Workers’ apps have companies on edge

Security issues grow as data get harder to control

SAN FRANCISCO — As is the case with many busy people, Delyn Simons’ life has become an open phone app of commingled corporate and personal information.

“I’ve got Dropbox, Box, YouSendIt, Teambox, Google Drive,’’ says the 42-year-old executive, naming just five of the many services on her iPhone to store memos, spreadsheets, customer information, and soccer schedules.

She and her colleagues at Mashery, a 170-employee company that helps other companies build even more apps, also share corporate data on GroupMe, Evernote, Skype, and Google Hangouts. ‘‘From the standpoint of corporate IT,’’ she says, ‘‘my team is a problem.’’


And how. ‘‘My peers are killing me,’’ says John Oberon, Mashery’s information technology chief, who is supposed to keep track of company data. While the company’s most sensitive information is encrypted and available only to authorized executives, he says, ‘‘there’s only so much you can do to stop people from forwarding an e-mail or storing a document off a phone.’’

Get Talking Points in your inbox:
An afternoon recap of the day’s most important business news, delivered weekdays.
Thank you for signing up! Sign up for more newsletters here

Chinese hackers are one problem. But so are employees who put company information online with their smartphones and tablets.

Once the data leaves the corporate network, protecting it becomes much harder. Searching for the name of almost any large company, plus the word ‘‘confidential,’’ yields supposedly secret documents that someone has taken from the company’s network and published.

Netflix, the streaming-video service, recently found employees were using 496 smartphone apps, primarily for data storage, communications, and collaboration. Cisco Systems, which powers much of the Internet with computer networking gear, found several hundred apps, as well as services for shopping and personal scheduling, touching its own network via employees.

‘‘People are going to bring their own devices, their own data, their own software applications, even their own work groups,’’ drawing off friends and contractors at other companies, says Bill Burns, the director of information technology infrastructure at Netflix.


Almost no service is invulnerable. In 2011, Chinese hackers obtained access to hundreds of US government accounts on Google’s Gmail. On Saturday, Evernote said user names, e-mail address, and encrypted passwords had been stolen in an attack, requiring the passwords of more than 50 million accounts to be reset.

Even without proof of compromised accounts, such losses can cost a company both money and reputation. According to the Securities and Exchange Commission, unauthorized disclosures of confidential information, whether from unsecured devices, leaky apps, or bad cloud security, must be announced publicly if the information could affect a company’s stock price.