With mobile apps being an integral part of our personal and professional lives, most of us don’t think much about the serious risks they may introduce into our organization. Even when the mobile device is company-owned, employees treat it as a personal device and download apps unrelated to work. In effect, mobile apps have become the new frontier of shadow IT.
Your employees may believe these apps are innocuous, but app permissions and data access controls could violate your organization’s governance, risk and compliance requirements. These policies may include the specific data that can be accessed by third-party apps, where company and employee data is sent and subsequently stored.
Maintaining these policies means that your security team needs to know which apps have access to your data and how they are transferring and storing it. Most organizations have visibility into how their desktop and laptop applications are handling data, but not for mobile endpoints. Because of how iOS, Android and Chrome OS run their apps, it is challenging to inspect them. Without such insight, your security team will have no idea how these apps are handling your data.
With managed devices, you have visibility and controls over which apps employees use through mobile device management (MDM) or mobile app management (MAM). But they don’t provide you insight into real-time app permissions and data access controls. With personal unmanaged devices you will not even have the limited visibility provided by MDM and MAM.
Lookout Risk and Compliance provides full visibility into the mobile apps in your organization’s fleet and enables you to implement organization-wide governance, risk and compliance policies. Lookout delivers a unique capability to provide mobile application risk assessment that gives the necessary insight into app permission and data access controls. The Lookout Security Graph has aggregated the insight from analyzing more than 120 million apps across nearly 200 million devices.
With the rich data from our mobile app risk assessments in the Security Graph, you are able to create app scoring customized to your organization’s governance, risk and compliance requirements. We enable you to understand how apps interact with each other, the geo-location of IP addresses to which an app communicates, if an app has risky or malicious components, and whether the data transfer and storage are encrypted.