Why Consumer Messaging Apps Are a Workplace Vulnerability

Consumer messaging apps such as WhatsApp, Signal and Telegram are ubiquitous and are causing serious vulnerabilities. Amandine Le Pape discusses why enterprises should seize the opportunity to revolutionize real-time communications across their entire ecosystem, delighting the workforce and sidestepping substantial fines and risk. 

The use of consumer messaging apps in the workplace, a form of shadow IT, is making it increasingly difficult for enterprises to protect their data and ensure compliance.

In today’s hybrid workforce – including remote workers working from home, those on client sites and while on the move – employees have adopted a ‘whatever works’ mentality. The result is a rapid uptick in workers installing non-sanctioned, consumer-grade applications to get their work done.

Messaging Apps Have Trumped Email and Siloed Communication Tools

The attraction of consumer messaging apps is obvious, easy-to-use instant communication. Traditional enterprise communication revolves around email – slow and cumbersome – or proprietary real-time solutions apps such as Microsoft Teams, Slack, Webex and Zoom.

A proprietary solution is acceptable for internal use. It’s a homogenous environment, so the lack of interoperability is rarely noticed. But real-time communication between people in different organizations breaks down pretty quickly. 

Video calls usually entail a little dance around whether it’s MS Teams, Zoom, Webex, Google Meet or one of a hundred other options. It’s not a showstopper, but it’s messy and confusing; no wonder people get stuck on mute when they aren’t even sure what video service they’re using.

The same dance to find a mutual chat solution or a collaboration tool is usually far more painful. Even if it’s only two people at different companies trying to communicate, it’s difficult, let alone multiple people at multiple organizations. MS Teams, Slack, and Google Workspace simply don’t work nicely together. In fact,  they don’t work well across a supply chain, even if every organization uses the same tool. It’s the reason why email is still the default for communicating between organizations.

See More: The Evolution of Remote Security: Learnings from HP Amplify 2023

At the Front and In Between

Real-time communication between people at different organizations is one of the two main gaps that consumer messaging apps have accidentally filled. The other is mobile or ‘deskless’ workers, operating on the frontline, client sites or – increasingly – at home.

Make no mistake; these two fault lines are causing corporate earthquakes because consumer apps are totally unsuitable for the workplace for three main reasons.

1. A lack of transparency

This vulnerability has been called out by regulators, for example, the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) have fined 16 US investment banks $2BOpens a new window as a result of employees’ use of personal messaging apps. This is because the employer no longer has reliable oversight and record keeping of business-related discussion and decision-making. These concerns have been raised in other countries, such as the UK, where the Information Commissioner’s Office (ICOOpens a new window ) warned against government officials using WhatsApp and personal email.

2. A lack of administrative control

Consumer-grade apps do not support basic enterprise requirements such as ID management and access control. So, it quickly becomes the wild west when employees routinely use messaging apps. Without admin control, it is inevitable that some team members will be left out of certain groups (deliberately or maliciously), and problems will arise when an employee leaves the company but not the chat group. And, of course, the conversation ends up siloed as different groups adopt different, non-compatible messaging apps. CyberOps in Signal, Sales in WhatsApp and HR in Telegram. Oh, and of course, there will still be folks using SMS.

3. A lack of security

It’s a misconception that messaging apps are secure. For a start, the likes of Telegram are not even end-to-end encrypted by default. And then there are the likes of WhatsApp that lack the transparency of being open source. Is a consumer-grade messaging app, part of a stable of products owned by a company whose business model is based on data mining, the logical choice for a company to have confidential discussions? Even Signal – open source and with great end-to-end encryption(E2EE) – has the usual vulnerabilities of any centralized technology and is surely one of the world’s most attractive honeypots.

A New Approach To Secure Communication

The explosive growth of consumer-grade messaging apps within the workplace demonstrates the shortcomings of enterprise-grade alternatives. Email is slow and insecure. Traditional collaboration tools such MS Teams and Slack spark little affection and are close to useless across a supply chain. And mainstream messaging such as WhatsApp and Signal unleash unaudited mayhem.

A new wave of solutions seeks to address the fractured real-time communications landscape. They combine the mobile-first UX of the best consumer messaging apps with the integrations and productivity gains associated with collaboration apps. They’re also end-to-end encrypted, and a good place to start the evaluation process is Forrester’s Secure Communications Q3 2022 reportOpens a new window .

But perhaps the most important criteria is to ensure that an enterprise-grade communications platform makes it easy for people in different organizations to communicate. That’s the last preserve of email because it’s based on a common standard (SMTP). 

When evaluating a modern secure communication platform, enterprises should look for a solution that puts them – not the vendor – in control. It should also offer enterprise functionality and a consumer-level end-user experience.   

Independence and Control

Decentralization is quite the game changer for security-conscious organizations and an innovative alternative in a sea of centralized SaaS-based offerings.  

The likes of MS Teams, Slack (and WhatsApp et al., for that matter) are all centralized, vendor-owned and controlled systems. In truth, end-user organizations have no control over their data – they are beholden to their third-party proprietary vendor in terms of security, global outages and plain old lock-in.

In contrast, decentralization supports self-hosting, whether on-premise or in a private cloud. Imagine a self-hosted WhatsApp, including voice and video, and you’re part of the way to what’s on offer. Add in the benefits of Single Sign-On and the collaboration-based productivity you had associated with Slack, and you’re getting a better picture. It’s a striking proposition for an air-gapped or isolated network and revolutionary if you consider that across an entire global enterprise.

Those that want the convenience of a fully managed hosted service still benefit from an open standard; unlike a proprietary solution, the end-user organization can easily switch the hosting provider or simply take it in-house. And, of course, as the open standard supports end-to-end encryption, even a fully managed hosted service still ensures an organization’s data sovereignty because the hosting service cannot access any of the data. 

Enterprise-grade and Productivity-boosting Ease of Use

While best-in-class consumer messaging apps offer reliable end-to-end encryption, they don’t offer any enterprise requirements. When selecting a secure communications platform, an enterprise should ensure complete administrative control over the platform, including the provisioning and de-provisioning of employees, management of chat room hierarchies, record keeping and antivirus.

An enterprise-grade messaging platform should provide all the enterprise control and functionality expected from a corporate email application. But, unlike email, it protects sensitive data through E2EE.

Whatsapp Simplicity for Enterprise Productivity

Workers opt to use consumer-grade messaging apps because they are beautifully easy to use. It’ll take far more than a cut-down version of a traditional enterprise vendor’s desktop application to tempt people out of using WhatsApp at work.

But match the best-in-class consumer experience, and build in the convenience of SSO so workers can easily access data from applications – even share live data in chat rooms – and you have a winning combination.

Never Waste a Good Crisis

The explosion of consumer messaging apps in the workplace is causing multiple problems across the corporate world, from billions in fines for poor record keeping to data leakage and workplace silos.

Rather than seeing the use of unauthorized messaging apps as a problem to fix, view it as an opportunity to transform how your organization and its ecosystem communicate.

How are you ensuring that consumer messaging apps are not making your organization more vulnerable to threats? Share with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to know!

Image Source: Shutterstock

MORE ON WORKPLACE VULNERABILITY 

• Creating Sustainable Security Frameworks for Remote and Hybrid Workforces
• It’s Time to Tackle the Tricky Parts of Hybrid Work
• How To Drive Digital Employee Experience Without Compromising Workplace Security
• 4 Reasons to Prioritize Remote Manageability and Endpoint Security in the Hybrid Work Era