Some enterprise workers are still using the consumer mobile messaging tools they prefer, rather than the business-centric tools provided by their companies, despite repeated security and privacy warnings about the practice over the last several years.
And that ongoing security risk, according to a recent study by 451 Research, is one that businesses need to continue to battle as they work to improve their organizational IT security. When enterprise workers use non-authorized, self-installed messaging apps on their mobile devices or desktop machines, they leave internal IT security standards behind, potentially putting corporate and private data at risk outside of business firewalls, networks and other security systems.
The problem, said Raul Castanon-Martinez, a senior analyst for workforce collaboration at 451 Research and the author of the 10-page report, "Growing Use of Consumer Messaging Apps Exposes Organizations to Privacy, Compliance and Security Risks," is that while IT administrators often know of the illicit messaging app use by workers, they often seem to ignore it.
"It's a little bit startling to see that IT is not active in terms of find a solution to the problem," said Castanon-Martinez. "They know that's a problem, but the issue is they are not able to understand or assess the level of risk."
What IT departments should be doing to reduce the use of unauthorized messaging apps is to perform detailed analyses and assessments of the messaging tools that are being used by employees for communications, he said. Those evaluations can be done through analysis of network traffic, Mobile Device Management applications and through discussions with employees.
IT leaders also should get a clear message from the users of these insecure collaboration applications – by using non-authorized tools, the users are likely saying that the company-endorsed messaging applications are not serving their specific needs, said Castanon-Martinez.
"If users are using them, that means they are actually addressing a problem they have in the best way they can," he said. "It could mean the tools the company is providing are not sufficient for users. You have to get down to the central issue there."
The study, which was sponsored by messaging and mobility vendor Infinite Convergence Solutions, found that nearly 3 in 4 employees use consumer messaging apps for business purposes, in defiance of corporate policies, while about 62 percent of their companies have not made any policy changes in the last six months to halt the practice.
"This is still happening" despite several years of warnings about the issue, said Castanon-Martinez. "I think most people probably think it's different now, but things have not changed that much."
In the end, all such uses of consumer messaging apps likely won't be stopped in enterprises, he said, but companies can still do a better job reducing their usage to improve their overall IT security.
The issue also points to a shift in the software industry, said Castanon-Martinez, as "more and more the decisions are going to be influenced or even made by employees, rather than by the CEO or CTO," who traditionally dictated what applications are used inside companies.
"It will more likely be involving collaboration tools, because that's what users can put on their phones," he said. "For IT, if they look at it from that point of view, that could start changing things for the better. I think we are still at the very beginning of understanding the needs of knowledge workers."
The study also found that some 70 percent of employees use smartphones for business purposes, and that messaging is their number one activity on the devices. Some 58 percent of employees say their companies allow the use of personal mobile phones for business use, while only 9 percent of those companies don't allow the use of non-approved messaging services. About 40 percent of employees perform work-related activities on a smartphone daily, according to the study.
In the future, the use of mobile messaging by workers will continue to significantly expand, the report concludes. "We expect that secure enterprise mobile messaging will emerge from behind the shadow of consumer messaging apps to become a core productivity tool that workers use on a daily basis, alongside email and calendar applications. We also expect evolving privacy and security requirements will result in secure messaging emerging as a distinct business communications category."
The October 2017 report includes responses brought together from some 4,000 IT decision makers in the U.S. who were interviewed as part of several Voice of the Connected User Landscape (VoCUL) surveys conducted by 451 Research.