This blog raises awareness about the use of consumer-grade comms applications within a business. It illustrates how unregulated use of ‘shadow IT’ can be detrimental.
What’s the one thing that most of us have in common (I promise it’s not a trick question)? We’re all human? We’d all love to live in a utopian society where everyone is treated equally? We all need to be more conscious of the protection of our online data? Well, despite all these examples probably being true, the main similarity that we’re going to be focusing on in this article is our widespread use of mainstream communication applications within the professional context. Despite there being a plethora of purpose-built alternatives readily available on the market, we will investigate why some of us are resorting to using consumer-grade applications as the predominant means of communication with our colleagues. We will also try and identify the potential security vulnerabilities these ‘shadow IT’ tendencies expose businesses to, before detailing what benefits adopting more secure, purpose-built enterprise-grade unified communication and collaboration (UC&C) platforms can yield a business.
Similar to when AOLs Instant Messenger rose in popularity, many of today’s consumer-grade applications like WhatsApp, Facebook, and WeChat have started to make the transition from personal use, to professional use. According to a 2018 CCS Insight’s report, ‘WhatsApp now ranks as the most widely used mobile app in business’, and is even considered as the foremost mobile application (outside China) in terms of total time spent in the app. However, what’s concerning is that the use of these applications often goes unsanctioned by central management, resulting in nightmares for IT when they finally become aware of their widespread use. With no real administrative or auditing means, IT managers are growing increasingly more conscious of employee ‘shadow IT’ (technologies and applications that are used by employees without the knowledge of the enterprise’s IT department) tendencies and are starting to clamp down on their usage. However, why do we many of our colleagues continue to use these unauthorized applications?
Partly attributed to the fact that they are mostly free and most of us already have one installed on our devices, a perhaps less obvious reason is that the use of these familiar applications ‘breaks down the traditional hierarchies’ imposed by more dated corporate communication channels. In the context of healthcare, it has been argued that these more familiar means of communication are widely regarded as being key to remedying the often fragment communication flow between junior and senior doctors. However, with the growing emphasis on data protection and the recent introduction of the European Union’s General Data Protection Regulation (GDPR), it is important to stress that businesses be cautious of the use of shadow IT as this can pose a serious threat to the security of not only its own data and that of its employees, but also the data of its customers and partners. So, what’s the alternative? Enterprise unified communication & collaboration (UC&C) applications with consumer-grade user experience (UX).
UC&C is used to describe enterprise-grade applications that combine standard communication features like; instant messaging, file and screen sharing, audio and video calling, and conferencing, with asynchronous cooperation capabilities. They provide a more purpose-built, secure, and effective alternative to consumer-grade applications and often include useful business features like analytics (to track effective usage), central management (to move, add, edit users), and auditing (to ensure appropriate usage). With incidents like the recent Facebook and Cambridge Analytica scandal still fresh in our minds, the lack of any form of central management or administrative capability in mainstream consumer applications has led to many businesses either imposing restrictions and bans on their use – through mobile device management (MDM) platforms, or have provided employees with authorised alternatives such as Alcatel-Lucent Enterprise’s Rainbow platform. While these alternatives have similar if not more feature functionalities than their consumer-grade counterparts, platforms like Rainbow also provide central management capabilities with the support and reassurance businesses need to ensure their data is secure. With a centrally managed administrative portal that can be used to manage users, Rainbow is also fully GDPR compliant and ISO27001 certified, demonstrating that it abides by specific international legal, physical, and technical standards.
While it would be wrong to overlook the recent ventures that certain consumer grade applications like WhatsApp (with WhatsApp Business) and Facebook (with Workplace) have made towards entering the enterprise communication market, one difficulty they may face is convincing consumers to treat their new applications as professional workplace tools. With an extremely familiar user interface (UI) across both consumer and enterprise-versions, users of both platforms could unintentionally end up using them as ‘informal workplace chat groups’ that ‘could damage an employer’s reputation’ when used inappropriately. In other words, they could end up contributing to the already numerous interruption-driven platforms we use daily.
Considering the aforementioned emphasis of data security, one of the main appealing factors of WhatsApp and WhatsApp Business is its end-to-end encryption. While there is not doubt that WhatsApp should be considered as one of the pioneers in terms of introducing such strict levels of encryption to a consumer-grade application, there are some areas where it falls short. For example, while the app may not store data from individual messages on its servers, ‘it does hold the address book information of every one of its users, including contacts who haven’t even downloaded the app’. Furthermore, if one reads the WhatsApp Business terms and conditions on its website, it clearly states that when you sign up, ‘you grant WhatsApp and its subsidiaries and affiliates a worldwide, non-exclusive, sub-licensable, and transferable licence to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, and publicly perform or display Company Content that you upload, submit, store, send, or receive on or through our Business Services, solely for the purposes of providing, operating, developing, promoting, updating, and improving our Business Services, and researching and developing new services, features, or uses.’ Now, imagine this in a professional context? It doesn’t even bear thinking about, huh? Luckily, not only are there tried-and-tested, enterprise-grade alternatives like Rainbow out there with built-in encryption standards to safeguard user-data, but they also guarantee that all user-information is never shared with any third-parties or used to increase its own brand recognition.
To conclude, businesses and their employees require technologies that can successfully facilitate the seamless flow of knowledge and information throughout the organisation. While there will always be those employees who favour one platform over another, businesses need to be wary of these shadow IT habits and present viable enterprise-grade alternatives to appease both parties. With the same level of features but more administrative and auditing capabilities, despite the considerable effort by mainstream vendors to tailor their consumer-grade applications for use within the enterprise context, the use of purpose-built platforms like Rainbow will not only help boost productivity but also safeguard all crucial data.