Industry Trends

BYOA Brings New And Old Challenges For IT

By Stefanie Hoffman | August 31, 2012

Organizations these days have their hands full with security and management challenges brought about by the Bring Your Own Device phenomenon.

But why stop at devices? Good question. In fact, the same culture of innovation and self-reliance, spurred by BYOD, has increasingly translated to applications. And as such, users are pushing the trend to its limits by introducing their own applications into the workplace to meet their needs.

The burgeoning Bring Your Own Application (BYOA) trend appears to be a natural and logical extension of BYOD--and the BYOD mentality. A recent Fortinet survey conducted earlier this year indicated that one in three users would or has actively gone against company policies banning personal devices in order to do their jobs. Meanwhile, 69 percent of respondents indicated that they are interested in BYOA, in which they could create and use their custom applications at work. Not surprisingly, when asked whether companies have policies that ban the use of non-approved applications, 30 percent admitted they have or would ignore those policies.

In short, if you're an IT administrator, you're looking at lots of Red Bull and some long days ahead.

In actuality, the BYOA trend is not entirely new. Organizations have been dealing with users who have either brought or built their own applications into work to enhance productivity for as long as computers have been used in the workplace.

However, the consumerization of IT and the explosion of mobile devices now used for business related tasks has truly cultivated an environment that sets BYOA on a course for exponential growth. According to Ryan Potter, Fortinet director of security strategy, the phenomenon's anticipated upward spike will likely be propelled by two kinds of users: those who bring their own apps and those who build them.

In the case of the former, Potter said that even in organizations where all devices are corporate-issued and security policies are well-established, exceptions are always made to accommodate the use of an external app. "Power users have required special application and privileges to complete their jobs. That trust and responsibility is balanced by the requirements of the job and the user's own perception of the right tool for the job."

But while providing the user a lot of freedom and flexibility, numerous versions of the same application across a wide array of operating systems (Windows, Mac, Linux, iOS and Android) with a slew of business apps (Word, Star Office, Open Office, Pages) at best create untold management headaches for IT administrators. Compounding the problem are a myriad of cloud-based productivity apps, such as Amazon Cloud Drive, Box, Google Drive, DropBox, that rip threat vectors wide open and essentially turn the concept of security on its head.

Meanwhile, challenges related to the rocket-like growth of cloud and mobile applications aren't going away any time soon. Adding to the hundreds of productivity apps are tens of thousands of mobile apps, each with various security policy enforcement capabilities and possible MDM clients. That means that for most IT departments, blocking and containing all of those apps will be, for the most part, an endeavor in futility.

But with BYOA, the trend doesn't end with bringing your own app. Thanks to out-of-the-box app kits and templates, the trend also includes building your own app, Potter maintains. "If the productivity application that your business requires doesn't exist-- or costs too much--mark my words, someone will build it," he said.

With the relative simplicity of building applications these days, (almost) everyone can bear the title of "developer." And you can be sure that more users are going to be exercising their right to create their own unique, custom apps in order to get the job done. That means contractors and employees with almost no security experience will be creating applications that will inevitably impact sensitive data housed on the organization's network.

"These are potentially the most significant risks to organizations today," Potter said. "Trusted internal applications, potentially exempt form security scrutiny. Add to this the pace at which applications develop and change and the threat exposure increases."

But, as frustrating and irritating as it will likely be for those keeping the myriad of new applications under control, when all's said and done, there will be little IT administrators, or anyone else for that matter, can do to stop the trend's inexorable march forward. Looking at the bright side, employees that build and bring their own applications are doing so because they want to work more efficiently. And either bringing or creating homebrew applications will likely boost productivity and innovation, while simultaneously keeping workers happy.

That adds up to a win-win in almost anyone's book. And as with BYOD, it will rest on the shoulders of IT administrators to make it happen.

Join the Discussion