Bring your own device (BYOD) continues to be a problem as users continue to download risky applications that are working alongside business applications, according to a new survey.
Nearly 80 percent of the 600 survey respondents who completed the substantive sections of the survey allowed communications and collaborative apps on personal mobile devices, nearly 60 percent of which also have general Internet apps (such as web browsing and media file sharing), while another 44 percent allow VPN access from BYOD and 26 percent allow access directly to business systems, according to the survey by SANS Institute.
Four percent of the respondents admitted personal mobile devices are also accessing control system applications, while another eight percent are allowing access to field service applications.
“Personal mobile device access to critical business and infrastructure systems should raise huge red flags to organizations thinking that their only concern will be email on employee-owned smartphones, pads and tablets,” said Deb Radcliff , chief of the SANS Analyst Program, which developed the report. “Meanwhile, the means to protect access, applications and data are more difficult to develop and unify in mobile BYOD computing.”
A case in point, providing a unified identity management framework was both the least practiced and the most difficult to achieve, according to respondents. They are also trying to discern which tools and techniques make the best sense in protecting their networks and data from BYOD risks.
Securing devices and the mobile platforms was the top method of protection implemented by 66 percent of respondents, with application lifecycle management practiced by only 36 percent of organizations.
“Mobile application development seems to be repeating many of the mistakes from the past,” said Kevin Johnson , SANS Analyst and author of the report. “And these weaknesses need to be resolved due to the sensitive nature of the data on the devices.”
Of those 253 survey takers that also develop applications, the majority are web-based, with 32 percent of developers saying they also developed a line of business applications. The good news is that nearly 60 percent of them said they had application security lifecycle processes embedded in their development and testing cycles.
“The prominent use of mobile devices together with cloud computing have even greater potential to expose critical information than in the past,” adds Barbara Filkins, SANS Analyst consulting on this survey. “Mobile application development can no longer afford to ignore security best practices.”