Mobile Messaging Apps: 8 Tips For Keeping Your Workplace Secure
The old struggles over BYOD have been replaced with application struggles, as employees use favorite mobile messaging apps for enterprise purposes. As with BYOD, pushing back isn't the answer. Innovating forward is.
![](https://eu-images.contentstack.com/v3/assets/blt69509c9116440be8/bltf080221a80ded1a3/64cb3d3773b5af11325cbefb/HiRes.jpg?width=700&auto=webp&quality=80&disable=upscale)
Using popular third-party messaging apps such as Facebook Messenger, WhatsApp, and Snapchat for business communication can introduce a level of discomfort for IT, as well as for your legal, corporate, and governance and compliance teams. In many ways, it's like the early days of the Bring Your Own Device (BYOD) movement; these days it's all about Bring Your Own Apps.
"The issue of employees using personal social media accounts/networks, and their non-work personas, for business purposes is very real and it does impact IT, especially when considering that electronic communications should be retained for legal and regulatory purposes," Mike Pagani, the chief evangelist at Smarsh, told InformationWeek in an interview.
Smarsh offers an archiving platform that supports social media, text messages, email, and other platforms so that they're indexed, policy-checked, able to be supervised, and easily retrievable if they're needed for auditing or litigation.
"IT departments have many safeguards and systems in place for the proper usage of systems for 'structured' data," said Pagani. "But not so much for 'unstructured' communications-oriented information, like that being exchanged in social media applications, which is why there is a surprise element to this issue, and IT is playing a bit of catch up,"
Are you prepared for a new world of enterprise mobility? Attend the Wireless & Mobility Track at Interop Las Vegas, May 2-6. Register now!
Snapchat settled charges with the Federal Trade Commission in May 2014. The FTC argued that Snaptchat had "deceived consumers with promises about the disappearing nature of messages sent through the service," as well as about the "amount of personal data it collected and the security measures taken to protect that data from misuse and unauthorized disclosure."
The irony was that Snapchat was the rare app about which most people felt they understood the security risk involved. (What risk? Everything disappears!)
Yet, a lack of user awareness may factor into the security and risk issues facing IT in coping with mobile messaging apps in the workplace.
In February, Infinite Convergence Solutions, a messaging and mobility serivce provider, conducted an online survey of 500 professionals working in one of four industries -- healthcare, finance, legal, or retail. (The survey's methodology did not break down how many respondents it received from each field.)
The survey showed that, in most cases, respondents were more concerned with convenience than security when using mobile messaging apps. For example, 34% of the retail professionals surveyed said they decide which communication method to use based on how immediately the information needs to be conveyed. Mobile messaging is used regularly throughout the day by 42% of respondents in retail. Only 13% of retail respondents said business correspondence using third-party messaging apps was not secure. Fully one third (36%) of respondents believed such correspondence is completely secure, while 48% believed most of their business correspondence using third-party apps is secure.
"As was the case with BYOD, it is proving futile to [prohibit] the use of personal social media accounts for business and even more difficult to enforce -- especially when it comes to using personally owned mobile devices outside the four walls where site blocking on the corporate network does not apply," said Pagani.
How to enforce policies, then? With systems that capture and supervise communications, said Pagani.
"IT departments, compliance, legal, and marketing stakeholders are all working together these days to address this issue," he said. "It can be solved for in a holistic way, with the right technology in place to manage the risk out of it and safely enable the benefits for both the employees and the organization. Similar to what we saw with BYOD, having the right management technology and procedures in place [e.g., thin client agents, containerization, etc.] will allow for mainstream adoption."
Here, we take a look what you need to know, and offer some business-friendly, secure alternatives to the most popular mobile messaging apps. Once you've reviewed our list, let us know what you think in the comments section below. Are you currently using any of these apps for business communication? Does your company prohibit the use of third-party messaging apps? How do you handle security issues when using these tools?
Michael Cobb, a certified CISSP-ISSAP and author, has cautioned that Gmail users are automatically connected to Gchat: "If you send an email to multiple parties, or your email is forwarded with an @gmail tag attached, you are automatically entered into someone's Gchat address book where, unknowingly, they could see your personal information."
Infinite Convergence Solutions, a cloud-based enterprise mobile messaging service, advises companies to look for solutions with strong security (256-bit encryption), cloud-based storage that keeps old data from living on in devices, controls such as remote management, and dependable message transmission, even when users are out of WiFi or cellular data range.
Naturally, Infinite Convergence Solutions' NetSfere offers everything the company advises enterprise users to look for in a mobile messaging app -- and it brings those perks to the Apple Watch. The app's features include 256-bit messaging encryption, device-to-device encryption of text, images, and video, and remote-wipe capabilities.
NSA whistleblower Edward Snowden, according to the Daily Mail, has recommended "anything by Open Whisper Systems." The company offers its Signal messaging app for iOS and Android, and promises private calling and private messaging. "We cannot read your messages, and no one else can either," according to the company.
There's no shortage of reports on why WhatsApp is not safe for enterprise use. Many of them, you may not be surprised to hear, come from rival offerings.
Teamwire, for example, has pointed out that WhatsApp doesn't use enterprise-grade encryption (like metadata and storage on servers). According to Teamwire, WhatsApp servers are in the US, and so "cannot ensure comprehensive data protection required by businesses and their employers," due to "weak data protection laws and the broad surveillance in the USA."
Teamwire, based in Germany, says it offers a completely encrypted enterprise messaging solution and company-wide compliance.
Vera says it protects, tracks, audits, and manages any kind of data, no matter which tools they use. That said, securing data within Box and Dropbox are a big focus for Vera.
"Instead of trying to protect the perimeter, the company assumes the perimeter is porous, that files and data will leak, and networks will get hacked. If you operate from that vantage point, what you really care about is securing the data -- not the perimeter," wrote Roger Lee with venture capital firm Battery Ventures. In late 2014 the company led a $14 million funding round for Veradocs -- since renamed Vera.
Confide has been called a Snapchat for the enterprise. It features end-to-end encryption, disappearing messages, and protection against screenshots. On March 10, it also added the ability for a user to retract a message, should they regret what they said or -- in a common security blunder -- realize they sent it to the wrong person. It's also available for the Apple Watch.
Following the massive Sony hack in 2014, Farhad Manjoo wrote The New York Times that he was downloading Confide and hoped others would too, since such an app's usefulness is only as great as its popularity.
The Kik messenger, which shows when a message is delivered as well as read, has 275 million users, many of whom are teenagers or young adults. Enterprises would be wise to designate a sanctioned messaging app and to steer employees far away from Kik.
On a secure messaging scorecard created by the Electronic Frontier Foundation, Kik earned an abysmal one point out of a possible seven.
Messages are encrypted in transit. That's one of the questions on the EFF scorecard. Here are the rest:
Is it encrypted so the provider can't read it? Is it possible to verify contacts' identities? Are past communications secure if a user's keys are stolen? Is the code open to independent review? Is the security design properly documented? Has there been a recent code audit?
Kik answers "no" to all of those questions -- as does Yahoo Messenger, by the way, which, as you can see here, does include the benefit of being able to retract a message.
The Kik messenger, which shows when a message is delivered as well as read, has 275 million users, many of whom are teenagers or young adults. Enterprises would be wise to designate a sanctioned messaging app and to steer employees far away from Kik.
On a secure messaging scorecard created by the Electronic Frontier Foundation, Kik earned an abysmal one point out of a possible seven.
Messages are encrypted in transit. That's one of the questions on the EFF scorecard. Here are the rest:
Is it encrypted so the provider can't read it? Is it possible to verify contacts' identities? Are past communications secure if a user's keys are stolen? Is the code open to independent review? Is the security design properly documented? Has there been a recent code audit?
Kik answers "no" to all of those questions -- as does Yahoo Messenger, by the way, which, as you can see here, does include the benefit of being able to retract a message.
-
About the Author(s)
You May Also Like