• United States



Freelance Writer

Popular messaging apps present real enterprise threat

May 12, 20164 mins
Application SecurityConsumer ElectronicsMobile

CIOs and other IT professionals need to strategically manage the use of today's popular consumer messaging apps in the enterprise. While that process can be a challenge, it's possible to protect your business without blocking all rogue IT.

messaging apps threats security privacy thought bubbles
Credit: Thinkstock

Today’s mobile device owners commonly use messaging apps to send selfies, command bots to order takeout and collaborate with their coworkers — sometimes simultaneously, and oftentimes via the same app. Nothing in particular precludes messaging apps such as WhatsApp, Facebook’s Messenger, Skype or Telegram from being used for work, play and everything in between. However, these consumer-focused apps are becoming the de facto software for corporate communication, and IT professionals have good reason for concern.

As the distinction between enterprise and consumer messaging apps blurs, IT’s needs and responsibilities are increasingly at odds with those of the workers it supports. Such a disparity can hinder workplace productivity and effective IT management.

“Employees might choose to use a consumer tool to get their jobs done when they don’t have access to something their company offers, or if the corporate tool is too cumbersome,” says Chris Voce, a vice president and research director with Forrester Research. “The primary job of an enterprise IT pro responsible for workforce computing should be to help make workers more productive. If they don’t offer a tool that employees need to get their jobs done, they’re likely going to drive underground use.” 

Consumer apps offer genuine business value, but … 

Adam Preset, a research director with Gartner, says workers already use consumer messaging apps extensively in the enterprise because the popular tools are often effective and easy to use. “Our mobile devices suit our needs whether we’re on the clock or off,” he says. “It’s more natural for apps that handle messaging, which is ubiquitous, to serve personal and professional needs.”  

Enterprises should examine consumer messaging apps, and take stands on acceptable use of such apps for non-critical, non-confidential communication, both internally and externally, according to Preset. “Closing off completely without understanding will just drive legitimate uses underground.”

Messaging apps including Line and WhatsApp are commonly used in enterprise, but that doesn’t mean all consumer apps are well-suited for business use, according to Raul Castanon-Martinez, a senior analyst at 451 Research. “Consumer apps will have an advantage given that users might already be familiar with the [user interface] but otherwise will be in the same position as other enterprise messaging apps,” he says. “I don’t believe consumer apps transitioning into the enterprise have a significant advantage over enterprise apps like Slack or HipChat.” 

Corporate workers can use a tool such as Slack to interact with colleagues and business applications just as easily as they can transition from using Facebook Messenger for talking to friends to using it for work, Castanon says. “The issue is not which apps employees can use, but rather what can they do with these apps?” he says. “Banning consumer apps only makes sense when organizations have not implemented comprehensive security policies.” 

When IT professionals properly secure their companies’ assets, they don’t have to worry about the apps employees use, or for what, Castanon says. CIOs who instead ban individual apps fight an “uphill battle, because employees will always find a way to circumvent restrictions,” he says. “If IT is spending too much time monitoring the use of consumer messaging apps it could indicate they’re probably not doing other things that will have a bigger impact for securing company assets.”

Preset suggests that enterprises adopt a tiered approach to messaging apps. For example, consumer apps can handle simple, everyday tasks such as coordinating meetings or connecting with colleagues, he says. However, “[w]hen you’re communicating about your enterprise’s intellectual property or customer data, you need an enterprise answer.”

IT approach to messaging apps should be strict and strategic

Many enterprise messaging apps are specifically designed to protect core business interests. The most common management features in such apps include administrative controls, integration with data services, audit, archive and encryption tools, and security-policy enforcement.

[Related: Why Facebook should buy Slack to win the enterprise]

Some businesses also demand service level agreements and timely, guaranteed support from their messaging-software vendors, according to Preset. “The terms and conditions of many of these [consumer] messaging apps do not at all reference or favor the enterprise,” Preset says. “With these apps, even if the worker sent the message as part of her job, her employer doesn’t own the data.”

The unchecked use of consumer apps in the enterprise can also create “a huge security hole” that threatens corporate regulatory compliance, according to Anurag Lal, president and CEO of Infinite Convergence Solutions, an enterprise messaging vendor. However, businesses shouldn’t restrict the use of any specific app unless they also provide viable alternatives, Lal says.

Ultimately, the equation isn’t complex: If employees’ only corporate communications options are a clunky email interface and an easy-to-use consumer-centric messaging app, the choice is a simple one.

Freelance Writer

Matt Kapko has been writing about technology since before the dawn of the iPhone, and covering media well before it was social. Matt lives with his wife in a nearly century-old craftsman in Long Beach, Calif. He can be reached on Twitter: @mattkapko or by email:

More from this author