Enterprises failing to spot 'Trojan' apps
Organisations not blocking risky behaviour from apps on end user devices
Enterprise organisations are neglecting the risks posed by innocuous mobile apps on their users' devices, according to a new report from Flexera Software and IDC.
The report, The BYOD Trojan Horse: Dangerous Mobile App Behaviours & Back-Door Security Risks, said that organisations are not doing nearly enough to understand which mobile app behaviours hitting their networks and data are risky, nor are they testing apps for those risky behaviours to ensure proper enforcement of their BYOD policies.
Flexera and IDC warn that risky behaviour may be found even in seemingly innocent looking apps that their end users have downloaded to their personal devices, creating a whole new Trojan Horse risk.
The report shows that while companies see data security as the main threat when allowing users to bring their own device (71%), the majority (61%) have not identified which behaviours they consider to be risky, such as apps that access social media or that send data back to the developers.
Flexera said that the report shows the risk from threats hidden in seemingly safe end user apps.
The report found that while 48% of organisations have implemented BYOD policies, only 16% of respondents believe these policies have resulted in lower enterprise application risk.
At the same time, while 47% say that they are instituting policies to block risky app behaviour, and 22% plan to follow suite within the next two years, 55% have yet to identify the apps that they deem as risky.
"BYOD policies are critical to organisations seeking to maximise the value and minimise the risks they encounter by integrating mobile devices and apps within their infrastructures, because these policies define the behaviours that are and are not acceptable," said Robert Young, research manager, End Point Device & IT Service Management and Client Virtualisation Software, IDC. "But BYOD policies are inadequate if appropriate enforcement mechanisms are not put into place and followed."
"Most organisations already have strong processes to test and remediate traditional desktop, virtualised and cloud based applications to make sure they're safe and reliable. But as the report indicates, enterprises have not extended these Application Readiness best practices to mobile apps," said Maureen Polte, vice president of Product Management at Flexera Software. "These same processes can and should be extended to mobile apps to ensure that risky app behaviours and apps are identified and appropriate measures are taken to contain those risks."