Top 5 Rogue Cloud Apps in the Enterprise
If you own a smartphone or tablet, you can probably name at least three apps you can’t live without. For enterprise IT, this can be a hard reality to contain.
Workers who have grown accustomed to using certain apps in their personal lives carry those programs into their workspaces, often without their IT departments’ knowledge or even in spite of corporate policy. And that’s why many popular consumer apps fall under the label of “rogue apps.”
Controlling staff app use often feels like a losing battle. For every rogue app that’s been kicked to the curb, another finds its way into the workplace. Based on our own SaaS TechCheck assessment data of client devices, here are the top five most pervasive rogue apps in the workplace, and why their unmonitored – and unsanctioned use – poses risks for every business.
Known until recently as YouSendIt, Hightail specializes in the transfer of large files. Thanks to its recent focus on business collaboration, Hightail is more mindful about security than its competitors, but it’s far from perfect. The app’s “anywhere access model” gives it the potential to allow employees to store gigabytes of data on personal devices. This double-edged feature of easy accessibility combined with a focus on high-volume data creates the potential to lose track of a lot of information very quickly. Hightail presents the challenges of Bring Your Own Device (BYOD) regardless of whether your organization actively participates in it or not.
While not as prevalent as its competitors, SpiderOak presents challenges despite its focus on security. As with its competitors, SpiderOak offers users the ability to sync and backup to virtually any device, an ability that may introduce risk in a BYOD environment. Further, the ability to create free, private accounts through SpiderOak gives employees the potential to back up data to unauthorized, unmonitored accounts. Even the best security can’t protect against user negligence.
Unlike the previously mentioned services, most employees would have little use for LogMeIn outside of the office. The raw power of the application, however, is problematic. LogMeIn provides a plethora of remote desktop services, from remote desktop control to file sharing and printing. Pairing devices via LogMeIn is simple and allows even novice users to turn their work computer into a virtual command center. Although it’s hard to unknowingly breach the acceptable data use policy with LogMeIn, the potential for more malevolent action is high. Employees could feasibly access and transfer sensitive files and print to non-corporate devices, all from the comfort of their cubicle.
Evernote has become ubiquitous in the world of cloud document storage. Not only does its popularity across desktop and mobile devices guarantee its status as a fixture in BYOD environments, but the app also stores documents for offline use. Although one of the app’s most useful features, this introduces security risks in the event that the device is compromised. More, worrying, however, is Evernote’s relatively casual approach to data protection. Slow to adopt robust security standards, Evernote was the subject of a massive data breach this February.
As with Evernote, Dropbox is one of the more easily abused apps, mostly because of its dominance in the personal cloud storage space. With so many people using Dropbox for non-work purposes (music, photo sharing, etc.), it’s no surprise the line between business and pleasure is often blurry at best. This means it’s all too easy for employees to store work documents in their personal cloud, releasing this information into the wild, well beyond the oversight of the IT department. The issue is compounded in a BYOD environment where employees can store and sync data on personal devices, a domain typically outside of corporate control.
Don’t Be a Luddite
Solving this rogue app challenge isn’t as simple as banning employee use. Instead, it would be far more efficient to implement an IT strategy that promotes security, risk-prevention and accountability. For example, businesses could require multiple source verification wherever possible, to reduce the likelihood of unauthorized data access. Creating a whitelist of devices approved for permanent storage is another way to prevent fragmented offline storage.
A lot of these apps are here to stay. And if businesses fail to tame their use, IT departments should be on the lookout for enterprise-grade alternatives. With the list of entrants growing longer by the day, many are just as attractive in terms of end-user appeal as they are safe and secure.
Does your business struggle with any apps that didn’t make the list? Sound off in the comments below.