Using popular third-party messaging apps such as Facebook Messenger, WhatsApp, and Snapchat for business communication can introduce a level of discomfort for IT, as well as for your legal, corporate, and governance and compliance teams. In many ways, it's like the early days of the Bring Your Own Device (BYOD) movement; these days it's all about Bring Your Own Apps.
"The issue of employees using personal social media accounts/networks, and their non-work personas, for business purposes is very real and it does impact IT, especially when considering that electronic communications should be retained for legal and regulatory purposes," Mike Pagani, the chief evangelist at Smarsh, told InformationWeek in an interview.
Smarsh offers an archiving platform that supports social media, text messages, email, and other platforms so that they're indexed, policy-checked, able to be supervised, and easily retrievable if they're needed for auditing or litigation.
"IT departments have many safeguards and systems in place for the proper usage of systems for 'structured' data," said Pagani. "But not so much for 'unstructured' communications-oriented information, like that being exchanged in social media applications, which is why there is a surprise element to this issue, and IT is playing a bit of catch up,"
Snapchat settled charges with the Federal Trade Commission in May 2014. The FTC argued that Snaptchat had "deceived consumers with promises about the disappearing nature of messages sent through the service," as well as about the "amount of personal data it collected and the security measures taken to protect that data from misuse and unauthorized disclosure."
The irony was that Snapchat was the rare app about which most people felt they understood the security risk involved. (What risk? Everything disappears!)
Yet, a lack of user awareness may factor into the security and risk issues facing IT in coping with mobile messaging apps in the workplace.
In February, Infinite Convergence Solutions, a messaging and mobility serivce provider, conducted an online survey of 500 professionals working in one of four industries -- healthcare, finance, legal, or retail. (The survey's methodology did not break down how many respondents it received from each field.)
The survey showed that, in most cases, respondents were more concerned with convenience than security when using mobile messaging apps. For example, 34% of the retail professionals surveyed said they decide which communication method to use based on how immediately the information needs to be conveyed. Mobile messaging is used regularly throughout the day by 42% of respondents in retail. Only 13% of retail respondents said business correspondence using third-party messaging apps was not secure. Fully one third (36%) of respondents believed such correspondence is completely secure, while 48% believed most of their business correspondence using third-party apps is secure.
"As was the case with BYOD, it is proving futile to [prohibit] the use of personal social media accounts for business and even more difficult to enforce -- especially when it comes to using personally owned mobile devices outside the four walls where site blocking on the corporate network does not apply," said Pagani.
How to enforce policies, then? With systems that capture and supervise communications, said Pagani.
"IT departments, compliance, legal, and marketing stakeholders are all working together these days to address this issue," he said. "It can be solved for in a holistic way, with the right technology in place to manage the risk out of it and safely enable the benefits for both the employees and the organization. Similar to what we saw with BYOD, having the right management technology and procedures in place [e.g., thin client agents, containerization, etc.] will allow for mainstream adoption."
Here, we take a look what you need to know, and offer some business-friendly, secure alternatives to the most popular mobile messaging apps. Once you've reviewed our list, let us know what you think in the comments section below. Are you currently using any of these apps for business communication? Does your company prohibit the use of third-party messaging apps? How do you handle security issues when using these tools?