WhatsApp Surge Spotlights Need to Address BYOD Security

Don Tennant
Slide Show

Top 25 Cybersecurity Companies to Watch in 2015

The widespread popularity of Facebook’s WhatsApp instant messaging application is shining a glaring spotlight on the need for IT departments to educate users about the security and privacy risks such apps raise, and on the importance of providing them with a secure, enterprise-ready alternative.

One of the individuals manning that spotlight is Pankaj Gupta, president and CEO of Amtel, a mobile communications security provider in Santa Clara. In a recent interview, Gupta said consumer messaging apps in general, and WhatsApp in particular, are troubling:

When Dropbox appeared on the scene, employees jumped on it as an easy way to share documents. This was largely shut down by IT due to security concerns. WhatsApp, as well as other consumer messaging apps, poses the same kind of security issues, where employees find it easy to share messages and information with the app. With an estimated 700 million monthly active users worldwide, WhatsApp appears to be the most widely used messaging app, and its impact is worrisome because of its growth rate and momentum.

Gupta went on to point out that the workplace needs to have a mechanism whereby the messaging can be secured and audited:

WhatsApp and other consumer messaging apps don’t provide that option. The best way to prevent people from using an unsecure app is to educate them, and provide them with an enterprise-ready, secure app like Amtel Plum that’s easy to use, providing similar functionality. The app should take care of the business needs for security and compliance.

WhatsApp aside, I asked Gupta what he foresees will be the impact of the emergence of wearable technology in the workplace. He said enterprises will need to go through an adoption cycle for wearables:

Initially when devices emerge, they have a consumer focus. Management and policy enforcement will be a challenge. New solutions will emerge with better security and management capabilities, and then we will see more and more workplace applications. For example, the next-generation Google Glass type of technology may become pervasive in science labs and doctors’ offices for recording observations; bands and watches could become serious health care monitors, with the American Medical Association accepting the tradeoff between frequent rough measurements and infrequent accurate measurements.

Social Media

I asked Gupta what BYOD concerns will exist five years from now that do not exist today. His response:

Today there is a discussion about separation of workspace from personal space on a BYOD device. In the future, we will need to evolve the separation of a network of devices and the Internet of Things, dynamically between workspace and personal space. For example, at your job location, a workspace is created on your personal device. When you walk into your doctor’s office, a portion of your personal space may be shared with the care team.

Finally, Gupta summarized the enterprise security and privacy risks of communicating via consumer apps on BYOD:

  • The apps may not use strong encryption, or encrypt all data at rest and in transit. This can open the door to man-in-the-middle-attacks, resulting in compromised corporate data.
  • The employee’s private phone number is exposed during business calling and messaging with consumer apps on BYOD.
  • With consumer messaging apps, enterprises cannot easily meet the archival requirements for compliance and business continuity.
  • Consumer apps are self-managed. There is usually no facility for the centralized management and control that enterprises need.
  • When an employee leaves the company, the business contact list, messages, logs and context walk out the door with the BYOD device.

A contributing writer on IT management and career topics with IT Business Edge since 2009, Don Tennant began his technology journalism career in 1990 in Hong Kong, where he served as editor of the Hong Kong edition of Computerworld. After returning to the U.S. in 2000, he became Editor in Chief of the U.S. edition of Computerworld, and later assumed the editorial directorship of Computerworld and InfoWorld. Don was presented with the 2007 Timothy White Award for Editorial Integrity by American Business Media, and he is a recipient of the Jesse H. Neal National Business Journalism Award for editorial excellence in news coverage. Follow him on Twitter @dontennant.

Add Comment      Leave a comment on this blog post
Mar 9, 2015 11:04 AM J Ryan J Ryan  says:
Seems like some of the things here are based entirely on arbitrary thoughts, no real world numbers or hard data. I found it strange that this post started as a conversation of DropBox (a company that has HUGE penetration in the enterprise) who is a file sharing company and then went in the direction of amtel's own product - a voice calling and messaging app - - two hugely different things. If a billion dollar company like DropBox cant deliver security, how can amtel? what encryption are they using and where is that data being stored? People can barely trust Verizon and ATT with their phone calls and text due to them being handed over to the highest bidder...how is Amtel any different? Reply
Mar 11, 2015 4:24 PM Joe Joe  says: in response to J Ryan
The reference to Dropbox was only to show the parallel to the adoption cycle of consumer technologies in the enterprise. As you know, Dropbox for Business is a different product than the consumer Dropbox app. There is no business version equivalent fro Whatsapp. There is a need for secure messaging in the enterprise because employees are sharing corporate data with cosnumer apps, without the safeguards available from an enterprise class secure texting app -- including strong encryption of data at rest and in transit, archives and security policies. Don't forget that confidential information such as the draft of an agreement or a financial statement can be as easily shared as an attachment to a text message, as in a cloud storage app. Though you may be seeing it as unrelated, the customer function being served is the same - mobile collaboration. Reply
Mar 13, 2015 1:06 PM J Ryan J Ryan  says: in response to Joe
I suppose I want to focus more on HOW is the info being secured? I imagine something like FIPS is pretty difficult to do since that not only replies on your mobile app but also the server hosting the app. I imagine that is not only difficult to do with SaaS but also costly...something I dont know why DropBox wouldnt do since most people containerize these files. If you containerize well, then text/email/exporting out of a container is impossible with the right solution... Reply
Mar 17, 2015 9:30 AM Joe Joe  says:
Ryan, I understand what you're saying. Couple of different approaches to the containerization, workspace or persona problem/opportunity. One shares in cloud storage. The other one securely shares in mobile cloud containers. Today we do that for phones and tablets. Tomorrow for IOT. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.