View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Networks
March 24, 2015

Blasé BYOD adopters at risk from lax app security

Mobile apps are not being tested for risky behaviours.

By Alexander Sword

Organisations are not doing enough to ensure their mobile apps are secure, according to new research.

A report from Flexera Software and IDC found 61 percent of respondents had not identified which app behaviours they deemed risky. In addition, 55 percent had not identified specific mobile apps that exhibit risky behaviours.

These findings come despite 48 percent of enterprises having already implemented or being in the process of implementing BYOD policies, with 23 percent planning to do so in the next two years. 71 percent also believed that data security is the biggest challenge when implementing BYOD policies.

47 percent of respondents said that they were instituting policies to block risky app behaviours, while 22 percent plan on doing so within two years.However, only 16 percent of respondents believed that their BYOD policies were reducing enterprise application risk.

The report shows that businesses need to realise that BYOD risk doesn’t arise solely from malicious hackers and rogue nations, and can be hidden in innocuous-seeming apps that employees use unwittingly.

As the report reads, "…consider the Environmental Protection Agency’s (EPA) embarrassment occurring recently when an employee playing on a "Kim Kardashian Hollywood" app tweeted out to the EPA’s 52,000 Twitter followers, ‘I’m now a C-List celebrity in Kim Kardashian: Hollywood. Come join me and become famous too by playing on iPhone!’

"What happened? The employee was using the app on her BYOD device. Unbeknownst to the employee, the app had the ability to automatically access the phone’s twitter account and tweet out messages when certain game thresholds were reached. Unfortunately for the EPA – the BYOD device was connected to the EPA’s official twitter account – not the employee’s."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Robert Young, Research Manager, End Point Device & IT Service Management and Client Virtualisation Software at IDC, commented: "BYOD policies are critical to organisations seeking to maximise the value and minimise the risks they encounter by integrating mobile devices and apps within their infrastructures, because these policies define the behaviours that are and are not acceptable.

"But BYOD policies are inadequate if appropriate enforcement mechanisms are not put into place and followed."

"Most organisations already have strong processes to test and remediate traditional desktop, virtualised and cloud based applications to make sure they’re safe and reliable. But as the report indicates, enterprises have not extended these Application Readiness best practices to mobile apps," said Maureen Polte, Vice President of Product Management at Flexera Software.

She added: "These same processes can and should be extended to mobile apps to ensure that risky app behaviours and apps are identified and appropriate measures are taken to contain those risks."

The report surveyed 583 respondents worldwide, including executives and IT professionals from 264 software vendors, 172 hardware device manufacturers and 147 enterprise organisations.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.