Mobile devices are almost ubiquitously used by employees today. Whether companies issue corporate-owned devices, or whether they allow employees to access corporate networks via their own devices (Bring your Own Device) – employees can easily access corporate networks and sensitive enterprise data with a flick or a swipe.
As mobile devices make it easy for us to access our entire lives at a glance, the dividing line between professional and personal is getting fainter. Employees commonly install personal apps on devices they also use for work. And most don’t think twice about whether an app they’re using could potentially expose the corporate network to risk.
It is therefore incumbent on the Chief Information Officer and Chief Security Officer to understand what the mobile apps on employee devices can do – what data, features and functions they can access – and determine whether this behavior is acceptable based on the organization’s Bring Your Own Device policy. Testing mobile apps to discover their behavior and risks should be part of any organization’s centralized Application Readiness processes.