Enterprises are still falling for a BYOD trojan horse

Allowing employees to use their own devices for work offers lots of benefits for businesses, but there are risks involved too.

A new report from software company Flexera and research specialist IDC says that enterprises are not doing enough to understand which mobile app behaviours hitting their networks and data are risky, nor are they testing apps for those risky behaviours to ensure proper enforcement of BYOD policies.

The report points out that BYOD risk doesn't just arise from malicious hackers and rogue nations. Threats to data and security may be hidden in the most innocuous-seeming apps that employees can unwittingly unleash on the enterprise. Examples include a flashlight app that illegally transmits user data to advertisers, or common banking apps capable of capturing device logs, accessing contacts lists, reading SMS messages or even installing packages on the phone.

Key findings are that 48 per cent of enterprises have already got, or are in the process of implementing, BYOD policies with a further 23 per cent planning on doing so within two years. And security is taken seriously, 71 per cent of enterprises say data security counts among their biggest challenges when implementing BYOD policies.

Policies that block risky app behaviors to mitigate mobile app security risks are being implemented by 47 per cent of respondents with another 22 per cent planning to do so within two years. Despite concerns about security, however, 61 per cent of organisations have not identified which app behaviors they deem risky.

A majority of organisations (55 per cent) have not identified specific mobile apps that exhibit risky behaviors that would violate their BYOD policies. It also seems that just having a policy is not enough. Only 16 per cent of respondents report that their BYOD policies are resulting in lower enterprise application risk.

"Most organisations already have strong processes to test and remediate traditional desktop, virtualized and cloud based applications to make sure they're safe and reliable. But as the report indicates, enterprises have not extended these Application Readiness best practices to mobile apps," says Maureen Polte, Vice President of Product Management at Flexera Software.

"These same processes can and should be extended to mobile apps to ensure that risky app behaviors and apps are identified and appropriate measures are taken to contain those risks".

The full report is available to download from the Flexera website and you can see a summary of the findings in infographic form below.

Flexera infog

Photo credit: Alessandro Colle/Shutterstock