Feb 18, 2015

There are a number of aspects that can impact the security of a company’s BYOD program. Chief among these are the types of apps that are being utilized.

If employees are not using applications that include the strong security measures needed to protect company information, they could be leaving the door wide open to cybercriminals. Enterprise administrators must thoroughly vet the programs they approve for use within the business and ensure that every possible step is taken to prevent unauthorized access to sensitive data.

BYOD security threat: Web apps
Recent Trend Micro research shows that the use of Web applications can often lead to cyber theft and hacking activities, according to Computer Weekly. Dawn Smeaton, Trend Micro Web application security director, noted that many times, the design process of a Web application does not take data protection into consideration.

“In the 15 years that I worked in Web application development, security never came up as a topic or requirement,” Smeaton said.

Because program developers are not building safeguards into their Web programs, it makes it increasingly easy for hackers to exploit these apps and steal sensitive content. Even well-established vulnerabilities like SQL injection attacks are not addressed in many Web apps. This kind of infiltration allows cybercriminals to perform a number of malicious processes like malware infections and steal data. Overall SQL attacks result in 80 percent of Web application breaches.

“All the data center security in the world is meaningless if organizations are leaving their front doors open by failing to secure Web applications,” Smeaton pointed out.

Smeaton suggested bolstering these protection measures by improving detection abilities, including the use of manual testing processes that can boost a business’s vulnerability discovery by 75 percent.

What to consider when choosing BYOD apps
One of the best ways to ensure that the company is not threatened by the apps it uses is by putting the programs through rigorous considerations before approving enterprise-wide utilization. IBM outlined several factors that must be examined to prevent administrators from selecting an unsecure app, including making sure the app has adequate authentication and data protection measures in place.

“Such features include secure client/server communication, on-device encryption, offline authentication, access control and other mechanisms that will complement your existing infrastructure as well as steer your brand away from embarrassment and legal actions,” wrote Jonathan Kempel, IBM Software Group product marketing manager.

Additionally, organizations should avoid leveraging any consumer-level file sharing programs that are not meant for use in the business sector. Instead, groups should utilize a secure file sharing platform that will best safeguard sensitive company data.