Employees continue to use risky apps on mobile devices
Posted on 31 May 2013.
Risky applications and business applications are being used side-by-side on devices owned by employees that are used for work, according to a survey by the SANS Institute.


Nearly 80% of the 600 survey respondents who completed the substantive sections of the survey allowed communications and collaborative apps on personal mobile devices, nearly 60% of which also have general Internet apps (such as web browsing and media file sharing), while another 44% allow VPN access from BYOD and 26% allow access directly to business systems.

Four percent of the respondents answered that personal mobile devices are also accessing control system applications, while another 8 percent are allowing access to field service applications.

"Personal mobile device access to critical business and infrastructure systems should raise huge red flags to organizations thinking that their only concern will be e-mail on employee-owned smartphones, pads and tablets," says Deb Radcliff , chief of the SANS Analyst Program, which developed the report. "Meanwhile, the means to protect access, applications and data are more difficult to develop and unify in mobile BYOD computing."

For example, providing a unified identity management framework was both the least practiced and the most difficult to achieve, according to respondents. They are also trying to discern which tools and techniques make the best sense in protecting their networks and data from BYOD risks.

Securing devices and the mobile platforms was the top method of protection being implemented by 66% of respondents, with application lifecycle management being practiced by only 36% of organizations.

"Mobile application development seems to be repeating many of the mistakes from the past," says Kevin Johnson , SANS Analyst and author of the report. "And these weaknesses need to be resolved due to the sensitive nature of the data on the devices."

Of those 253 survey takers that also develop applications, the majority are web-based, with 32% of developers saying they also developed line of business applications. The good news that nearly 60% of them indicated they had application security lifecycle processes embedded in their development and testing cycles.

"The prominent use of mobile devices together with cloud computing have even greater potential to expose critical information than in the past," adds Barbara Filkins , SANS Analyst consulting on this survey. "Mobile application development can no longer afford to ignore security best practices."





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //