Mobile instant messaging presents several security and compliance challenges, especially to organizations in regulated industries, such as government, financial services and healthcare. Concerns over data leakage, cyber surveillance and industrial espionage — heightened by employees’ preferences for consumer IM apps — have forced some CIOs to restrict or even prohibit this popular and productivity accelerating form of communication and collaboration.
To get the enterprise IM machine up and humming again, enterprises will need a secure, easy-to-use enterprise messaging platform. That’s why earlier this week BlackBerry introduced BBM Protected, which builds upon BBM’s easy-of-use and privacy and adds an additional layer of enterprise-grade security.
Whatever your choice of enterprise mobile messaging, there are seven factors to consider to ensure your solution is secure and, more importantly, used by your employees:
1. Engaging Interface. Mobile end users do not suffer from a lack of options. Any mobile app that does not deliver an optimal user experience – or impedes productivity to the slightest degree – will be rejected by employees in favor of an “unapproved” alternative. While risk mitigation is paramount in the adoption of a secure mobile IM service, even most secure solutions will be non-starters if they lack an engaging, easy-to-use interface that enables workers, for example, to smoothly navigate between modes of communication.
2. Built for Mobile. Though the enterprise mobile app movement is still in a nascent stage, businesses have already learned that processes built for a desktop environment rarely translate to a mobile one. IM apps are no exceptions. IM apps built from the ground up for mobile make the best use of the limited real estate of mobile displays and the on-the-go mentality of mobile users.
3. Enhanced Security Model. Security is all about layers – overlapping layers. Look for a mobile IM service that employs multiple layers of encryption to deliver new levels of enterprise-grade security to protect the content of IMs while in transit and at rest. Only a company with years of experience in cryptography will be able to create the novel techniques for exchanging signing keys and other security measures that organizations will require to ensure the needed integrity and confidentiality of their communications.
4. Complete Control. The only way to ensure that a technology partner or service provider is not complying – voluntarily or involuntarily – with government or private surveillance operations is to select a secure mobile IM supplier that relinquishes the ability to decrypt the information in encrypted IM exchanges. If any entity other than your organization possesses the capabilities to intercept or read secure messages, the solution is flawed. Find a partner, for example, that employs out-of-band mechanisms to ensure the secrecy of key exchanges and places encryption keys exclusively under the control of your organization.
5. Established Pedigree. Trial-and-error is a poor model for any electronic service, but a particularly dangerous one when security is a top-of-mind concern. Organizations with elevated security requirements need to partner with suppliers with deep and well-regarded pedigrees in the messaging, security and enterprise mobility markets.
6. EMM Integration. The benefits of IM and Enterprise Mobility Management (EMM) integration are substantial from expense, complexity and compliance perspectives. On the cost side, a single-vendor solution could eliminate the purchase of the additional hardware for hosting a standalone IM solution, as well as the expense of training IT on a separate management console. EMM integration also reduces the complexity of implementing a secure IM service to a simple policy change. Compatibility between EMM and IM means that the voice and email logging and auditing capabilities of the EMM platform can be extended to include IM.
7. Universal & Transparent. Industry research indicates that employees prefer to use a single IM solution for both work and personal communications. An IM app that enjoys both widespread consumer and enterprise penetration – and allows users to chat with employees and acquaintances from a single interface — will find the most favor with end users. It’s also imperative that the app is able to transition between security levels and usage scenarios (work vs personal) automatically – without the intervention of the end user.
Download the white paper Accelerating Productivity with Secure Enterprise Instant Messaging for additional information about enterprise IM security vulnerabilities and risk mitigation.