The association representing IT professionals says Pokémon Go has to go, at least when it comes to the security of workplace devices like phones and tablets.
Pokémon Go, the augmented reality game, has become the hottest app in the country and increasingly the globe, but is a potential IT "nightmare," says the group. In the game, players wander the real world to catch virtual Pokémon, rise in the game as a trainer and try to control gyms located at various designated areas including parks, museums and strip malls.
In a warning issued Monday, the International Association of Information Technology Managers (IAITAM) advised corporations to ban the use of the app on "corporate-owned, business-only (COBO) phones/tablets and 'bring your own device' (BYOD) phones/tablets with direct access to sensitive corporate information and accounts."
"Frankly, the truth is that Pokémon Go is a nightmare for companies that want to keep their email and cloud-based information secure," said IAITAM CEO Dr. Barbara Rembiesa. "Even with the enormous popularity of this gaming app, there are just too many questions and too many risks involved for responsible corporations to allow the game to be used on corporate-owned or BYOD devices. We already have real security concerns and expect them to become much more severe in the coming weeks. The only safe course of action here is to bar Pokémon Go from corporate-owned phones and tablets, as well as employee-owned devices that are used to connect to sensitive corporate information."
Rembiesa said the principal concerns are data breaches and knockoff copies that could mimic the app but prove a Trojan horse (make that a “Trojan Ponyta”) for cyber criminals. On the Android app store, according to one veteran player, there are already several knock-off applications he says are "filled" with malware.
Rembiesa said Pokémon Go has to be considered a "rogue download" in the business environment, which is something that circumvents the normal downloading protocol of an organization. But she also suggests this could be a good Pokémon training moment, as it were.
"[C]orporations should also use this as a learning opportunity to encourage maximum employee understanding of the rationale against rogue downloads, particularly the security risks they represent," she said.