Mobile Business Apps are Great, But What About Security?
When it comes to matter of IT, nothing good ever happens after midnight. One CIO nightmare (among many) is to be woken up by the emergency call at 1am.
“Boss, just wanted to let you know that [name] had his office tablet stolen and we’ve implemented a data wipe.”
“Great. What’s the problem then?”
“Well, [name] actually lost the tablet last Friday and didn’t report it until now. Plus, he kept his passwords for the CRM app, work email client and office FTP client written down in an unencrypted text document. The file was on his desktop–the file name is ‘allthepasswords.doc.’”
Mobile Business Apps: Tools to Service a Rising Tide
As we mentioned in our summary of this year’s Q2, tablet devices continue to find greater use in enterprise settings, primarily because of the exponential rate at which their technical capabilities increase. Symantec’s 2012 State of Mobility Survey found that 59 percent of responding organizations had made line-of-business applications accessible via mobile devices.
It’s clear that the trend towards mobility will most likely continue its current ascent. The latest numbers from Global Workplace Analytics state that working remotely and telecommuting saw a combined growth rate of 9 percent among non-profit and for-profit organizations from 2010 to 2011, almost double the percentage from 2009 to 2010. The confluence of ever-improving mobile hardware, increasingly globalized industries and industry trends like the consumerization of IT almost make it an inevitability.
For all the benefits to reaped, however, there are also many new risks to take into account, especially when it comes to security.
Mobile business apps have made progress in leaps and bounds the past few years. Moving past the stereotype of being underpowered and glorified viewer apps–though those are still alive and well–more and more vital business functions have been opened up to remote access. Combined with the great liberalization in device permissions that’s come with the Bring Your Own Device (BYOD) trend, mobile business apps have opened up tons of opportunities to change the way people work by decoupling them from a single physical work space.
Unfortunately, another thing that’s been opened up is the vectors of attack for security risks both unintentional and malicious. Here are some of the gaps in which security risks might throw a monkey wrench or two into your mobile apps policy.
- Shadow IT
As we mentioned back at the beginning of the year in our CIO Survival Guide, the trend towards consumerization of IT is here to stay and affecting the attitude with which employees approach work-related apps. One of the main reasons for the liberalization on mobile apps and mobile devices is that, for many organizations, even if they’re not within the bounds of IT policy (but not in full violation either) employees are going to use them anyways–in essence, let us adopt the business apps that we like the most, or we’ll do it on the sly.
Shadow IT, or third party applications and services used without the approval or knowledge of the company, has become one of the major headaches plaguing IT managers. Some of the more popular tools lurking in the shadows are third-party cloud storage apps like Dropbox. While there’s no denying apps like Dropbox are extremely useful as productivity tools, they also have the potential to become security blind spots. While the worker’s iPhone, tablet and laptop are registered and secured with IT’s mobile device management (MDM) software, the copies of data he stores on his personal Dropbox account to access once he gets home are not.
- Regulatory Violations
Highly regulated industries like financial services and medicine handle huge amounts of customer/client data as part of their daily operations, data which is more often than not strictly protected under federal law. By opening these records up to remote access via mobile apps, an organization may be opening itself up not just for an incipient security breach, but harsh legal penalties.
Many developers of consumer apps have already come under pressure from state and federal authorities to tighten up their software’s compliance with data protection law. Compound this with all the existing headaches for compliance officers trying to get a rein on mobile business apps, and it’s clear that this is going to be a huge challenge going forward.
- Device Theft
No security network is impenetrable, and the likelihood of data loss increases when a device loaded with all the mobile business apps designed to provide quick, privileged access to company data is stolen. Not only can a stolen device get cracked, but the thief can also bypass the software layer altogether, extracting the device’s hard drive or SD cards to get at whatever sensitive data the business apps store locally.
While this might seem like an Achilles heel for mobile apps, many if not all MDM solutions now address this risk to some extent. Security suites like Beachhead Solutions‘ SimplySecure offer a remarkable amount of customizable rulesets for how and when to address device thefts (red flagging the device should it attempt to interface with company assets, full-on device wipes and kill switches).
Want more information on the best IT management software solutions?
We’ve compiled the top product reviews, blog posts and premium content on our IT management software research page. Here, you’ll find all of the information you need to choose the right solution. Also, be sure to compare leading mobile device management (MDM) products in our Top 10 Mobile Device Management Software report, where we give you the lowdown on pricing, key features and technology models.