As tensions between corporate IT and business consumers have eased somewhat over what hardware devices could be used in the workplace, new concerns are rising over the threat unauthorized cloud-based applications pose.
Disruptions caused by bringing your own applications (BYOA) into corporate environments are more complex and their effects far more reaching than hardware devices. They threaten not just security but also staying in compliance with federal regulations as well as software licensing.
“In 10 minutes employees can completely change the way they work by downloading things like Evernote, Yammer and One Drive," said Alan Lepofsky, principal analyst with Constellation Research, Inc., a tech advisory firm. "IT had such control to where they knew every version of every application on everyone’s desktop. Now they want the same control over your webtop.”
IT had such control to where they knew every version of every application on everyone's desktop. Now they want the same control over your webtop.
Alan Lepofsky, principal analyst with Constellation Research, Inc.
Some IT professionals agree they need a greater awareness of unauthorized applications in their work environments, but don’t believe they need the same level of control over users they once did. Just having an improved ability to manage what users access is a more appropriate approach to dealing with the issue.
“We can’t allow employees to be their own IT managers and we have a responsibility to the company to know what apps or services users are accessing," said one senior systems administrator with a Boston-based retailer.
"We [in IT] ultimately have to answer to senior management if users do something that runs us afoul of the law.”
However, most IT pros don't have time to worry about what is on employees' phones or tablets, said Mike Drips, a solutions architect with WiPro, Inc. in Houston, Texas.
"The day-to-day hassles of dealing with screwed up data bases, vice presidents who can’t get their email or getting some app rolled out on time will take precedence,” Drips said.
One software developer that offers IT professionals a way to see what's going on in their environments is LogMeIn, Inc. The Boston-based company has introduced an offering that combines monitoring and management capabilities. The company’s AppGuru reportedly allows IT professionals to gain visibility into how employees use cloud apps as well as centralizing user management among a wide range of commonly used applications including Dropbox, Box and Office 365.
“We all find better apps to do our jobs than the ones the IT gives us,” said John Purcell, senior director, products for LogMeIn. “That doesn’t mean IT guys have to freak out and assume there will be security breaches, but at least it should tell them their relevance to the core productivity of their employees is in question.” Basic pricing for AppGuru starts at $29 per year per managed user, with a minimum of 10 users. Premium pricing starts at $39 per year per managed user, also with a minimum of 10 users.
The Ponemon Institute released a study called Data Breach: The Cloud Multiplier Effect of 613 IT professionals who professed to have some familiarity with their company’s use of cloud-based products.
Respondents said that 45% of all software applications are in the cloud but 22.5% of them are not visible to IT. Respondents also said approximately 36% of business critical applications are in the cloud, but, again, only half are visible to IT.
With the help of Edge Strategies, LogMeIn also did its own study, which points out just how much in the dark IT shops are about the presence of BYOA in their shops.
According to the survey, IT pros estimated the number of BYO apps to be 2.8 apps per organization. But subsequent data collected by apps discovery technology found the average number of actual BYOA to be just under 21 per company.
Another benefit of AppGuru helps IT shops stay in compliance with their software licenses, which has become more difficult given users can now download applications their companies already have a license for. Users often download a different version of the same application that may not be compatible with what his or her colleagues are using.
“Many times we see a company license a product and five or six out of ten employees go out and source their own version of an app that has already been purchased by them, which means many copies already paid for go unused,” Purcell said. “It’s a waste of money and something IT managers have no clue about.”
While aware of these potential dangers, some IT professionals say they are more involved with the everyday problems of keeping their environments up and running. They feel confident the security they have in place is enough to contain whatever breeches may occur and can squash them before much damage is done.