Maksim Kabakou - Fotolia

Security Think Tank: Use technical controls and policy to secure messaging apps

What criteria should organisations use to assess the security of smartphone messaging apps and how can they ensure only approved apps are used by employees?

Smartphone messaging apps are a quick and easy way for employees to collaborate. They have become part of the fabric of day-to-day business, as employees find them a speedier way to get through some everyday tasks.

Today’s mobile devices often run a mish-mash of work and non-work applications. Personal smartphones are used for work – bring your own device (BYOD) – and corporate devices used for personal applications – corporately owned, personally enabled (COPE). These blurred boundaries mean it is not possible to fully prevent the use of smartphone messaging apps by employees for business use, especially when those apps are also used in everyday life.

However, research by the Information Security Forum (ISF) shows that more than 90% of organisations are concerned about the potential for organisational damage, financial or reputational, resulting from the insecure use of messaging apps. Confidential or sensitive information could be inadvertently disclosed.

To address this, potential technical controls include the deployment of mobile device management (MDM) on corporately owned smartphones – software used to manage and secure employee smartphones. For corporate and personal smartphones deploying applications for business use, mobile application management (MAM) software gives organisations an approved set of mobile applications. It does this partly by scanning code and checking the application developer’s reputation before adding an application to the whitelisted group, providing the organisation with reassurance.

Technical controls alone will not be enough. As is clearly demonstrated with the use of smartphone messaging apps for business purposes, determined users will find a way around technical controls if they are prevented from using such applications. As such, policies are required to address both BYOD and COPE, to explain what the workforce is allowed to do with company data and property, and specifically calling out smartphone messaging apps.

So, provide a suitable messaging application for employees to use that has been approved by MAM software. Alongside technical controls, develop policy to drive secure user behaviour and deliver the best possible protection for the organisation’s information.

This was last published in December 2017

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close