BYOD, cloud. Sorted! What about the apps?

Introduction

To most businesses the introduction of cloud systems and BYOD has been a time consuming process.   The what, why, how and how much have all been sorted out and you are now happy that your business can move forward and make more revenue and profit than it did before using these new in place systems.

By taking on the cloud and BYOD systems you now have a resilient business model that will not only protect the business but it will allow the business to see better and new opportunities in their business space, or even outside it.

The BYOD and cloud phenomenon

We all know how the cloud and BYOD phenomena has changed business, made it more reactive and responsive to both internal and external pleasures.   But, has it made it better, has it made the business more or less secure in how you protect your data.

When it comes to the use of Android for your BYOD system of choice you may have a problem with the apps that your staff are using.    The security features of the android marketplace have always been a problem, even with its introduction in 2008, the bad guys usurped the system and uploaded malware as mobile banking apps.   open systems are great, and that is what android is, but with it is the inherent problem of others knowing the system and exploiting it.    this is what the bag guys have been doing since its inception.

With the introduction of easily purchased android software and malware creation systems, the bad guys can now download a legitimate android app, change it to include their own malware and then upload it back to a similar website to confuse the normal punter.

What impact does a bad app have on your business With this new and improved technology readily available to the script kiddies, anyone anywhere, who has an android system is a target.   This means not only phones and tablets are targets, got a android based TV in your boardroom?   Just something to think about!

The apps are the driving force behind BYOD.   

They can make the business work more efficiently and effectively.   This efficiency and effectiveness has to be tempered with a level of paranoia and common sense.   A contaminated app can turn a profitable business into a smoking wreck in a short space of time.   But there are other concerns.   Banking apps, access to PayPal, personal information and business IP are all targeted by the bad guys.   The apps have to be managed correctly.

One of the largest problems is most people do not care, they are not aware of the danger that they are exposing themselves to.   I have seen this happen time and again.   In most cases the “I want to be able to do X” is the main and only driving force that people use when looking at apps.   For some reason TRUST is something that we give away more freely than any time previously.   In this vein, people will download similar apps till they get the one that does do X, they do not look at the ramifications of having all of those software components on the device.

Have you ever read that license agreement In addition to this, every apps has a license agreement, mainly to cover the people putting the software out there, so they do not get sued.   Even malware infected apps will have a license agreement, just to make them look legitimate.    There is a darker side to some of the license agreements.   Take the time to look at drop box for instance, buried deep within their agreement is the “the right to keep all data uploaded to their system”.

Drop box is used by business in some respects but it is more often used by staff so that they can work from home.  You know the people, sign up for drop box, install the app on their local machine and just drop everything that they need for the weekend into it.   The inherent insecurity of Drop box is an added bonus.

Most staff members do not realize what constitutes the businesses intellectual property.   Some of these thing that they are working on could include information that has an effect on the organisations stock price, information about pricing structure and more worrisome, how that new widget is made.   That information is now under the control of an outside party.

How to make sure that it is all OK The business apps that you use are an added capability that your business uses to get ahead of the competition.   There are a number of things that you need to check prior to using any app.

  • Create a BYOD policy for all devices connected to your network – if staff want to use their own devices then you have a need to keep YOUR information and data secure.
  • Make users justify their need for an app – Track all app especially ones that need to use other components of the device
  • Read the license agreement – if the data is no longer yours go elsewhere
  • Read the recommendations and feedback – this is a very important step.   You discover idiosyncrasies of the app as well as both good and bad feedback.
  • If the app is a part of a complete offering then you should already have done your due diligence if not, due diligence is a good place to start.

Conclusion

The BYOD and Cloud revolution has some astounding benefits for small and medium businesses and not for profit Organisations.   There are also inherent problems within these systems that are being deployed.    Both Cloud and BYOD components need to checked and double checked to ensure that the benefits are in your businesses best interest.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.

Leave a Reply