Some apps onto which employees may move company information, like Facebook and Amazon, are well known. Others, like Remember the Milk, used for completing tasks, or CloudElephant, a data backup service, are news even to some of the experts in I.T. Skyhigh Networks, which recently started monitoring personal use of apps, has counted more than 1,200 services used in corporate networks from personal devices.
Skyhigh signs up for each service, along with 1,000 others that have not yet touched a corporate network, and researches them for security issues, like whether people can share data anonymously, or how easy it is to get inside the system and obtain another customer’s data. The company then tunes a customer’s corporate network to allow services to have different degrees of access to information.
“We have to be careful how we inspect for security vulnerabilities, since we don’t want to get arrested ourselves,” says Rajiv Gupta, the chief executive at Skyhigh. “What makes an iPhone interesting and scary is what happens in the cloud, and how I can upload things with one device and then download them to another from someplace else.”
The problem of data leakage is as old as someone taking a carbon copy home on the weekend. What is different today is how people can take data with a finger swipe, and how little they know about whether a service has malware or how much it can see of what is going on elsewhere in a phone.