How IT can limit the risk of popular messaging apps

In the fight against shadow IT, CIOs have faced for more significant challenges than modern consumer messaging apps. And the popularity of apps such as WhatsApp, Facebook Messenger, iMessage and Google Hangouts has, in many cases, led to a more open IT approach to consumer communication tools in enterprise. 

When IT leaders let employees use their personal devices for work, it’s a safe assumption that multiple consumer messaging apps will also come into play. The onus is on the CIO and the IT team to mitigate potential problems that could come from the careless use of such apps at work, according to Adam Preset, research director at Gartner. CIOs should realize consumer messaging apps can increase staff efficiency, but they should also try to empower workers to make choices that don’t threaten their organizations, he says. 

Consumer messaging, encryption and the enterprise

Fortunately for CIOs, security has become a top priority for many of the companies that make these apps. WhatsApp, which has more than a billion monthly active users (MAU), made end-to-end encryption its default messaging standard in February, and Facebook Messenger, which surpassed a billion MAUs this summer, says it’s currently testing end-to-end encryption. Telegram, which has about 100 million MAUs, touts itself as the “more secure” alternative to “mass market messengers.” Google built end-to-end encryption into its recently released video-calling app, Duo, as well, and it plans to do the same for the forthcoming Allo messaging.

Many CIOs welcome the rise of encryption protocols in consumer messaging apps, but their concerns don’t end at “send” and “receive,” according to Preset. “The terms and conditions of consumer apps don’t favor enterprises, and, in the best case, information transmitted within those apps is owned by the individual,” he says. Absent central account provisioning, a critical enterprise feature, IT leaders are “dependent on individual chat-thread owners keeping track of who should be in a group and who should be ejected, which might mean that sensitive data is accessible to the wrong people.”

Security lapses and network vulnerabilities are IT’s main concerns when it comes to consumer messaging apps, according to Josh Lesavoy, CIO at Nextiva, a business VoIP vendor. “We don’t have control over what is being discussed and shared on these apps, as well as who can hack into the app and access the information,” he says. “Security will always be a huge concern, but we’ve taken a more positive approach to educating our team on the proper use of messaging apps.” 

Workers are more careful when IT is watching

Lesavoy tries to limit the negative potential impact of consumer messaging apps by reinforcing the need for employees to be mindful of the information they share and store using these apps. Workers also tend to be more cautious when they know their IT departments monitor the use of messaging apps, he says. “When [employees] have a clear understanding of the impacts these apps have on the entire organization, we’ve found that they are more careful.”

CIOs should try to gauge how often messaging apps are used in their organizations, according to Preset. “Even a little quantitative information is better than no information and bad assumptions,” he says.

Once IT leaders understand why employees use certain apps, they can begin to cultivate an organized culture with guidelines meant to promote responsible behavior, according to Preset. IT leaders should remind workers where confidential conversations should be kept, update communication policies and pay special attention to groups or individuals that manage critical information. “Communication is like water,” Preset says. “It flows via the path of least resistance.”

Many of Gartner’s clients use consumer messaging apps for internal business communications, and according to the company’s recent research, WhatsApp is the most popular in the enterprise. As such, it is also the target of the most concern among IT professionals. “CIOs will tell us their teams find [WhatsApp] effective so, on the one hand, they want to know if it can be validated and permitted,” Preset says. “On the other, CIOs recognize that they can’t see what’s happening in that platform. CIOs and their enterprises bear all the risk without any visibility or control.”

[Related: Popularity of messaging apps continues to skyrocket]

At Nextiva, Lesavoy knows many of the company’s workers use Facebook Messenger and WhatsApp, but he says his IT staff can’t keep tabs on these apps on personal devices. “We focus on keeping our team members engaged and busy so they have less time to spend on messaging apps.” 

Instead of blocking these apps completely, the best option for IT is often to promote best practices that mitigate the associated risk. And though Facebook, WhatsApp and other popular messaging apps can prove to be problematic, it’s the lesser-known options and the newcomers that worry Lesavoy. “The apps that concern me the most today are the apps that we don’t know about yet,” he says. “Technology is evolving so rapidly that it’s very difficult to predict what is coming, and the uncertainty is hard to plan for.”