Mobile risk and compliance
With mobile apps being an integral part of our personal and professional lives, most of us don’t think much about the serious risks they may introduce into our organization. Even when the mobile device is company-owned, employees treat it as a personal device and download apps unrelated to work. In effect, mobile apps have become the new frontier of shadow IT.
Your employees may believe these apps are innocuous, but app permissions and data access controls could violate your organization’s governance, risk and compliance requirements. These policies may include the specific data that can be accessed by third-party apps, where company and employee data is sent and subsequently stored.
Maintaining these policies means that your security team needs to know which apps have access to your data and how they are transferring and storing it. Most organizations have visibility into how their desktop and laptop applications are handling data, but not for mobile endpoints. Because of how iOS, Android and Chrome OS run their apps, it is challenging to inspect them. Without such insight, your security team will have no idea how these apps are handling your data.
With managed devices, you have visibility and controls over which apps employees use through mobile device management (MDM) or mobile app management (MAM). But they don’t provide you insight into real-time app permissions and data access controls. With personal unmanaged devices you will not even have the limited visibility provided by MDM and MAM.