The great problem with free apps is that they’re often developed by very small companies. That’s not an inherently bad thing, but these tiny development houses usually can’t afford to do a lot of QA and bug fixing or checking. Often, that can lead to free apps that have giant security holes in them. Security holes like the ones you so often find in free apps can then be used by hackers to gain access to the handheld device in question, and by extension, any and all data on it.
Implications for Your Business
Increasingly, companies are embracing the idea of BYOD – Bring Your Own Device. They almost have to, because employees will do it anyway. The barriers that once prevented easy access to company data from non-standard, non-company approved devices are all but gone. People want to be able to use the handheld of their choice, and the combination of cloud-based technology and high-speed, low-latency wireless connectivity makes it a foregone conclusion that employees will, one way or another, access company data on their own devices.
Since business can’t stop it from happening, the next best thing is to build policy around it and try to control the access as best they’re able. An essential element of that strategy needs to include some type of accountability. For example, an agreement on the part of the employee that if they intend to use one of their own devices to access company data there should be restrictions on the type and number of non-business apps placed on that device.
Free, unsecured, and often badly written apps can contain backdoors as described above, and that not only puts the employee’s device at risk, but any company data they accessed with it. This, of course, is a bit of a grey area, and can be a touchy subject. After all, the device does not belong to the company, how can they mandate to the employee what they can, or cannot install on their own equipment? Pushback of some kind is all but inevitable.
The point of separation though, is this: Employees can put whatever apps they want on their own equipment, sure. What they can’t do is put company assets at risk by doing so. There’s actually a fairly simple solution for the apparent problem, and it comes from the sheer number of handhelds in service today.
There are more handhelds in active use than there are people living on the planet, and not everyone, everywhere, has one. That means, by definition, that most of the people who do have one probaly have two. Thus, the solution is made clear. On the device you choose to bring to work, don’t put apps on it that will, or could, threaten the integrity of company data. On your alternate device – the one you use at home for pleasure, put whatever you like on it.
There will probably still be some pushback, but the logic of the position is sound, and your employees will respect it. Provided, of course, that you have it built into your policies from the start, and are upfront about both it, and the reasons that stand behind the decision.