Pokémon Go – What are the Enterprise Security Concerns?

pic1

Pokémon Go has taken the gaming industry by storm. With many users getting engaged with it the game is creating a lot of waves.

However, not all of them have been noted to be positive. Given the growing buzz of the popularity that this game is making one of the biggest disadvantages it carries is that not every user is able to download the app directly from the company’s authentic source.

The downloading of the app from third party sources only exposes the vulnerability of the underlying data. Chester Wisniewski, senior security advisor at Sophos states that the threat is from two types of users. One is the employees of organisations who use the app which can be a cyber security threat and the other is from the app Alphabet. Alphabet essentially handles the location and points-of-interest data for the game. The app captures the locations of the users. This imposes as another hindrance to the organisation.
The malware can cause data loss to the company, disrupt cloud platforms or even infiltrate corporate systems. Many enterprises have banned the game on any corporate devices fearing the cyber threats and breaches.

However, the concern that even though employees restrict the downloading of apps they cannot monitor if the player uses a Google account to login. This hampers the total control over the app thus leading to malware threats. Companies will have to make further cyber security investments in tools that can detect such activities and can supervise the usage specific to games such as Pokémon Go.

Interestingly, newer chains such as McDonalds are trying to convert their spaces into Pokémon game zones. In such scenarios organisation must also consider their privacy and security measures and whether they are in alignment with what the gaming app deals with.

That means using both static and dynamic analysis tools to identify and fix any potential vulnerabilities, end-to-end encryption and application-level security policies for DLP (data loss prevention) to make sure that the sensitive information does not get out of the enterprise. Multifactor authentication is a reliable technique. Separate zones of trust for users and internal systems, micro-segmentation of the data center is yet another means that can separate the malware that is backed with a secure server that enacts as a bridge between the data used for the same and the enterprise.

Given the fact that employees are spending a lot of time in playing the game it impacts the overall productivity of the organisation not to forget the malware and the viruses that it can bring along. The New York Times has reported an influx of people in its building in search of game characters.

Several federal buildings in Washington have reported visitors entering because of the game, rather than because they were on government business. So the concern for companies is not only the malware but also physical intrusion from outsiders who do not directly work for the company.

To think about it the trend of AR (augmented reality) games has only begun.

References:
http://www.eweek.com/mobile/pokemon-go-brings-physical-data-security-threats-to-your-company.html
http://techbeacon.com/why-pokemon-go-dress-rehearsal-new-wave-it-security-risks
http://www.theatlantic.com/technology/archive/2016/07/pokemon-go-is-a-no-go-for-security/490865/