A new trend is on the rise - bring your own app (BYOA) - that like bring your own device (BYOD) before it, is taking company data out of businesses' control.
As with BYOD, BYOA can make employees more productive by allowing them to use tools they are familiar with, and giving them access to company information whenever they need it, from wherever they are. But it is not without its risks.
"Employees are finding and downloading their third-party enterprise applications to make their jobs easier," says local security company Securicom's support engineer Michael Morton. "Oftentimes, these are downloaded onto their own portable devices and smartphones which they use for work purposes, bringing a whole new dimension to BYOD."
He cites file sync and sharing apps like Dropbox and Evernote, as they let employees store vast amounts of company data in the cloud. He says IM apps can also open critical business information to the risk of exposure.
Over and above the risk of exposure, there is a risk of malware, says Morton. Even apps from trusted sources should be treated with caution. "Malicious unmanned applications downloaded onto desktops and devices can expose the entire network to security issues."
Although he says SA has not yet seen the full extent of the BYOA trend, it is coming, and soon enterprises will see their staff using "a plethora of third-party enterprise applications for work purposes".
In a recent Webinar, mobile device management (MDM) company, Mobile Iron, described BYOA as the next stage of 'consumerisation' in the enterprise. "Organisations need a consistent way to distribute, manage and secure apps, no matter where the app originates from," said Ojas Rege, Mobile Iron's VP of strategy, and Stacy Crook, mobile enterprise program manager at IDC.
The pair added that enterprises need to cognisant of, and analyse all potential threats consumer apps may bring into the enterprise. They said businesses must always consider the user experience when rolling out a solution, or employees will find insecure ways to work around them.
Companies need to view BYOA as an opportunity, and develop a strategy around it, they said.
The benefits
Morton agrees that BYOA has many benefits too, particularly in terms of productivity. For instance, he says using IMs to communicate faster, and at lower cost can be a benefit, as can simplifying the sharing and editing of documents through Dropbox and similar.
He says rather than blocking the use of these applications, companies can allow users to have access to their favourite apps, but they must put measures in place to protect sensitive company data and keep it in the technical department's control.
Companies must have a clear policy on the use of outside apps, to avoid unsafe apps from entering the organisation. Policies and technologies which allow certain ones while blocking other tools can be implemented.
Developing a BYOA strategy
Mobile Iron says all strategies should begin with a policy, defining boundaries for the use of outside applications within the organisation. It must balance protecting the business data, with allowing employees access to the tools they find aid their productivity.
The MDM firm advises businesses to open a central repository, or company "app store" to manage the app lifecycle, and enforce the policies. In this way, technical will have access to all apps, and a better overview of what apps are being used, for what functions.
Mobile Iron also advises companies to put formal processes in place to review and promote secure "prosumer" apps, and pay for them so that they can be managed through the enterprise app store.
Also, define the levels of help-desk support that will be available for different levels of apps. The company says "preferred" apps, that the company wants employees to use, would get full support; and "approved" apps, that meet minimum security standards that may be used if the preferred apps do not meet employees' needs, would get best-effort or no support.
For employees who handle, or have access to sensitive or confidential corporate data, containerisation could be an option. Separation of corporate and personal data can be key here, and only whitelisted apps will be permitted access to sensitive data.
"Protected with a single-sign-on password, the outflow of data from containerised apps can be controlled by 'whitelisting' the apps allowed to open content, and only allowing certain, or no, containerised apps to copy or paste data, or print files."
Share