Most organisations are not testing mobile apps for risky behaviours that could invite hidden, ‘back-door’ security risk and reputational damage, according to Flexera Software/IDC survey
Maidenhead, U.K. – March 24, 2015 – According to a new report, The BYOD Trojan Horse: Dangerous Mobile App Behaviours & Back-Door Security Risks, prepared jointly by Flexera Software and IDC, enterprises are not doing nearly enough to understand which mobile app behaviours hitting their networks and data are risky, nor are they testing apps for those risky behaviours to ensure proper enforcement of their BYOD policies. Despite data security being among the biggest challenges when implementing BYOD policies for enterprises (71 per cent), 61 percent have not even identified which app behaviours they deem risky – i.e. ability to access social media apps like Twitter, apps that report back user data to app producers, and such.
The report provides a sobering wake up call to businesses, underscoring that BYOD risk doesn’t just arise from malicious hackers and rogue nations. Threats to data and security are hidden, as in a Trojan horse, in the most innocuous-seeming apps that employees can unwittingly unleash on the enterprise, like a flashlight app that illegally transmits user data to advertisers, or common banking apps capable of capturing device logs, accessing contacts lists, reading SMS messages or even installing packages on the phone. Among the report’s findings:
Enterprises Are Broadly Adopting BYOD Policies: 48 percent of enterprises have already or are in the process of implementing BYOD policies, and another 23 percent plan on doing so within two years.
- Blocking Risky Apps Is a Priority: 47 percent of respondents say they’re instituting policies that block risky app behaviours to mitigate mobile app security risks. Another 22 percent plan on doing so within two years.
- Enterprises Are Also Failing to Identify Apps They Deem Risky: A majority of organisations – 55 percent – have not identified specific mobile apps that exhibit risky behaviours that would violate their BYOD policies.
- BYOD Policies Are Not Reducing Enterprises’ Security Risks: Only 16 percent of respondents report that their BYOD policies are resulting in lower enterprise application risk.
“BYOD policies are critical to organisations seeking to maximise the value and minimise the risks they encounter by integrating mobile devices and apps within their infrastructures, because these policies define the behaviours that are and are not acceptable,” said Robert Young, Research Manager, End Point Device & IT Service Management and Client Virtualisation Software, IDC. “But BYOD policies are inadequate if appropriate enforcement mechanisms are not put into place and followed.”
“Most organisations already have strong processes to test and remediate traditional desktop, virtualised and cloud based applications to make sure they’re safe and reliable. But as the report indicates, enterprises have not extended these Application Readiness best practices to mobile apps,” said Maureen Polte, Vice President of Product Management at Flexera Software. “These same processes can and should be extended to mobile apps to ensure that risky app behaviours and apps are identified and appropriate measures are taken to contain those risks.”