When bring your own device (BYOD) first came on the enterprise scene, organizations struggled with how to develop an IT policy to manage and control devices they didn’t own. Now, with 72 percent of organizations supporting BYOD for all or some employees according to Bitglass, organizations have found ways to better control personally-owned devices.
The new threat to organizations, however, is the bring your own application (BYOA) movement. Today, there are 2.8 million apps available in the Google Play store, and the North American app market is estimated to grow to $89.6 billion by 2019, according to MicroMarketMonitor. As apps continue to proliferate, so too does the security threat they present.
Why App Security Is a Concern
App security concerns are in part due to a host of mobile application development platforms (MADP) and rapid mobile application development (RMAD) tools that have popped up to meet the demand for faster time to market for mobile apps. While these tools have made it easier for anyone to create a mobile app, this also means more developers without strong security knowledge are creating apps.
A recent survey by LogMeIn found that 70 percent of enterprises have some presence of BYOA, and that 64 percent of respondents will download their own solution even when one is already in place.
This should be cause for concern. In a 2016 Mobile Security report, McAffee noted that it counted 37 million instances of malware in six months on apps available on app stores.
How to Protect Against Malicious Apps
While mitigating the risk from BYOA is a challenge, here are a few best practices you can implement:
- Establish an IT policy around BYOA: Employees need to understand the risks apps can pose to company data and their responsibility in ensuring the security of the apps they use. IT policies should educate users on the risks while requiring them to use secure passwords or biometrics, be aware of what data apps are asking to access and whether that access is appropriate for the apps to function, and to only download apps from trusted sources. Also, be sure that employees understand that bring your own application risks will be monitored by your organization.
- Build a corporate app store: By launching your own corporate app store or using Google Play for Work, you can better ensure the security of apps and control which ones are being loaded onto devices.
- Publish app blacklists: Similar to a corporate store where only whitelisted apps are available, you can also do the reverse — letting employees know which apps are strictly forbidden due to their security risk.
- Deploy a containerization solution to secure corporate data: Use an on-device container to isolate business applications and data from a users’ personal apps. This will allow more control and security over apps in the business container while giving end users more freedom in what personal apps they use.
- Perform comprehensive app security testing: To ensure applications aren’t vulnerable to malicious attacks, organizations should monitor and control what they can. There are a number of tools available that allow you to perform security testing on applications, as well as EMM solutions that can help provide more granular control of what apps users can access.
The continued rise in mobile usage means that mobile app security threats will only continue to increase. Constant vigilance, a strong mobile security IT policy, end user education and smart tools to help mitigate the risks are your best defenses.
Looking for more tips to increase mobile security? Discover how enhancing the security of your enterprise data starts at the top.