Free Mobile Apps Put Your BYOD Strategies at Risk

When it comes to the BYOD trend, CIOs worry over their lack of control of mobile apps. However, it's not only about rogue mobile apps packing malware that trouble them. IT leaders are also concerned by the risks posed by malware-free mobile apps.

By Jeff Vance
Tue, September 18, 2012

CIO

mobile malware
When CIOs worry about the Bring Your Own Device (BYOD) trend, one of the things that most concerns them is their lack of control over mobile apps. Rogue apps packing malware are a major concern, but many malware-free apps pose risks too.

Even in curated marketplaces, mobile apps can be ridiculously intrusive. Earlier this year, Apple, Facebook, Yelp and several other firms were sued for privacy-infringing apps that, among other things, pillaged users' address books.

The Enterprise App Store: 10 Must-Have Features
Open for Business: It's the Year of the Corporate App Store

At the time, many security experts warned that this was the tip of the iceberg, and a recent study by Appthority, a provider of mobile security solutions, found that free apps are particularly risky because it was discovered they have the ability to access sensitive info.

That's bad enough, but what if the app uploads a sales representatives' contact list and the developer then sells it to a competitor? That's a new type of data leakage that most organizations aren't ready for.

We Won't Let Workers Anywhere Near the AppStore

Despite the risks, Illinois-based Riverside Medical Center believed they had no choice when it came to BYOD. Trying to simply prohibit end-user devices would be counterproductive. "For a hospital like ours, BYOD is a marketing issue as much as it is a security one," said Erik J. Devine, Riverside MC's CISO. "If doctors can't use their tablets or smartphones at this hospital, they'll start checking their patients into other ones."

In order to take part in the BYOD program, end users must agree that Riverside MC has the right to remotely wipe the device if any problems arise. That could mean wiping a user's photos or personal emails, but that's the risk users must take if the enterprise is going to cope with BYOD risks.

For corporate-owned devices, of course, risks are easier to manage. "If we decide to purchase an iPad for someone, when it's a pure work tool, you can't even get to the AppStore," Devine said. Good luck telling that to someone shelling out $150/month on an expensive data plan.

iPad Security: How a Hospital Group Treated Trouble
iPad Invades the Enterprise: How Big Are Security Risks?

For regulated industries like healthcare, though, banning application markets is common. Startup Happtique sees this as an opportunity and provides a mobile application store specifically for healthcare professionals. "A major challenge for clinicians and their IT departments is knowing what apps you can trust and which ones you can't," said Ben Chodor, CEO of Happtique.

Continue Reading

Our Commenting Policies