In bring-your-own-device (BYOD) environments, network administrators have mobile application security on the brain....
Personal smartphones and tablets with thousands of unsanctioned apps are connecting to corporate networks. These mobile applications can pose new security risks for the enterprise.
Mobile application control technology can help IT mitigate mobile application security risks while throttling down bandwidth consumption by mobile Facebook and YouTube apps.
Enterprises might be struggling to create and uphold corporate BYOD policies, but the power to select which mobile applications will be allowed to run across the WAN is an area of security where network administrators might need to tread lightly.
Mobile application security can kick BYOD-related concerns
An IT organization's ability to impose mobile application security and control traditionally has been limited to corporate-owned devices -- as opposed to browser-based applications and websites that produce very visible traffic that can easily be detected, blocked and controlled.
More on mobile application security
Mobile application security management in the BYOD era
Best practices: Mobile application security
Mobile application security threats
As BYOD has gained acceptance, with 57% of employees bringing their own mobile devices to work, according to recent Forrester Research data, mobile application management on BYOD devices is essential, said Sasi Murthy, director of Web security for Blue Coat.
Blue Coat Systems Inc. recently integrated new mobile application security controls into its Blue Coat ProxySG appliances and Blue Coat Cloud Service. These controls address mobile applications on personal mobile devices connected to the enterprise network. They are based on Blue Coat's WebPulse infrastructure, part of the company's security portfolio that allows for viewing traditional Web-based application and website traffic. According to Murthy, the new controls will be able to target the latest Web-based and mobile apps on personal devices on the same granular level that Blue Coat has had for traditional Web traffic.
The security controls allow IT to see which mobile applications are running across the corporate network and to apply policies to block them or to allow only parts of the application to work, based on types of users. "Some enterprises have certain employees who may need to use social media tools, like Facebook and Twitter," Murthy said. "The mobile application security controls can create a read-only version of certain applications or even block them completely from certain employees," she said. IT will be able to customize the controls according to the needs of its users, and Blue Coat plans to add new mobile applications and operations to the controls on a monthly basis.
Blue Coat is giving IT deeper control over which applications are moving across the network -- regardless of device, noted Phil Hochmuth, program manager for security products at IDC. "Mobile application traffic isn't that visible on the network," he said. "The controls will allow enterprises to have more visibility and say over what applications are being used -- instead of just doing some Web-filtering."
Mobile application security: Do enterprises want the power?
Granting IT the power to select which mobile applications can be used -- and to what extent -- is raising not only technological concerns, but potential privacy issues for the enterprise, said John Pironti, president of consultancy IP Architects LLC.
While BYOD has introduced the need for greater network granularity, Pironti questions enterprises placing controls on personal devices. The business case should be determined for each mobile application -- but not necessarily by a "black or white list from the vendor," he said.
"It's hard to tell users what applications or parts of applications are being blocked without educating the employee on why this was a necessary decision," Pironti said. "If the enterprise is issuing the device, it's a different story" he said, adding "It's all about balancing BYOD with business need."
But BYOD presents a gray area, IDC's Hochmuth noted. There must be give-and-take between IT and users. "Information can be sensitive, so enterprises should help their employees understand that if they want to connect their personal device to the corporate network, they might not be able to do everything, like forward files via email or post Facebook statuses," he said.
Mobile applications can also pose a financial burden to the enterprise because unsanctioned apps can consume bandwidth, a commodity that is being chipped away at by the use of personal devices, Hochmuth said. "[The enterprise], not its users, spends money on the infrastructure, so any [controls] that can address bandwidth usage will be helpful moving forward."
Let us know what you think about the story; email: Gina Narcisi, News Writer.