Wi-Fi networks put app users at risk for man-in-the-middle attacks
and Wi-Fi sniffing.
According to a recent study conducted by Pew
, one-third of cell phone owners have either lost their device, or had it stolen. Physical threats like these are an ever-present concern for both device owners and IT departments.
How IT departments can mitigate security and privacy concerns
Establish BYOD policies
It is vital for organizations to establish BYOD policies before supporting BYOD. These policies should clearly define which employees are eligible to participate, what types of devices are supported, and what business functions are supported. A standard set of procedures is also required in cases where devices are lost, stolen, or otherwise compromised.
Develop Internal Mobile Applications
A number of mobile security and privacy threats develop from employees using third-party applications. One obvious way organizations can mitigate this threat is to develop their own enterprise mobile apps. Developing apps internally eliminates malware and spyware concerns and can also be customized to promote higher efficiency and productivity.
With the smartphone and tablet markets spread now flooded variety of manufacturers, developing native applications complete with security features can be costly and time consuming. One solution is to develop applications using a mobile application management (MAM™)
, which adds an administrative layer to enterprise applications. MAM™ administrators can further employ app wrapping
to set device-independent policy and security elements before deploying it as a fully contained app on their enterprise app store