Mobile devices and cloud computing have changed the way companies do business, but as technology has evolved, so has the nature of the threats enterprises face. Just a few years ago, IT departments were focused on preventing damage to computers and networks from viruses and worms. When mobile apps became widely popular, app stores initially struggled to make downloading safe for users, but while some challenges remain, today reputable app sources have weeded out the most dangerous threats through better vetting practices.

Today, the primary danger from the mobile enterprise standpoint comes from what apps do with the information they can access. The threat doesn’t necessarily arise from malicious intent on the part of the app developer. All device designers and app developers struggle with balancing convenience and security. To name just one recent example, the Starbucks app was updated earlier this year when security watchdogs revealed that user data was stored on local devices unencrypted, exposing user data to potential misuse when devices fall into the wrong hands.

But aside from an unintentional risk that can be remedied with an update, as in the case of the Starbucks app, users are vulnerable because of a common business model in the app development community: Many development houses derive their income almost entirely from the user data they sell rather than downloads. Up to 90 percent of app developers generate revenue this way, and although they may claim they are just collecting data to improve the user experience, the truth is that user data – and the company information that passes through user devices – is at risk because of this practice.

Flashlight apps, for example, are notorious for scraping user data. When users download an app that allows them to use the light on their camera as a flashlight, they often unknowingly give the app permission to access their contacts, their geo-location and other data stored on the phone – information the app doesn’t need to operate the light on command. Apps can also push out updates that expand access to user data, and unwary users may give permission without understanding the implications for themselves – or for their employers.

IT departments are aware of the challenges mobile technology presents, particularly issues introduced by the BYOD trend. But to tackle it effectively, IT professionals need to stop thinking of themselves as app gatekeepers, and instead embrace the role of business solution collaborator. They need to work with their business unit counterparts to identify needed tools and find mobile applications that safely deliver the functionality business process owners need.

A leading pharmaceutical company that addressed this issue head-on can serve as a case study. The company partnered with an enterprise mobility specialist to catalog the apps their workforce was using on the job. At the outset of the project, there were about 9,000 devices with more than 9,400 apps, far too many to be thoroughly investigated by the typical in-house IT team, many of which are already struggling to meet urgent support responsibilities.

With the help of an enterprise mobility specialist, the pharmaceutical company discovered that hundreds of employees were using document scanning apps to perform critical job functions. The employees downloaded the scanners to be more efficient, but they were using about 70 different apps for the same function. The IT team and its partner were able to work with users to identify business needs and choose an app that met their requirements while protecting company data. This deliberate process is essential in any business, but particularly important in a highly regulated industry such as the healthcare sector.

Mobile apps have the potential to improve business operations significantly, empowering employees to manage critical business processes on the go, save time and eliminate expenses. Employees recognize this, and that’s why they download productivity apps – with or without permission. But to truly realize the transformative benefits of mobility and contain the threats unauthorized apps can introduce, IT professionals and business unit leaders need to work together, not as gatekeepers to shut down access to apps but as collaborators to give employees the tools they need to do their jobs more efficiently and effectively.