WhatsApp Adds Encryption – Is It Now Enterprise Ready?

Guest Post from MindLink

1 billion+ users. 330 million of which use the app for business purposes and happily share the latest HR files, sales pipelines, and company intelligence over the messaging app.

Lately, however, IT Managers and company directors were in disarray as to address the increasing risk of data leaks, security hazards ,and breaches of compliance rules and corporate governance that come with using WhatsApp in a business environment. (WhatsApp security flaw puts 200 million web app users at risk, Telegraph)

But hurray, now WhatsApp adds end-to-end encryption, meaning every form of communication on its service, messages, phone calls, photos and videos, is now encrypted.

All in hand and time to sit back and relax, right? Well, you may want to think again. Here is why WhatsApp’s encryption is still putting your business at risk.

  1. WhatsApp Encryption Isn’t New
    Whilst the news was highly publicized across the global media in 2014, WhatsApp already encrypted a portion of its network. One could argue that the recent announcement is a very well timed marketing message in the wake of the the Apple vs. FBI case, which made data privacy a searing topic of debate.
  2. It Breaches Compliance Regulations
    End-to-end encryption where only the sender and receiver can read a message may have its uses but it is certainly not what you want in an enterprise context. The core paradigm of sharing corporate knowledge and information is openness and transparency. So silencing the ‘man in the middle’ does not just mean that people outside your company cannot read messages, it also means the company itself cannot read messages, making compliance monitoring a major concern. As WhatsApp Co-Founder, Acton, puts it, “With encryption, you can even be a whistle-blower—and not worry,” a comment which will give your audit and compliance folks some major indigestion.
  3. It Doesn’t Address Corporate Governance (KY3P Principles)
    WhatsApp isn’t the first one to focus on end-to-end encryption. Telegram, a Russian Messaging Services does the same, making headlines after it announced that a known terrorist network used their platform to "securely" communicate. Having your employees on a consumer/social chat platform, which can also be used by undesirable elements (criminals, terrorists), is a major source of risk and breaches your corporate governance requirements.
  4. It Still Lacks Access Control & Authentication
    Access controls are a major security concern and a channel through which many data leaks happen. Encryption does not protect from unauthorized access. What if a user loses their phone? What if it is stolen? Companies rely on Mobile Device Management or Enterprise Mobility Management (EMM) such as MobileIron’s AppConnect to ensure data access can be 100% controlled and a lost device can be wiped remotely. Consumer and social apps simply don’t give corporate business the same mobile security.
  5. It is Public Cloud-Based
    Data is end-to-end protected but still hosted in the public cloud, on a server whose location you may not be aware of, in a country whose data privacy policies may be very different to yours.
  6. It is Still a Consumer App
    Built for people’s private lives, it is easy to sign up, easy to share, inexpensive, and pervasive. That does not make it suitable for the enterprise – and we are not talking only security here. Information shared and chat rooms created on consumer or social apps are not connected to your corporate directory or any internal system for that matter, making it a less productive and less secure application for corporate use.

Let’s bring it home: The recent news is certainly a game changer in terms of personal data privacy. If you are a consumer, this may well put your mind at ease, yet it does not make your business and corporate data any more secure.

On the contrary, if your employees are still using WhatsApp, offering enterprise-ready alternatives such as MindLink for MobileIron, which has been built for business use and has the security and mobile device management capabilities firms need, can provide you peace of mind.