Apps, we all love em, we all use em, and we’re all leaving the enterprise more exposed than the albino beach backside of a Coppertone ad model.
Recently, Business Insider posted the Top 50 iPhone Apps that employees are subversively leveraging within the corporate firewall despite IT’s fervent emails and general dismay. In order of use, here are the top 10:
- Google Mail
- Apple iCloud
- Disqus (an app for leaving comments on Web sites)
- Amazon Web Services (Amazon’s cloud that hosts files and apps)
Let’s assume for a minute that completely ignoring the security wishes of the IT department is a forgivable practice. Let’s also assume that no one has ever added files with sensitive information to Facebook when we meant to instead post pictures of a great pair of shoes or a cool car. What’s most alarming in this list? I’ll give you a hint; focus on numbers 2, 3, 4, 8 and 10.
Apps that Cause IT Apoplexy
The problems in this scenario are many; adding sensitive corporate material to Facebook is a faux pas of egregious proportions, but at the end of the day while this is plausible it’s a slim chance scenario.
What should give any CIO or CSO worth their salt pause for concern are the gigabytes of data being thrown into the cloud with complete and reckless abandon via consumerized file Apps like Dropbox, iCloud, Amazon and Box.
Sure, people need a password for these sites, but as we all know one keystroke logger will send that Fort Knox crumbling to the ground. Also, how many people actually log out of these Apps…ever? Not often, which means anyone who grabs their mobile device be it family or foe has immediate access to a plethora of corporate brain trust.
Wrap That App (Or at least manage it)
So what is one to do with these partakers of non-permissioned Apps? Lack of visibility especially in a mobile environment is no longer an acceptable excuse. With Mobile App Management (MAM) solutions, IT has the ability to see every App across the enterprise, and yes this includes those much talked about Bring Your Own Devices (BYOD).
If privacy or employee rights are a concern with BYOD, mobile app management combined with Mobile Document Management can let IT and mobility business partners at the department level dictate the documents that may and may not be shared.
Basically, there are options when it comes to Apps. Depending on your specific security needs, you might want to leverage the panacea of security with containerization, but that might also be overkill. At the very least you should have visibility and management before your entire enterprise is uploaded for the world to see.