Rogue apps - a Headache to IT teams survey said

Despite the every-increasing number of commercial off-the-shelf (COTS) software programs for almost every imaginable application, custom programs still are extremely popular among users. However, of those programs, a majority of them are not only outside the control of the corporate IT department, but the IT security teams are unaware of nearly two-thirds of them, according to a recent report from the Cloud Security Alliance (CSA) and Skyhigh Networks.

Findings from the report state that the average enterprise has 464 custom applications deployed, yet corporate security only was aware of 38.4 percent of them. That number of deployed custom applications is expected to grow by 20.5 percent during 2017, the report stated.

Part of the challenge corporate security professionals will face is having access to these applications, the report found. Some 72.7 of the companies have business-critical custom applications and nearly half &ndash 46.1 percent &ndash of those are deployed in either the public or a hybrid cloud environment. In fact, the authors said 2017 will be “ a tipping point” when, by the end of the year, fewer than half of applications, just 46.2 percent, will reside in the datacenter, down from the 60.9 percent.

However, data in the cloud is no panacea to security vulnerabilities. Data that resides in the cloud can be more difficult for the IT team to apply corporate security protocols, putting more data at risk, according to Skyhigh Networks. Some 66.5 percent of the survey respondents said sensitive data in the cloud is a potential threat, while a close second was the 56.9 percent of respondents who said third-party account compromises concerned them.

Overall, among the biggest challenges companies face today are the rogue applications that escape the protection of the IT security teams and the concerns of data in the cloud, the report said. “ There is no a sizeable number of ‘ shadow' applications developed internally that IT security is not aware of or involved in securing,” the report found.

Lack of knowledge of applications and access to the ones IT knows about appear to be two of this years' key challenges.

Tag : Linux
FAQ
Q
what is rogue apps?
A
Vetting the security of a mobile application inside an organization starts with software assurance for apps. To provide it, organizations should develop security requirements that specify, for example, how data used by an app should be secured, the environment in which an app will be deployed, and the acceptable level of risk for an app. Nonetheless, the process is different in every organization, and so is the definition of risk.
Q
How to Identify and Avoid Rogue Mobile Apps?
A
The world we live in is becoming more and more mobile. The need to do things here and now is becoming greater. Banking transactions are being performed more frequently on mobile devices, like smart phones and tablets. Online shopping is another activity that consumers frequently undertake on their mobile devices. The “tipping point”, where customers choose mobile devices over PCs is sliding steadily towards mobile devices.
Q
what are the various types of rogue apps?
A
There are various types of rogue apps. Some are simply a nuisance (draining battery life or tying-up CPU resources), while others are more dangerous (installing RATs for espionage or exploiting the SMS permission settings to send text messages to premium numbers). A malicious app dubbed HummingBad has taken hold of about 10 million Android phones around the world. The software takes full control of the device, collecting the owners’ personal data and clicking on ads in this process.
Q
How to identify and avoid rogue applications: advice for users and companies?
A
Applications are the bells and whistles of every device. They enrich our lives, acting as time fillers, personal health advisers or entertaining video-communication channels. And there are plenty to choose from.
Q
what is rogue security software?
A
Rogue security software is a form of malicious software and Internet fraud that misleads users into believing there is a virus on their computer, and manipulates them into paying money for a fake malware removal tool