Unapproved applications haunt networks

News by Dan Raywood

A third of IT professionals have reported a network infection as a result of an unauthorised application being downloaded on their network.

A third of IT professionals have reported a network infection as a result of an unauthorised application being downloaded on their network.

A survey of 1,500 IT professionals by Avecto found that 39 per cent had reported malware on their network due to the use of unapproved applications. The survey also found that 76 per cent of respondents said that they didn't know how many unauthorised applications have been downloaded on their networks.

Paul Kenyon, co-founder and chief operating officer at Avecto, said that the problem lies with staff who have administrator rights who can download applications that contain malware, and cause significant problems if entered into the corporate network.

“The answer is simple - don't give admin rights out to everyone, only to the few key IT administrators who really need them. You will see an immediate decrease in security risk and associated downtime as well as an increase in productivity from IT,” he said.

Writing on the Fortinet blog, Stefanie Hoffman said that following the bring your own device (BYOD) trend, users are now pushing the trend to its limits by introducing their own applications into the workplace to meet their needs, with an emerging trend of bring your own application (BYOA).

She quoted a recent Fortinet survey, which said that 69 per cent of respondents indicated that they are interested in BYOA, in which they could create and use their custom applications at work. However when asked whether companies have policies that ban the use of non-approved applications, 30 per cent admitted they have or would ignore those policies.

“In actuality, the BYOA trend is not entirely new. Organisations have been dealing with users who have either brought or built their own applications into work to enhance productivity for as long as computers have been used in the workplace,” Hoffman said.

“However, the consumerisation of IT and the explosion of mobile devices now used for business related tasks has truly cultivated an environment that sets BYOA on a course for exponential growth.

“But with BYOA, the trend doesn't end with bringing your own app. Thanks to out-of-the-box app kits and templates, the trend also includes building your own app. With the relative simplicity of building applications these days, (almost) everyone can bear the title of ‘developer' and you can be sure that more users are going to be exercising their right to create their own unique, custom apps in order to get the job done.

“That means contractors and employees with almost no security experience will be creating applications that will inevitably impact sensitive data housed on the organisation's network.”

The Avecto survey also found that respondents pinpointed 20-35 year old male employees as the main reason for internal use of unapproved applications, with 80 per cent saying that they were the most likely to demand and have elevated rights.

Kenyon said: “Gen Y [is] a technically savvy generation that has grown up in an online and freedom-of-access world. They often come into the enterprise with the same expectations of access and availability and, in many instances, have the skills and experience to be able to work around basic security protocols to get what they want.

“On top of this, many IT departments elevate users to admin rights as a means to quickly solve IT problems. Considering these factors, it's more important than ever for organisations to have a solution in place that enables the quick and secure removal of administrator rights from users, and the ability to deploy policies that elevate all of the legitimate business applications that require privileged access using privilege management technology.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews