BYOA should be encouraged, but within limits

More employees bringing third-party or homebrewed apps into corporate space without permission, which companies should provision, instead of restrict, as it boosts productivity and innovation, observers suggest.

The bring-your-own-device trend (BYOD) has evolved to a point where employees are now bringing their own mobile applications to be used at work too. But instead of clamping down on this practice over fears that data security may be compromised, companies should harness the benefits brought by these apps, one industry player says.

According to a Fortinet survey in June, 69 percent of respondents indicated that they are interested in bring-your-own-application (BYOA) whereby workers create and use their custom applications at work. When asked whether companies have policies banning the use of these non-approved applications, 30 percent admitted they have or would contravene office policies.

Commenting on this, Marc Bown, managing consultant of SpiderLabs at security company Trustwave Asia-Pacific, said the BYOA trend, like BYOD, represents a loss of control on the part of IT and risk departments.

Organizations would previously manage data security by enforcing security measures on devices that were preconfigured to access the corporate network on certain parameters, but in the BYOA era, the data is likely to be stored on a mobile device and in a cloud-based service somewhere else, Bown noted. There's also the likelihood that the data stored on cloud services may be lost should the service provider fail to sustain its business, he added.

This means corporate data could potentially end up everywhere and be replicated on several mobile devices, rendering IT staff without control over the use of external applications such as Dropbox and Evernote , Guido Crucq, general manager of security solutions at Dimension Data Asia-Pacific, noted.

Crucq said it will be worse if employees bring their own code and applications into the organization as these put client data compliance and confidentiality, as well as general productivity, at risk.

Benefits outweigh risks
However, Karim Mohamad, head of database and technology marketing at SAP Asia-Pacific and Japan, pointed out that enterprises should understand the benefits and risks of BYOA before clamping down on this practice. Mobile apps are an important asset and opportunity that companies should leverage, he stated.

Through these apps, employees can more easily collaborate by sharing presentations, video files, and other media assets, he noted.

Homebrewed apps or even unauthorized apps developed internally are also a "great source" of new ideas and approaches that can add significant value to organizations, Mohamad said. Should these apps take off in a big way, they might generate significant internal demand or even be spun off into new companies like in the case of SuccessFactors, the executive added.

Terry Smagh, vice president of Southeast and North Asia at QlikView, added companies can provision for the BYOA trend by offering a controlled environment that empowers business users and encourage innovation yet still safeguard their IT environments.

Bown pointed out that many third-party, consumer-grade apps do come with features intended for use in environments which require higher security standards. Evernote, for example, has the ability to encrypt users' notes so that even if the cloud-based service is compromised the information stored on its platform remains safe, he said.

Thus, he urged companies to learn from the unsanctioned apps end-users are bringing into the enterprise as it would help improve their security posture. "Closing the door on BYOA will stifle innovation while learning from it can help make enterprise security stronger," he said.