How IT Can Protect Enterprises from Rogue Apps


Mobile devices and cloud computing have changed the way companies do business, but as technology has evolved, so has the nature of the threats enterprises face. Just a few years ago, IT departments were focused on preventing damage to computers and networks from viruses and worms. When mobile apps became widely popular, app stores initially struggled to make downloading safe for users, but while some challenges remain, today reputable app sources have weeded out the most dangerous threats through better vetting practices.

Today, the primary danger from the mobile enterprise standpoint comes from what apps do with the information they can access. The threat doesn’t necessarily arise from malicious intent on the part of the app developer. All device designers and app developers struggle with balancing convenience and security. To name just one recent example, the Starbucks app was updated earlier this year when security watchdogs revealed that user data was stored on local devices unencrypted, exposing user data to potential misuse when devices fall into the wrong hands.

But aside from an unintentional risk that can be remedied with an update, as in the case of the Starbucks app, users are vulnerable because of a common business model in the app development community: Many development houses derive their income almost entirely from the user data they sell rather than downloads. Up to 90 percent of app developers generate revenue this way, and although they may claim they are just collecting data to improve the user experience, the truth is that user data – and the company information that passes through user devices – is at risk because of this practice.

Flashlight apps, for example, are notorious for scraping user data. When users download an app that allows them to use the light on their camera as a flashlight, they often unknowingly give the app permission to access their contacts, their geo-location and other data stored on the phone – information the app doesn’t need to operate the light on command. Apps can also push out updates that expand access to user data, and unwary users may give permission without understanding the implications for themselves – or for their employers.

IT departments are aware of the challenges mobile technology presents, particularly issues introduced by the BYOD trend. But to tackle it effectively, IT professionals need to stop thinking of themselves as app gatekeepers, and instead embrace the role of business solution collaborator. They need to work with their business unit counterparts to identify needed tools and find mobile applications that safely deliver the functionality business process owners need.

A leading pharmaceutical company that addressed this issue head-on can serve as a case study. The company partnered with an enterprise mobility specialist to catalog the apps their workforce was using on the job. At the outset of the project, there were about 9,000 devices with more than 9,400 apps, far too many to be thoroughly investigated by the typical in-house IT team, many of which are already struggling to meet urgent support responsibilities.

With the help of an enterprise mobility specialist, the pharmaceutical company discovered that hundreds of employees were using document scanning apps to perform critical job functions. The employees downloaded the scanners to be more efficient, but they were using about 70 different apps for the same function. The IT team and its partner were able to work with users to identify business needs and choose an app that met their requirements while protecting company data. This deliberate process is essential in any business, but particularly important in a highly regulated industry such as the healthcare sector.

Mobile apps have the potential to improve business operations significantly, empowering employees to manage critical business processes on the go, save time and eliminate expenses. Employees recognize this, and that’s why they download productivity apps – with or without permission. But to truly realize the transformative benefits of mobility and contain the threats unauthorized apps can introduce, IT professionals and business unit leaders need to work together, not as gatekeepers to shut down access to apps but as collaborators to give employees the tools they need to do their jobs more efficiently and effectively. 

Edited by Maurice Nagle
Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More