Yesterday we looked at the growing area of Shadow IT within organisations. We concluded that even though Shadow IT has the potential to be a force for good, there is still a significant threat posed by the usage of apps that do not align with a company’s security, compliance, reliability, documentation or control.
How much of a threat do mobile apps now pose? Is it true that a small device used incorrectly could rapidly become the biggest security hole in a company? The advent of BYOD certainly opens up companies to threats that may slip through the network cracks because of employee negligence or lack of understanding.
Companies need to understand that a BYOD culture will inevitably open them up to security challenges. For example, the 400+ million Android devices in operation doesn’t only mean big money for Google but also means big money to app makers, and unfortunately, criminals. However, although surveys in all industries regularly show criminals will target the companies, systems and platforms with the most users, who is actually more of a threat to an organisation, criminals or employees?
According to a Ponemon Institute study, a company’s own employees are certainly the biggest threat to company data – they say one third of all data breaches are internal and accidentally caused by workers. Employees risk losing data when their devices are stolen or not sufficiently secured from data-stealing malware – for example, it is predicted that only 20% of Android-based devices have security apps installed, while smartphones and cell phones make up 30 to 40 percent of all robberies in major North American cities, accounting for 27,000 thefts.
The same study also shows that employee negligence is the root of many data breaches – this category includes connecting to unsecure wireless networks, downloading and installing unapproved apps, and visiting malicious websites. Mobile Malware can do a lot of harm to a business – information-stealing malware, one of the most prevalent Android malware types can log, steal, and publish almost everything an employee does on their mobile. When half of business leaders say they frequently use the same password for personal web applications as they do for sensitive work applications, it is paving the way for a major data breach.
BYOD also means many IT organisations are not fully aware of which cloud applications are in use across the enterprise, making it difficult for them to monitor and control user access to mission-critical applications and data. With half of all mission-critical applications expected to be running in the cloud by next year, it is vital that companies put in place the right processes to mitigate any risks. Jackie Gilbert, Vice President of Sailpoint, a leading management solutions provider, recently claimed that “Just 34 percent of companies bring IT staff into the vendor selection and planning process when a cloud application is procured without using an IT budget, and more than 14 percent of business leaders said they have no way of knowing if sensitive data is stored in the cloud at all”. It suggests a serious lack of visibility and control that can greatly increase an organisation’s risk of security breaches.
Which apps specifically pose the biggest risk to organisations? Which most frequently violate IT policy? Stay tuned for a special report that we will release on CloudTweaks.com tomorrow.
By Daniel Price