Organisations are not doing enough to ensure their mobile apps are secure, according to new research.
A report from Flexera Software and IDC found 61 percent of respondents had not identified which app behaviours they deemed risky. In addition, 55 percent had not identified specific mobile apps that exhibit risky behaviours.
These findings come despite 48 percent of enterprises having already implemented or being in the process of implementing BYOD policies, with 23 percent planning to do so in the next two years. 71 percent also believed that data security is the biggest challenge when implementing BYOD policies.
47 percent of respondents said that they were instituting policies to block risky app behaviours, while 22 percent plan on doing so within two years.However, only 16 percent of respondents believed that their BYOD policies were reducing enterprise application risk.
The report shows that businesses need to realise that BYOD risk doesn’t arise solely from malicious hackers and rogue nations, and can be hidden in innocuous-seeming apps that employees use unwittingly.
As the report reads, "…consider the Environmental Protection Agency’s (EPA) embarrassment occurring recently when an employee playing on a "Kim Kardashian Hollywood" app tweeted out to the EPA’s 52,000 Twitter followers, ‘I’m now a C-List celebrity in Kim Kardashian: Hollywood. Come join me and become famous too by playing on iPhone!’
"What happened? The employee was using the app on her BYOD device. Unbeknownst to the employee, the app had the ability to automatically access the phone’s twitter account and tweet out messages when certain game thresholds were reached. Unfortunately for the EPA – the BYOD device was connected to the EPA’s official twitter account – not the employee’s."
Robert Young, Research Manager, End Point Device & IT Service Management and Client Virtualisation Software at IDC, commented: "BYOD policies are critical to organisations seeking to maximise the value and minimise the risks they encounter by integrating mobile devices and apps within their infrastructures, because these policies define the behaviours that are and are not acceptable.
"But BYOD policies are inadequate if appropriate enforcement mechanisms are not put into place and followed."
"Most organisations already have strong processes to test and remediate traditional desktop, virtualised and cloud based applications to make sure they’re safe and reliable. But as the report indicates, enterprises have not extended these Application Readiness best practices to mobile apps," said Maureen Polte, Vice President of Product Management at Flexera Software.
She added: "These same processes can and should be extended to mobile apps to ensure that risky app behaviours and apps are identified and appropriate measures are taken to contain those risks."
The report surveyed 583 respondents worldwide, including executives and IT professionals from 264 software vendors, 172 hardware device manufacturers and 147 enterprise organisations.
