Flexera Software Playbook Template€¦ · The BYOD Trojan Horse 3 The BYOD Trojan Horse: Dangerous...
Transcript of Flexera Software Playbook Template€¦ · The BYOD Trojan Horse 3 The BYOD Trojan Horse: Dangerous...
Sponsored by
The BYOD Trojan Horse 2
Contents
Introduction .......................................................................................................................... 3
Rapid Adoption of Enterprise Mobility Continues ................................................................. 4
Data Security Biggest Challenge When Implementing BYOD Policies ................................. 5
Risk Reduction Policies Are a High Priority for Organizations Seeking to Mitigate Mobile
App Security Risks ............................................................................................................... 6
Most Organizations Are Not Taking Action to Block Risky App Behaviors ........................... 7
Conclusion ........................................................................................................................... 9
Infographic ......................................................................................................................... 10
Survey Background ............................................................................................................... 11
Methodology and Sampling ................................................................................................... 11
Survey Demographics ....................................................................................................... 11
Location of Respondents ................................................................................................ 11
Respondents’ Vertical Market ......................................................................................... 12
Software Licensing and Provisioning Research at IDC .......................................................... 15
About Flexera Software ......................................................................................................... 15
The BYOD Trojan Horse 3
The BYOD Trojan Horse: Dangerous Mobile App
Behaviors & Back-Door Security Risks A Report by Flexera Software with input from IDC
Introduction In the aftermath of the Sony hacker incident, IT Security once again is in the spotlight. Connected
organizations are being especially vigilant against malicious players seeking to gain entrance into their
networks and do harm.
With the rapid infusion of mobile devices within the enterprise and the growing adoption of Bring Your
Own Device (BYOD) – mobility is also fast becoming another focal point for containing security risk.
Shoring up networks to defend against mobile hacker threats is certainly a high IT priority. But what
about less obvious risks posed by mobile devices and the apps running on them?
Consider a seemingly innocuous mobile phone flashlight app. Recently a Federal Trade Commission
lawsuit revealed that a flashlight app maker was illegally transmitting users’ precise locations and
unique device identifiers to third parties, including advertising networks.
Or consider the Environmental Protection Agency’s (EPA) embarrassment occurring recently when an
employee playing on a Kim Kardashian Hollywood” app tweeted out to the EPA’s 52,000 Twitter
followers, “I’m now a C-List celebrity in Kim Kardashian: Hollywood. Come join me and become famous
too by playing on iPhone!” What happened? The employee was using the app on her BYOD device.
Unbeknownst to the employee, the app had the ability to automatically access the phone’s twitter
account and tweet out messages when certain game thresholds were reached. Unfortunately for the
EPA – the BYOD device was connected to the EPA’s official twitter account – not the employee’s.
What’s the lesson here? Mobile app security risk is not limited to malevolent hackers and unfriendly
governments. Threats to corporate data and reputation can be hidden – like a trapdoor in a Trojan
horse – in the most seemingly innocuous apps, and can be unleashed on the organization by the most
well-intentioned employee.
Because of these hidden risks, we wanted to understand whether enterprises are aware of the risky
behaviors associated with mobile apps that could compromise data security, and if so, what they’re
doing about it.
The BYOD Trojan Horse 4
Rapid Adoption of Enterprise Mobility Continues According to our survey, enterprises are rapidly implementing the policies and infrastructure necessary
to support broad employee access to mobile devices and applications. For instance, 29 percent of
respondents have already implemented a mobile device management solution, 20 percent are doing so
now, and another 27 percent plan on doing so within two years. 17 percent of respondents have
already implemented a mobile application management solution, 15 percent are doing so now, and
another 32 percent plan on doing so within two years.
From a security perspective, BYOD policy implementation is an essential counterpart to mobility
adoption. According to the survey, 28 percent of respondents have already implemented a BYOD
policy, 20 percent are doing so now, and another 23 person plan on doing so within two years.
28% 29%17%
20% 20%
15%
23% 27%
32%
30% 25%36%
0%
20%
40%
60%
80%
100%
120%
Bri
ng
-Yo
ur-
Ow
n -
De
vic
e (
BY
OD
)p
olic
y
Mo
bile
de
vic
em
an
ag
em
en
tso
lutio
n (
MD
M)
Mo
bile
ap
plic
atio
nm
an
ag
em
en
tso
lutio
n (
MA
M)
Indicate your organization’s plans to implement any of the following IT Services:
No plans to implement
Will implement within 12-24months
Implementing now
Already implemented
The BYOD Trojan Horse 5
Data Security Biggest Challenge When Implementing BYOD Policies The BYOD policy memorializes an organization’s approach to mobility, and among other things, the
rules employees must follow in order to access corporate data and systems from their mobile devices.
According to the survey, organizations face a variety of challenges around BYOD policy
implementation.
Not surprisingly the largest percentage of respondents – 71 percent – say ensuring data security is one
of the biggest challenges they face around implementing BYOD policies. 43 percent say creating and
enforcing the BYOD policy counts among their biggest challenges, and another 43 percent say software
license tracking, management and optimization of mobile devices are significant challenges.
43%
71%
26%
40%43%
11%14%
0%
10%
20%
30%
40%
50%
60%
70%
80%
So
ftw
are
lic
en
se
tra
ckin
g,
ma
na
ge
me
nt
an
d o
ptim
iza
tio
n f
or
mo
bile
de
vic
es
Da
ta s
ecu
rity
La
ck o
f kn
ow
led
ge
of
mo
bile
ap
plic
atio
nb
eh
avio
r in
th
ee
nte
rpri
se
Ke
ep
ing
ap
plic
atio
ns
for
de
vic
es u
pd
ate
da
nd
en
su
rin
gco
mp
atib
ility
with
cu
rre
nt
IT e
nvir
on
me
nt
Cre
atin
g a
nd
en
forc
ing
a B
YO
Dp
olic
y
We
are
no
tim
ple
me
ntin
g B
YO
Db
ut
pla
n o
n d
oin
g s
ow
ith
in 1
2-2
4 m
on
ths
We
are
no
tim
ple
me
ntin
g B
YO
Da
nd
ha
ve
no
pla
ns t
o
What are the biggest challenges your organization faces implementing BYOD policies?
The BYOD Trojan Horse 6
Risk Reduction Policies Are a High Priority for Organizations Seeking to
Mitigate Mobile App Security Risks Given respondents’ accelerating enterprise adoption of mobility, their broad concerns around security,
and broad adoption of BYOD policies as mechanisms for controlling risk – we wanted to examine how
far those policies go. Do they reflect a comprehensive awareness of the less obvious risks associated
with mobile app behaviors that could serve as a Trojan horse, allowing hidden risk to enter the
enterprise?
According to the survey, a sizeable minority of enterprises are at least aware mobile apps can exhibit
risky behaviors – and they’re taking some action. 47 percent are implementing BYOD policies to block
risky mobile app behaviors. Another 22 percent plan on implementing those policies within two years.
User education is also an important tool that 50 percent of enterprises are using to mitigate mobile app
security risks.
50%47%
27% 27%
18%22%
0%
10%
20%
30%
40%
50%
60%
Use
r e
du
ca
tio
n
Po
licie
s t
ha
t b
lock r
isky
ap
p b
eh
avio
rs
Ap
p c
on
tain
eri
za
tio
n a
nd
wra
pp
ing
Re
str
ictin
g a
cce
ss t
op
ub
lic s
tore
ap
ps
We
do
n’t h
ave
po
licie
s
blo
ckin
g r
isky a
pp
b
eh
avio
rs
We
do
n’t h
ave
po
licie
s
blo
ckin
g r
isky a
pp
b
eh
avio
rs b
ut
we
pla
n o
n
imp
lem
en
tin
g t
he
m w
ith
in
the
ne
xt
12
-24
mo
nth
s
How is your organization mitigating the risks associated with mobile apps?
The BYOD Trojan Horse 7
Most Organizations Are Not Taking Action to Block Risky App Behaviors While a majority of respondents are or plan on instituting policies that prohibit risky app behaviors, in
practice most are not taking action to enforce those policies. For instance, key to enforcing policies
against risky app behaviors is knowing what risky behaviors should be prohibited in the first place. Do
features that allow the app to access a mobile device’s GPS chip constitute risky behavior? What
about features allowing an app to access and post to social media apps, or those allowing an app to
report user and device data back to the app producer?
Once risky behaviors are identified, have organizations identified the specific apps exhibiting those
behaviors for the purpose of enforcing their BYOD policy? From blocking the app altogether to putting
it in a container to protect the corporate network from a prohibited behavior – an organization cannot
enforce a policy until it has identified the type of behavior constituting a threat, and the apps causing
those threats.
According to the survey, most organizations – 61 percent -- have not even identified which app
behaviors they deem risky. Likewise, a majority of organizations – 55 percent – have not identified
specific mobile apps that exhibit risky behaviors.
39%
61%
Has your organization identified which mobile app behaviors it deems risky?
Yes No
45%
55%
Has your organization identified specific mobile applications?
Yes No
The BYOD Trojan Horse 8
Organizations Are Not Realizing Significant Risk Reduction from their
BYOD Policies
As noted earlier, BYOD policies are only as effective as the steps organizations take to monitor and
enforce those policies. For instance, once organizations understand which risky app behaviors are
prohibited, it must then test those apps allowed onto BYOD devices in order to understand which ones
exhibit prohibited behaviors.
In light of the survey results, which indicated that only a minority of respondents have identified risky
app behavior and risky mobile apps, it is not surprising that most organizations likewise report that they
are not realizing significant risk reduction from their BYOD policies. Only 16 percent cite lower
enterprise application risk as a benefit experienced as a result of their BYOD policy.
43%
55%
41%
16%
26%
17%
0%
10%
20%
30%
40%
50%
60%
Imp
rove
d e
mp
loye
ee
ffic
ien
cy/p
rod
uctivity
Imp
rove
d e
mp
loye
esa
tisfa
ctio
n
Lo
we
r IT
in
fra
str
uctu
re,
de
vic
e a
nd
su
pp
ort
co
sts
Lo
we
r e
nte
rpri
se
ap
plic
atio
n r
isk
Em
plo
ye
e a
cce
ss t
om
ore
cu
ttin
g-e
dg
e,
up
-to
-da
te d
evic
es
We
’ve
im
ple
me
nte
d
BY
OD
bu
t h
ave
no
t a
ch
ieve
d t
he
be
ne
fits
w
e a
nticip
ate
d
If you’ve already implemented BYOD at your organization, what benefits have you experienced? (check all that apply)
The BYOD Trojan Horse 9
Conclusion Enterprises are accelerating their adoption of mobile devices as a critical component of the IT mix. And
as they do so, security naturally is a high priority. Organizations are broadly implementing BYOD
policies to shore up their security – especially in light of concerns about the risky behaviors mobile apps
are capable of that can threaten sensitive corporate data, vulnerable networks and reputation.
However enterprises still have a long way to go to take the actions necessary to enforce their policies.
Organizations are still largely unaware of the specific behaviors mobile apps are capable of. Moreover,
most enterprises have still not taken action to block apps that exhibit those risky behaviors violating
their BYOD security policies. It is not surprising, therefore, that while organizations do report many
benefits resulting from BYOD – lower application risk is not one of them.
The BYOD Trojan Horse 10
Infographic
The BYOD Trojan Horse 11
Survey Background
This report is based on the 2015 Application Usage and Value survey, conducted by Flexera Software
with input from IDC’s Software Pricing and Licensing Research division under the direction of Amy
Konary, Research Vice President - Software Licensing and Provisioning at IDC. This annual research
project looks at software licensing, compliance and installation trends and best practices. The survey
reaches out to executives at software vendors, intelligent device manufacturers as well as the
enterprises that purchase and use software and devices.
Methodology and Sampling The data contained in this report is based on three Application Usage and Value surveys, one targeted
at independent software vendors (ISVs), one targeted at intelligent device manufacturers, and one at
end-user organizations that consume enterprise software. More than 583 respondents participated,
including executives and IT professionals from 264 software vendors, 172 hardware device
manufacturers and 147 enterprise organizations.
Survey Demographics
Location of Respondents
Of the 583 respondents to the survey, 53 percent reported their division headquarters as being
located in the United States. 6 percent were from India, 4 percent from the United Kingdom, 4
percent from Australia & New Zealand, 3 percent from Germany and 1 percent from France.
The BYOD Trojan Horse 12
Respondents’ Vertical Market
Respondents fell across a wide array of vertical markets. With respect to Enterprise Respondents, 20 percent were from the Business/IT Consulting Services industry, 12 percent from the Government/Public Sector and 10 percent were from the education, Financial Services, healthcare, Oil/Gas/Utility industries respectively.
53%
6%4%
3%3%
2%1%1%1%1%1%1%1%1%1%1%1%1%1%1%1%1%1%1%1%1%1%1%1%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%0%
Respondents Division Headquarters
United States
India
United Kingdom
Germany
Australia
Italy
Canada
New Zealand
France
Netherlands
Brazil
China
Finland
Mexico
Pakistan
Sweden
Croatia
The BYOD Trojan Horse 13
With respect to software vendor respondents, 17 percent were from the financial industry, 16 percent from consumer, and 13 percent from Healthcare/Medical industry.
With respect to hardware device maker respondents, 23 percent are from the telecommunications/network equipment providers industry, 20 percent from the computer
2%3%
6%
12%
10%
10%
10%10%
10%
7%
20%
Which of the following best describes your organization’s vertical market?
Automotive
Aerospace/Defense
Consumer Goods
Government/Public Sector
Education
Financial Services
Healthcare
Oil/Gas/Utility
Technology
Manufacturing
Business/IT Consulting Services
10%2%
13%
17%
7%8%
5%
11%
2%
6%
6%
16%
Which of the following best describes the type of enterprise software your company develops?
Electronic Design Automation (EDA)
Human Resources Management (IncludingPerformance, Payroll and Talent Management)Healthcare/Medical
Financial (Including Accounting, Billing,Forecasting)Enterprise Resource Planning (ERP)
Customer Relationship Management (CRM)
Product Lifecycle Management (PLM)
Business Intelligence
Database Management (Including MasterDatabase Management)Project Management
Retail
Consumer
The BYOD Trojan Horse 14
equipment and peripherals space, and 20 percent from the industrial/manufacturing automation space.
23%
20%
20%
10%
12%
4%
5%6%
Which of the following best describes your organization’s vertical market?
Telecommunications/NetworkEquipment Providers
Computer Equipment andPeripherals
Industrial/ManufacturingAutomation
Building Automation
Healthcare/Medical Devices
Electronic Test andMeasurement Equipment
Automotive (IncludingInfotainment)
Consumer Electronics (IncludingHome Automation)
The BYOD Trojan Horse 15
Software Licensing and Provisioning Research at IDC IDC's global Software Licensing and Provisioning research practice is directed by Amy Konary. In this
role, Ms. Konary is responsible for providing coverage of software go-to-market trends including volume
license programs, evolving license models, global price management, and licensing technologies
through market analysis, research and consulting. In her coverage of software maintenance,
subscription, electronic software distribution and licensing technologies, Ms. Konary has been
instrumental in forecasting future market size and growth. Ms. Konary was also the lead analyst for
IDC's coverage of software as a service (SaaS) for eight years prior to focusing exclusively on pricing,
licensing, and delivery. International Data Corporation (IDC) is the premier global provider of market
intelligence, advisory services, and events for the information technology, telecommunications, and
consumer technology markets. For more information about IDC, please see www.idc.com
About Flexera Software Flexera Software helps application producers and enterprises increase application usage and the value
they derive from their software. Our next-generation software licensing, compliance and installation
solutions are essential to ensure continuous licensing compliance, optimized software investments and
to future-proof businesses against the risks and costs of constantly changing technology. Over 80,000
customers turn to Flexera Software as a trusted and neutral source for the knowledge and expertise we
have gained as the marketplace leader for over 25 years and for the automation and intelligence
designed into our products. For more information, please go to www.flexerasoftware.com.
Flexera Software, LLC
(Global Headquarters)
+1 800-809-5659
United Kingdom (Europe,
Middle East Headquarters):
+44 870-871-1111
+44 870-873-6300
Australia (Asia,
Pacific Headquarters):
+61 3-9895-2000
For more locations visit:
www.flexerasoftware.co