Is March Madness causing mobile mayhem for your IT department?
Enterprises that think the NCAA men's basketball tournament is just a drain on corporate productivity — as much as $1.2 billion lost for every wasted hour, according to Challenger, Gray & Christmas, Inc.'s annual study — are overlooking the bigger headache: Workers are using third-party mobile apps to keep up with the so-called Super Bowl of college sports.
Employees (18%) say that sports apps for tablets and smartphones help them to multitask and stay abreast of games and important tournament news while on the job, according to the second annual March Madness Second Screen Survey from SOASTA, a mobile and cloud testing firm.
It should come as no surprise that 54% of young Millennial men in the 18-34-year-old demographic cop to checking their mobile apps during work hours, ahead of the 45% of total men and women engaging in the same behavior.
It's encouraging to note that most survey respondents report setting aside personal on-the-job time for checking in on games, brackets and highlights, with 74% using apps on their breaks, 63% opening apps on downtime and another 61% spicing up lunchtime with some mobile app action, catching up on dunks, stats and latest scores.
However, some workers seem unable to resist the lure of the sporting spectacle, with 12% admitting to checking apps during meetings and 14% taking advantage of the relative privacy afforded by conference calls to tap into the action on their tablets or phones. Just 3% claim to be bold enough to sneak a glance at their basketball apps while their boss is talking.
So while March Madness is spawning app madness, what's the risk to the enterprise?
Most applications that make it to the Google Play Store or Apple App Store have already passed through filters designed to weed out malicious software, but many users forget that perfectly benign apps might have legitimate reasons for accessing certain parts of a device, such as the calendar. "Users probably won't think twice about granting apps these access permissions,"
notes Erich Stuntebeck, director of mobility research, AirWatch by VMware. "Unbeknownst to users, the app may be silently grabbing all your contacts and calendar data, including enterprise data, and sending it off to a remote server."
It's the stuff of IT nightmares.
An app might tap into your contacts list, for example, under the pretense of finding friends who are fellow app users — but you then have zero control over how that data is used (and how it's stored) once it leaves your device. "The app itself may not be malicious, but that doesn't mean someone with malicious intent won't attempt to hack into the servers where your data is now being stored," added Stuntebeck.
Even more alarming: if employees are checking their March Madness apps on a device that's connected to the corporate network behind a firewall, that software might very well be able to access private, internal enterprise resources. "At this point, you're really relying on the app store review process to detect malicious code," says Stuntebeck, "because a malicious app developer could use this as a launching point for infiltrating your network. What looks pretty harmless on the surface can actually be a major security risk."
To combat these potential threats, companies should establish firm and well-disseminated device usage policies and implement a robust enterprise mobility management (EMM) platform, according to Stuntebeck.
Of course, each business's disparate device support model — BYOD, corporate-owned, hybrid — dictates how to address security risks. Enterprises that issue corporate-owned phones and tablets can take advantage of EMM solutions to whitelist approved applications only.
"This can be a combination of internal enterprise applications and public applications that have been reviewed and shown to pose no risk," Stuntebeck notes. "A good EMM solution can also help you by providing application scanning and developer reputation data to help you decide which apps are good and which aren't."
While this approach works well in corporate-owned device environments, enterprises with BYOD policies probably will find the application whitelisting methodology to be a bit heavy-handed. Instead, leverage an EMM platform to ensure that enterprise data is sandboxed from potentially malicious mobile apps.
Robust EMM solutions provide a container for enterprise content and applications, essentially keeping the corporate calendar, contacts, email and more in a secure, walled garden. Says Stuntebeck, "Containers can keep malicious apps out, but can also keep sensitive corporate data in by preventing users from moving data out of the container to unapproved applications."
So despite IT's pleading and cajoling to the contrary, it's inevitable that at least some of your employees will be installing apps to keep current with college basketball fever.
Having an EMM solution in place this time of year can make a world of difference between March Madness on employee devices and malicious malware making its way into the heart of your enterprise.