The widespread popularity of Facebook’s WhatsApp instant messaging application is shining a glaring spotlight on the need for IT departments to educate users about the security and privacy risks such apps raise, and on the importance of providing them with a secure, enterprise-ready alternative.
One of the individuals manning that spotlight is Pankaj Gupta, president and CEO of Amtel, a mobile communications security provider in Santa Clara. In a recent interview, Gupta said consumer messaging apps in general, and WhatsApp in particular, are troubling:
When Dropbox appeared on the scene, employees jumped on it as an easy way to share documents. This was largely shut down by IT due to security concerns. WhatsApp, as well as other consumer messaging apps, poses the same kind of security issues, where employees find it easy to share messages and information with the app. With an estimated 700 million monthly active users worldwide, WhatsApp appears to be the most widely used messaging app, and its impact is worrisome because of its growth rate and momentum.
Gupta went on to point out that the workplace needs to have a mechanism whereby the messaging can be secured and audited:
WhatsApp and other consumer messaging apps don’t provide that option. The best way to prevent people from using an unsecure app is to educate them, and provide them with an enterprise-ready, secure app like Amtel Plum that’s easy to use, providing similar functionality. The app should take care of the business needs for security and compliance.
WhatsApp aside, I asked Gupta what he foresees will be the impact of the emergence of wearable technology in the workplace. He said enterprises will need to go through an adoption cycle for wearables:
Initially when devices emerge, they have a consumer focus. Management and policy enforcement will be a challenge. New solutions will emerge with better security and management capabilities, and then we will see more and more workplace applications. For example, the next-generation Google Glass type of technology may become pervasive in science labs and doctors’ offices for recording observations; bands and watches could become serious health care monitors, with the American Medical Association accepting the tradeoff between frequent rough measurements and infrequent accurate measurements.
I asked Gupta what BYOD concerns will exist five years from now that do not exist today. His response:
Today there is a discussion about separation of workspace from personal space on a BYOD device. In the future, we will need to evolve the separation of a network of devices and the Internet of Things, dynamically between workspace and personal space. For example, at your job location, a workspace is created on your personal device. When you walk into your doctor’s office, a portion of your personal space may be shared with the care team.
Finally, Gupta summarized the enterprise security and privacy risks of communicating via consumer apps on BYOD:
- The apps may not use strong encryption, or encrypt all data at rest and in transit. This can open the door to man-in-the-middle-attacks, resulting in compromised corporate data.
- The employee’s private phone number is exposed during business calling and messaging with consumer apps on BYOD.
- With consumer messaging apps, enterprises cannot easily meet the archival requirements for compliance and business continuity.
- Consumer apps are self-managed. There is usually no facility for the centralized management and control that enterprises need.
- When an employee leaves the company, the business contact list, messages, logs and context walk out the door with the BYOD device.
A contributing writer on IT management and career topics with IT Business Edge since 2009, Don Tennant began his technology journalism career in 1990 in Hong Kong, where he served as editor of the Hong Kong edition of Computerworld. After returning to the U.S. in 2000, he became Editor in Chief of the U.S. edition of Computerworld, and later assumed the editorial directorship of Computerworld and InfoWorld. Don was presented with the 2007 Timothy White Award for Editorial Integrity by American Business Media, and he is a recipient of the Jesse H. Neal National Business Journalism Award for editorial excellence in news coverage. Follow him on Twitter @dontennant.