Enterprise security and BYOD (infographic)
Breaches can be expensive. So enterprises need to make sure that their mobile security is watertight. Download the...
Bring your own application (BYOA) offers opportunities for increased productivity but also exposes businesses of all sizes to risk. Is it replacing BYOD as the next big threat to your organisation?
Businesses across the world must be rejoicing as employees increasingly use their own apps for work, right? Well, not exactly. Using third-party apps can cause some serious problems, putting your organisation at risk of data breaches and exposing you to excess risk.
Employees are using apps that they already feel comfortable with, and, in some cases, have paid for. This familiarity can increase productivity and enable work to continue outside the constraints of the 9-5.
File sharing systems like DropBox can make important documents available anywhere in the world, while collaborative workspaces like Basecamp and Google Docs are heralding new ways of working. Not wanting to get left behind, Microsoft now offers a comprehensive cloud platform to all users, based on its legendary suite of Office programmes.
The concept of BYOA isn’t a recent one. “BYOA has been around since the 80s with finance professionals bringing in their own spreadsheet programs,” explains Niall Mackey, General Manager of Topsec Technology. What has accelerated is the proliferation of connected devices. In the UK alone, research company Statista estimates that the average Brit now has more than three connected devices (laptops, smartphones or tablets) – a number which is presently only set to increase.
Organisations spend time and money creating solid and secure systems, work which can potentially all unravel once employees start using their own apps. “Once a staff member is using a BYOA for company work, most companies have no visibility of what data is being exchanged, where its being stored and even where the BYOA company is registered,” Mackey cautions.
Sharing and storing information outside of your own organisation isn’t just a risk, it could also be illegal. Public sector organisations like the NHS can face huge fines if information – particularly that of patients – isn’t stored securely or is shared across email platforms.
So what can businesses do to protect themselves?
The first option is for organisations to ban BYOA outright, which is not going to be popular. It’s also going to be difficult – if not impossible – to police. Other options include using a service like Cloud Application Control (CAC). This enables employees to access BYOA in a controlled manner, with administrators able to track how apps are used and data is shared.
Back in 2013, Gartner believed that 25 per cent of businesses would have their own enterprise app store by 2017. This prediction may have been a little ambitious but it does point to a way of ensuring you stay in control.
You might have expected an expert coder to opt for the technical solution, but that’s not the way Chris Mash, Lead Developer at MyOxygen, sees it: “Organisations need to ensure there is a clear policy on what data can be stored in BYOA, and spend time educating staff about the risks.”
Increased connectivity and BYOA bring with them new global IT problems. There is, however, an age-old answer. The ultimate responsibility for security is – as always – down to the individual.