Contents. The BYOD Trojan Horse 2

Similar documents
Rethink Enterprise Endpoint Security In The Cloud Computing Era

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Mastering The Endpoint

GLOBAL PKI TRENDS STUDY

Data Loss Prevention - Global Market Outlook ( )

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

DaaS Market Report Workspace Services and Desktops-as-a-Service Global Market Trends: The Service Provider Perspective

Vulnerability Management Trends In APAC

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

Digital Forensics - Global Market Outlook ( )

Vertical Market Trends: Western Europe, (Executive Summary) Executive Summary

IFC ENERGY STORAGE MARKET REPORT

Security in India: Enabling a New Connected Era

Mid-Market Data Center Purchasing Drivers, Priorities and Barriers

TechValidate Survey Report: SaaS Application Trends and Challenges

Cyber Security and Cyber Fraud

Application Delivery Strategies for Today s Increasingly Mobile Workforce

Content Delivery Network (CDN) - Global Market Outlook ( )

2018 Mobile Security Report

As Enterprise Mobility Usage Escalates, So Does Security Risk

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Operationalize Security To Secure Your Data Perimeter

Tripwire State of Container Security Report

Third Annual Green IT & Sustainability Survey: U.S. Results and Services Implications

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

- Samsung Tablet Photo - Tablets Mean Business. Survey of IT pros reflects growing trend toward tablets for workforce mobility and more

Optimizing Infrastructure Management with Predictive Analytics: The Red Hat Insights Approach

Oracle Buys Automated Applications Controls Leader LogicalApps

The Problem with Privileged Users

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Modern Compute Is The Foundation For Your IT Transformation

Security Survey Executive Summary October 2008

The State of Cloud Monitoring

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Are You Protected. Get Ahead of the Curve

IT Monitoring Tool Gaps are Impacting the Business A survey of IT Professionals and Executives

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

The Black Box Institute

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment

GLOBAL ENCRYPTION TRENDS STUDY

Second International Barometer of Security in SMBs

ForeScout Extended Module for Splunk

Mobile App Development Market Research Report- Global Forecast to 2022

How Your Organization Can Drive Success in the Age of Digital Disruption

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT:

Ponemon Institute s 2018 Cost of a Data Breach Study

Personal Emergency Response Systems (PERS) - Global Market Outlook ( )

Are you protected? Get ahead of the curve Global data protection index

Securing Today s Mobile Workforce

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

WHY MOBILE SECURITY SHOULD BE IN YOUR TOP PRIORITIES

ACHIEVING FIFTH GENERATION CYBER SECURITY

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Best wishes for 2018! Bryan Ware, CEO. Haystax Technology INSIDER THREAT PREDICTIONS FOR

Evolve Your Security Operations Strategy To Account For Cloud

Conducted by Vanson Bourne Research

SD-WAN. Enabling the Enterprise to Overcome Barriers to Digital Transformation. An IDC InfoBrief Sponsored by Comcast

FACTS AND OPPORTUNITIES IN BRAZIL. Gartner IT Security Summit Washington DC, June 2008

A Global Look at IT Audit Best Practices

IT Security: Managing a New Reality

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

THALES DATA THREAT REPORT

IDC MarketScape: Worldwide Datacenter Transformation Consulting and Implementation Services 2016 Vendor Assessment

Accelerate Your Enterprise Private Cloud Initiative

TABLE OF CONTENTS ONLY IT Resiliency Benchmarking Report

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION

THALES DATA THREAT REPORT

Fact Or Fiction: The State Of GDPR Compliance

Service Provider VPN Market Disruption in the Central and Eastern European Market

Empowering Systems of Engagement: Business Value of Couchbase NoSQL Engagement Database. An IDC White Paper, Sponsored by Couchbase and Intel

TREND REPORT. Hosted VoIP: What IT Decision-Makers Really Think

TESTING TRENDS FOR 2018

SDI, Containers and DevOps - Cloud Adoption Trends Driving IT Transformation

MULTI-CLOUD REQUIRES NEW MANAGEMENT STRATEGIES AND A FORWARD-LOOKING APPROACH

WHITEPAPER. Lookout Mobile Endpoint Security for App Risks

Astrium Accelerates Research and Design with IHS Goldfire

SDN HAS ARRIVED, BUT NEEDS COMPLEMENTARY MANAGEMENT TOOLS

Sales Presentation Case 2018 Dell EMC

Spotlight Report. Information Security. Presented by. Group Partner

CYBER RESILIENCE & INCIDENT RESPONSE

Taking Back Control of Your Network With SD-LAN

Table of Contents. Introduction. Compelling Findings. Global Security Findings. Top Social Media Security Concerns. Key takeaways.

NORTON WI-FI RISK REPORT: U.S. Results

Abstract. The Challenges. ESG Lab Review InterSystems IRIS Data Platform: A Unified, Efficient Data Platform for Fast Business Insight

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

The 3 T s driving the global commercial security market technology, terrorism and theft

Caching Use Cases in the Enterprise

Build Your Zero Trust Security Strategy With Microsegmentation

Converged Security - Protect your Digital Enterprise May 24, Copyright 2016 Vivit Worldwide

Safeguard Application Uptime and Consistent Performance

Global Security Consulting Services, compliancy and risk asessment services

SMB Cloud InsightsTM

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

2014 IT Risk/Reward Barometer United States Results. November Number of respondents (n) = 452

Service Provider VPN Market Disruption in the LATAM Market

MaaS360 Secure Productivity Suite

CICS insights from IT professionals revealed

Vulnerability Management Survey

Transcription:

Sponsored by

Contents Introduction... 3 Rapid Adoption of Enterprise Mobility Continues... 4 Data Security Biggest Challenge When Implementing BYOD Policies... 5 Risk Reduction Policies Are a High Priority for Organizations Seeking to Mitigate Mobile App Security Risks... 6 Most Organizations Are Not Taking Action to Block Risky App Behaviors... 7 Conclusion... 9 Infographic... 10 Survey Background... 11 Methodology and Sampling... 11 Survey Demographics... 11 Location of Respondents... 11 Respondents Vertical Market... 12 Software Licensing and Provisioning Research at IDC... 15 About Flexera Software... 15 The BYOD Trojan Horse 2

The BYOD Trojan Horse: Dangerous Mobile App Behaviors & Back-Door Security Risks A Report by Flexera Software with input from IDC Introduction In the aftermath of the Sony hacker incident, IT Security once again is in the spotlight. Connected organizations are being especially vigilant against malicious players seeking to gain entrance into their networks and do harm. With the rapid infusion of mobile devices within the enterprise and the growing adoption of Bring Your Own Device (BYOD) mobility is also fast becoming another focal point for containing security risk. Shoring up networks to defend against mobile hacker threats is certainly a high IT priority. But what about less obvious risks posed by mobile devices and the apps running on them? Consider a seemingly innocuous mobile phone flashlight app. Recently a Federal Trade Commission lawsuit revealed that a flashlight app maker was illegally transmitting users precise locations and unique device identifiers to third parties, including advertising networks. Or consider the Environmental Protection Agency s (EPA) embarrassment occurring recently when an employee playing on a Kim Kardashian Hollywood app tweeted out to the EPA s 52,000 Twitter followers, I m now a C-List celebrity in Kim Kardashian: Hollywood. Come join me and become famous too by playing on iphone! What happened? The employee was using the app on her BYOD device. Unbeknownst to the employee, the app had the ability to automatically access the phone s twitter account and tweet out messages when certain game thresholds were reached. Unfortunately for the EPA the BYOD device was connected to the EPA s official twitter account not the employee s. What s the lesson here? Mobile app security risk is not limited to malevolent hackers and unfriendly governments. Threats to corporate data and reputation can be hidden like a trapdoor in a Trojan horse in the most seemingly innocuous apps, and can be unleashed on the organization by the most well-intentioned employee. Because of these hidden risks, we wanted to understand whether enterprises are aware of the risky behaviors associated with mobile apps that could compromise data security, and if so, what they re doing about it. The BYOD Trojan Horse 3

Bring-Your-Own - Device (BYOD) policy Mobile device management solution (MDM) Mobile application management solution (MAM) Rapid Adoption of Enterprise Mobility Continues According to our survey, enterprises are rapidly implementing the policies and infrastructure necessary to support broad employee access to mobile devices and applications. For instance, 29 percent of respondents have already implemented a mobile device management solution, 20 percent are doing so now, and another 27 percent plan on doing so within two years. 17 percent of respondents have already implemented a mobile application management solution, 15 percent are doing so now, and another 32 percent plan on doing so within two years. From a security perspective, BYOD policy implementation is an essential counterpart to mobility adoption. According to the survey, 28 percent of respondents have already implemented a BYOD policy, 20 percent are doing so now, and another 23 person plan on doing so within two years. Indicate your organization s plans to implement any of the following IT Services: 120% 100% 80% 60% 40% 20% 0% 30% 25% 23% 27% 20% 20% 28% 29% 36% 32% 15% 17% No plans to implement Will implement within 12-24 months Implementing now Already implemented The BYOD Trojan Horse 4

Software license tracking, management and optimization for mobile devices Data security Lack of knowledge of mobile application behavior in the enterprise Keeping applications for devices updated and ensuring compatibility with current IT environment Creating and enforcing a BYOD policy We are not implementing BYOD but plan on doing so within 12-24 months We are not implementing BYOD and have no plans to Data Security Biggest Challenge When Implementing BYOD Policies The BYOD policy memorializes an organization s approach to mobility, and among other things, the rules employees must follow in order to access corporate data and systems from their mobile devices. According to the survey, organizations face a variety of challenges around BYOD policy implementation. Not surprisingly the largest percentage of respondents 71 percent say ensuring data security is one of the biggest challenges they face around implementing BYOD policies. 43 percent say creating and enforcing the BYOD policy counts among their biggest challenges, and another 43 percent say software license tracking, management and optimization of mobile devices are significant challenges. What are the biggest challenges your organization faces implementing BYOD policies? 80% 70% 60% 50% 40% 30% 20% 0% 43% 71% 26% 40% 43% 11% 14% The BYOD Trojan Horse 5

User education Policies that block risky app behaviors App containerization and wrapping Restricting access to public store apps We don t have policies blocking risky app behaviors We don t have policies blocking risky app behaviors but we plan on implementing them within the next 12-24 months Risk Reduction Policies Are a High Priority for Organizations Seeking to Mitigate Mobile App Security Risks Given respondents accelerating enterprise adoption of mobility, their broad concerns around security, and broad adoption of BYOD policies as mechanisms for controlling risk we wanted to examine how far those policies go. Do they reflect a comprehensive awareness of the less obvious risks associated with mobile app behaviors that could serve as a Trojan horse, allowing hidden risk to enter the enterprise? According to the survey, a sizeable minority of enterprises are at least aware mobile apps can exhibit risky behaviors and they re taking some action. 47 percent are implementing BYOD policies to block risky mobile app behaviors. Another 22 percent plan on implementing those policies within two years. User education is also an important tool that 50 percent of enterprises are using to mitigate mobile app security risks. How is your organization mitigating the risks associated with mobile apps? 60% 50% 40% 50% 47% 30% 20% 27% 27% 18% 22% 0% The BYOD Trojan Horse 6

Most Organizations Are Not Taking Action to Block Risky App Behaviors While a majority of respondents are or plan on instituting policies that prohibit risky app behaviors, in practice most are not taking action to enforce those policies. For instance, key to enforcing policies against risky app behaviors is knowing what risky behaviors should be prohibited in the first place. Do features that allow the app to access a mobile device s GPS chip constitute risky behavior? What about features allowing an app to access and post to social media apps, or those allowing an app to report user and device data back to the app producer? Once risky behaviors are identified, have organizations identified the specific apps exhibiting those behaviors for the purpose of enforcing their BYOD policy? From blocking the app altogether to putting it in a container to protect the corporate network from a prohibited behavior an organization cannot enforce a policy until it has identified the type of behavior constituting a threat, and the apps causing those threats. According to the survey, most organizations 61 percent -- have not even identified which app behaviors they deem risky. Likewise, a majority of organizations 55 percent have not identified specific mobile apps that exhibit risky behaviors. Has your organization identified which mobile app behaviors it deems risky? 61% 39% Yes No Has your organization identified specific mobile applications? 55% 45% Yes No The BYOD Trojan Horse 7

Improved employee efficiency/productivity Improved employee satisfaction Lower IT infrastructure, device and support costs Lower enterprise application risk Employee access to more cutting-edge, upto-date devices We ve implemented BYOD but have not achieved the benefits we anticipated Organizations Are Not Realizing Significant Risk Reduction from their BYOD Policies As noted earlier, BYOD policies are only as effective as the steps organizations take to monitor and enforce those policies. For instance, once organizations understand which risky app behaviors are prohibited, it must then test those apps allowed onto BYOD devices in order to understand which ones exhibit prohibited behaviors. In light of the survey results, which indicated that only a minority of respondents have identified risky app behavior and risky mobile apps, it is not surprising that most organizations likewise report that they are not realizing significant risk reduction from their BYOD policies. Only 16 percent cite lower enterprise application risk as a benefit experienced as a result of their BYOD policy. If you ve already implemented BYOD at your organization, what benefits have you experienced? (check all that apply) 60% 50% 40% 30% 20% 0% 43% 55% 41% 16% 26% 17% The BYOD Trojan Horse 8

Conclusion Enterprises are accelerating their adoption of mobile devices as a critical component of the IT mix. And as they do so, security naturally is a high priority. Organizations are broadly implementing BYOD policies to shore up their security especially in light of concerns about the risky behaviors mobile apps are capable of that can threaten sensitive corporate data, vulnerable networks and reputation. However enterprises still have a long way to go to take the actions necessary to enforce their policies. Organizations are still largely unaware of the specific behaviors mobile apps are capable of. Moreover, most enterprises have still not taken action to block apps that exhibit those risky behaviors violating their BYOD security policies. It is not surprising, therefore, that while organizations do report many benefits resulting from BYOD lower application risk is not one of them. The BYOD Trojan Horse 9

Infographic The BYOD Trojan Horse 10

Survey Background This report is based on the 2015 Application Usage and Value survey, conducted by Flexera Software with input from IDC s Software Pricing and Licensing Research division under the direction of Amy Konary, Research Vice President - Software Licensing and Provisioning at IDC. This annual research project looks at software licensing, compliance and installation trends and best practices. The survey reaches out to executives at software vendors, intelligent device manufacturers as well as the enterprises that purchase and use software and devices. Methodology and Sampling The data contained in this report is based on three Application Usage and Value surveys, one targeted at independent software vendors (ISVs), one targeted at intelligent device manufacturers, and one at end-user organizations that consume enterprise software. More than 583 respondents participated, including executives and IT professionals from 264 software vendors, 172 hardware device manufacturers and 147 enterprise organizations. Survey Demographics Location of Respondents Of the 583 respondents to the survey, 53 percent reported their division headquarters as being located in the United States. 6 percent were from India, 4 percent from the United Kingdom, 4 percent from Australia & New Zealand, 3 percent from Germany and 1 percent from France. The BYOD Trojan Horse 11

Respondents Division Headquarters 1% 1% 1% 1% 1% 1% 1% 1% 0% 1% 1% 2% 3% 3% 4% 6% 53% United States India United Kingdom Germany Australia Italy Canada New Zealand France Netherlands Brazil China Finland Mexico Pakistan Sweden Croatia Respondents Vertical Market Respondents fell across a wide array of vertical markets. With respect to Enterprise Respondents, 20 percent were from the Business/IT Consulting Services industry, 12 percent from the Government/Public Sector and 10 percent were from the education, Financial Services, healthcare, Oil/Gas/Utility industries respectively. The BYOD Trojan Horse 12

Which of the following best describes your organization s vertical market? 20% 2% 3% 6% 12% Automotive Aerospace/Defense Consumer Goods Government/Public Sector Education 7% Financial Services Healthcare Oil/Gas/Utility Technology Manufacturing Business/IT Consulting Services With respect to software vendor respondents, 17 percent were from the financial industry, 16 percent from consumer, and 13 percent from Healthcare/Medical industry. Which of the following best describes the type of enterprise software your company develops? Electronic Design Automation (EDA) 6% 6% 16% 2% 13% Human Resources Management (Including Performance, Payroll and Talent Management) Healthcare/Medical Financial (Including Accounting, Billing, Forecasting) Enterprise Resource Planning (ERP) Customer Relationship Management (CRM) Product Lifecycle Management (PLM) 2% 11% 5% 8% 7% 17% Business Intelligence Database Management (Including Master Database Management) Project Management Retail Consumer With respect to hardware device maker respondents, 23 percent are from the telecommunications/network equipment providers industry, 20 percent from the computer The BYOD Trojan Horse 13

equipment and peripherals space, and 20 percent from the industrial/manufacturing automation space. Which of the following best describes your organization s vertical market? Telecommunications/Network Equipment Providers 12% 5% 4% 6% 23% Computer Equipment and Peripherals Industrial/Manufacturing Automation Building Automation Healthcare/Medical Devices 20% 20% Electronic Test and Measurement Equipment Automotive (Including Infotainment) Consumer Electronics (Including Home Automation) The BYOD Trojan Horse 14

Software Licensing and Provisioning Research at IDC IDC's global Software Licensing and Provisioning research practice is directed by Amy Konary. In this role, Ms. Konary is responsible for providing coverage of software go-to-market trends including volume license programs, evolving license models, global price management, and licensing technologies through market analysis, research and consulting. In her coverage of software maintenance, subscription, electronic software distribution and licensing technologies, Ms. Konary has been instrumental in forecasting future market size and growth. Ms. Konary was also the lead analyst for IDC's coverage of software as a service (SaaS) for eight years prior to focusing exclusively on pricing, licensing, and delivery. International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. For more information about IDC, please see www.idc.com About Flexera Software Flexera Software helps application producers and enterprises increase application usage and the value they derive from their software. Our next-generation software licensing, compliance and installation solutions are essential to ensure continuous licensing compliance, optimized software investments and to future-proof businesses against the risks and costs of constantly changing technology. Over 80,000 customers turn to Flexera Software as a trusted and neutral source for the knowledge and expertise we have gained as the marketplace leader for over 25 years and for the automation and intelligence designed into our products. For more information, please go to www.flexerasoftware.com. Flexera Software, LLC United Kingdom (Europe, Australia (Asia, For more locations visit: (Global Headquarters) Middle East Headquarters): Pacific Headquarters): www.flexerasoftware.co +1 800-809-5659 +44 870-871-1111 +61 3-9895-2000 +44 870-873-6300 The BYOD Trojan Horse 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback