On-the-go defense
On-the-go defense

Where devices go, applications follow. And in today's bring-your-own-device (BYOD) world, with personal devices increasingly flooding onto the enterprise network, a plethora of unexpected and sometimes unwanted applications are coming through the floodgates as well. This massive change is throwing even the most confident IT managers for a loop, according to many experts.

“Traditionally, things were cut and dried in the BlackBerry days,” says John Sawyer, senior security analyst with In Guardians, an information security consultancy based in Washington D.C.

“The company provided one device with one management platform and [had] hundreds of controls and a locked-down environment. In the past few years, with the economic crisis, companies are cutting costs and [giving] employees the new devices they want with BYOD. And consumer products that no one ever thought of being there are entering the enterprise.”

Companies need to understand the risk and the opportunity implicit in mobilizing the workforce – and that means learning to operate security in a completely different paradigm than they have before, says Nicko van Someren, chief technology officer for Good Technology, a Sunnyvale, Calif.-based provider of multiplatform enterprise mobility. “Mobility is an increasingly important tool,” van Someren says. “IT organizations have been used to having a great deal of control on the machines on which their information is resting. But in a mobile world, they don't control the connectivity, they often don't control the device, and there are more issues with the loss of control of the data that legitimately makes it onto the devices and then is moved somewhere else.”

“Operating systems don't sell devices... what sells devices is the apps.”

– Tyler Shields, senior security researcher and mobile expert, Veracode

Indeed, if employees are using their own personal devices for work, they will often enlist personal applications on that device through the corporate network. In addition, mobile users are also seeking out and finding applications for business use that they download onto their personal or even company-issued phones or tablets. As Sawyer points out, there are an ever-growing number of enterprise applications targeting everything from health care to industrial control systems. So, both business-related apps that are neither used nor sanctioned by the company, in addition to just plain fun ones, are getting downloaded onto both personal and corporate-controlled devices. BYOD or no, it seems the line between the private and the professional is blurring beyond recognition.

And it's not surprising considering how important the application has become in the scheme of device usability. “Phones don't sell mobile devices,” says Tyler Shields, senior security researcher and mobile expert for Veracode, a Burlington, Mass.-based application security company. “Operating systems don't sell devices. What sells devices is the apps.”

Click here for full access to our exclusive Mobile Spotlight issue.