1 billion+ users. 330 million of which use the app for business purposes and happily share the latest HR files, sales pipelines and company intelligence over the messaging app.
Lately, IT Managers and Company Directors were in disarray as to how to address the increasing risk of data leaks, security hazards and breaches of compliance rules and corporate governance that come with using WhatsApp in a business environment.
But hurray, now WhatsApp adds end-to-end encryption, meaning
every form of communication on its service, messages, phone calls, photos and videos, is now encrypted.
All in hand and time to sit back and relax, right? Well, you may want to think again. Here is why WhatsApp’s encryption is putting your business at risk:
- WhatsApp Encryption Isn’t New
Whilst this week’s news was highly publicized across the global media, in 2014, WhatsApp alreadyencrypted a portion
of its network. One could argue that the recent announcement is solely a very well timed marketing message in the wake of the the Apple vs. FBI case which made data privacy a searing topic of debate.
- It still breaches Compliance Regulations
End-to-end encryption where only the sender and receiver can read a message may have its uses but it is certainly not what you want in an enterprise context. The core paradigm of sharing corporate knowledge and information is openness and transparency.
So silencing the ‘man in the middle’ does not just mean that people outside your company can’t read messages, it also means the company itself can’t read messages, making compliance monitoring impossible. As WhatsApp Co-Founder Acton puts it: “With encryption,
you can even be a whistle-blower—and not worry.” A comment which will give your audit and compliance folks some major indigestion.
- It still doesn’t address Corporate Governance (KY3P Principles)
WhatsApp aren’t the first ones to focus on end-to-end encryption. Telegram, a Russian Messaging Services does the same, making headlines after it emerged that ISIS
use their platform to ‘securely’ communicate. Having your employees on a consumer/social platform which can also be used by undesirable elements (criminals, terrorists) is a major source of risk, encrypted or not.
- It still lacks Access Controls & Authentication
Encryption doesn’t protect from unauthorised access. What if a user loses their phone? Companies often have MDM/EMM systems in place to enable data
access controls or remote wiping of devices in case they get lost or stolen. Consumer & social apps simply don’t give you that option.
Data is end-to-end protected but still hosted in the public cloud, on a server whose location you may not be aware of, in a country whose data privacy policies may be very different to yours.
- It is still a Consumer App
The information shared and chat rooms created are not connected to your corporate directory or any internal system for that matter, making it a less productive and less secure application for firms.
The recent news is certainly a game changer in terms of personal data privacy. If you are a consumer, this may well put your mind at ease, but it doesn’t make your business any more secure. On the contrary, if your employees are still using WhatsApp, offering
enterprise-ready alternatives are your only way to peace of mind.