Why apps & the rise of shadow IT are posing new threats to organisations
Why apps & the rise of shadow IT are posing new threats to organisations
Apps are an essential component of our digital lives and for many have become a basic human necessity. They're powerful business tools as well as fun personal time-wasters. We accomplish both the most mundane and complex tasks with a few taps and swipes.

While we tend to think of apps in the context of smartphones, laptops and other connected devices. The term “application” can apply to many types of software, services, tools and clients across a wide range of platforms, such as Internet of Things (IoT) devices, vehicles, appliances, electronics and others.

The app-blended life

It is hard to imagine going a day without work or personal apps. They drive our routines. When was the last time you left the house without your smartphone? If it was recently, you likely panicked slightly without it. It's something we can all relate to and understand.

We call this the app-blended life, where personal and work lives are no longer compartmentalised. We use personal apps at work, business apps at home and in some cases we use some apps for both. The lines have blurred.

The app-blended lifestyle though poses problems for CIOs, CISOs and those responsible for keeping an organisation safe and secure. Shadow IT is a real issue and one that I can only see increasing over time.

Research findings explained

Global research (covering 10 developed and developing economies) conducted at A10 Networks shows how the problem occurs and how in Britain in many regards we are particularly troublesome and careless. Looking first of all at the importance of apps it is clear they are playing a massive role in both our personal and working lives with 42 percent of respondents globally said they can't live without apps, while another 44 percent said they would struggle to live without them.

Interesting though, only one in four (24 percent) respondents think of security as the most important attribute when downloading apps - security is tied with ease of use and ranks behind performance as most important.

Even more worryingly, fewer than one in five thinks about security when using business apps. Why? Because many expect IT departments and app developers to protect them.

Particularly in the UK attitudes towards security are carefree. For example, when thinking about security when downloading apps, the countries that think the least about security risks are Great Britain and Japan (24 percent disagree that security was an influence), these were then followed by Germany (23 percent) and India (21 percent).

It is not as if this attitude came from a lack of understanding of the potential of hacking, it is more likely an apathy or a reliance on others to “do security”. A quarter of Britons know they have been hacked and yet attitudes aren't changing, a safety-first mindset and a sense of personal responsibility has not developed; this has consequences for app developers and security teams.

The onus falls on them to educate employees and also to have in place defences that are robust enough to deal with often reckless online behaviour.

The A10 research found that Britons stood out over other countries in a number of ways:

  • Brits had the largest percentage of employees (41 percent) who use non-sanctioned apps at work.
  • Over half (55 percent) of Britons would rather lose their trousers than their smartphone. Germans were the opposite, displaying a much greater attachment to their trousers than their smartphone. 22 percent more Germans were prepared to lose their smartphone rather than their trousers.
  • More Britons claim to have had their mobile devices hacked – one in four (24 percent) – than any almost any other country globally – and more than any other European country.
  • UK participants lose their mobile devices more frequently (24 percent) – or have them stolen (19 percent) – than the global average, and more than the rest of Europe.
  • Nearly one in three (32 percent) of UK participants said cyber-attacks are something they “just try not to think about” – more so than the global or European average.

Behaviour impacts business

Poor security behaviour, particularly with applications that hold sensitive personal and business information, can introduce threats to individuals and enterprises alike. Any breach or security compromise, whether caused by negligent or malicious behaviour, undermines ROI on security investments.

How can you cost-justify security investments if your company is breached and news about it breaks publicly? Managing human behavioural implications is part of a diligent approach to corporate security. It boils down to people, process and technology - all three must be addressed.

IT organisations can leverage from the A10 Networks research to make better business decisions to protect users by strengthening protection of their IT infrastructure and their applications. Every action taken on a corporate network or device - yes, even within a personal app - can affect the security posture of an organisation.

Contributed by Mike Hemes, regional director, Western Europe, A10 Networks