First it was Bring Your Own Device (BYOD) and now it’s Bring Your Own App (BYOA). This growing trend is taking company data out of companies’ control – and setting a security challenge for IT departments.
Michael Morton from Securicom says, “Employees are finding and downloading their third-party enterprise applications to make their jobs easier. Oftentimes, these are downloaded onto their own portable devices and smartphones which they use for work purposes, bringing a whole new dimension to BYOD.
“File sync and sharing apps in particular, such as Dropbox and Evernote, are extremely popular and allow employees to store vast amounts of company information in the cloud. Other commonly used applications include instant messaging tools.
“Of course, these come with the risk of exposure of critical and confidential business information.”
The threats
Morton explains, “Aside from the potential risk of exposure, there is the risk of malware to consider. Malicious unmanned applications downloaded onto desktops and devices can expose the entire network to security issues.
“Certainly, the full extent of the BYOA trend has not yet hit South African shores. But, it’s coming and before businesses blink, employees will be using a plethora of third-party enterprise applications for work purposes.
“The Android platform is often targeted with malware, and so businesses with employees using business apps sourced even from the legitimate app store should be careful.”
There are benefits, however
While BYOA can pose a security threat to businesses, it can have a positive effect too – one being increased productivity.
“If employees can use Skype and instant messaging tools to communicate better and more cheaply with colleagues and customers around the world, it improves their productivity.
“Likewise, Dropbox and the like simplify the process of sharing, editing and working on documents together, again boosting productivity.”
Protect your data, don’t block the app
Instead of blocking the use of these applications, companies can allow users to use their beloved applications, but they need to put measures in place to protect sensitive company data and keep it in ITs’ control.
Users need access to approved enterprise apps and companies must have a clear policy on their usage, if they are to avoid, unmanned, possibly unsafe tools entering the business.
To prevent employees from using a diversity of apps which all do the same thing, companies can implement policies and technologies which allow certain ones while blocking other tools.
This limits the number of unmanned applications at play in the organisation.