Enterprise data security is never an A or B option – Good cyber security is far more nuanced
As those that have been in cyber security for any length of time know, protecting data is not a simple process. The dynamic between individual privacy and security of the population at large, whether due to terrorists , paedophiles/abusers or any number of bad actors, is a complicated balancing act that depends on many variables. There has been a recent outcry by some providers of consumer apps regarding the Online Safety Bill (currently going through Parliament) reported by the BBC: https://www.bbc.co.uk/news/technology-65301510 which is said to compromise people’s privacy. In short, some providers of messaging apps are threatening to block UK users should the bill become law.
Citizen’s want to be protected
The bottom line is that the vast majority of citizens want to be protected and for the police and law enforcement agencies to be allowed to fight crime. In order for this to happen, under certain circumstances, additional measures need to be put in place. Indeed, this isn’t the first time that there has been push-back from interested parties trying to stop new legislation. The Regulation of Investigatory Powers (RIPA) 2000 witnessed a backlash from journalists (amongst others) at the time.
Consumer apps have no place in business communications
Putting all this into the context of business communications, it really is a big ‘so what’. Or at least, it should be. Business communications should never be conducted over consumer-grade apps for many reasons (which we’ve explained elsewhere numerous times – NCSC also gives advice: https://www.armourcomms.com/2022/05/17/advice-from-ncsc-using-secure-messaging-voice-collaboration-apps/).
Keep business and private data separate
Corporate data is owned by the organisation wherever it may be, including on BYOD devices or a company/organisation supplied phone, and needs to be treated as such at all times. Consumer apps should not be installed on corporate devices (witness the recent banning of Tiktok by several governments (https://www.armourcomms.com/2023/03/23/global-backlash-against-tiktok-grows/). Such apps pose a business security risk as users may be targeted via these apps, and the apps themselves may be used to send data which will later compromise the organisation. All this emphasizes the need for organisations to control their own data – something that the use of consumer apps simply doesn’t allow.
Choose your secure comms platform carefully
When it comes to enterprise secure comms, organisations should avoid the lure of ‘shadow IT’ – just because people like it and everyone uses it doesn’t make it acceptable, particularly when there are credible alternatives. A built-for-purpose, Secure by Design secure comms platform can provide an equally slick user experience plus the ability to manage and control data and meta-data. Whether on-premises or a secure hosted solution, an enterprise-grade secure comms platform ensures data sovereignty (your data stays on sovereign soil, i.e. you know where it is being held) and data separation (no mixing of data, be that different classifications of data, or business and personal).
Enterprise secure comms platforms provide additional services such as archive and audit, which enable the review of communications at a later date, to ensure compliance with regulations (GDPR, FOI, for example). None of this is available from consumer apps.
In short, if you rely on a consumer-grade app for any part of your business, you are not only at the whim of the supplier, you are also risking your business reputation.