Popular consumer technology often makes the jump from the personal to the professional. AOL Instant Messenger, the iPhone and Facebook, for example, started off as consumer apps and devices and quickly gained ground in the office.
More recently, WhatsApp, the messaging app now used by 1.5 billion people worldwide (and owned by Facebook) has been traveling that same path.
A recent survey from UK-based analyst firm CCS Insights indicates WhatsApp is the most widely-used mobile app in the workplace, more prevalent than mobile versions of team chat apps such as Slack and Microsoft Teams. “It is one of the most successful and popular apps out there and that will naturally bleed over into the enterprise,” said Nick McQuire, vice president for enterprise research at CCS Insights. The firsm surveyed 672 employees in the US and Europe.
For WhatsApp, the reasons behind its popularity are simple: It’s free, easy to use and familiar to a huge audience.
But popular apps aren't necessarily the most secure apps, and employees that side-step corporate-approved messaging software in favor of their preferred tools can create headaches for the IT department. By their nature, consumer apps lack central management capabilities such as the ability to add and remove participants from a group, and they raise the possibility of sensitive documents being shared externally.
As a result, some companies have banned WhatsApp's use outright.
Employee use of a tool like WhatsApp is often a challenge for large organizations, said McQuire. “WhatsApp has encryption mechanisms, but there's not enough control, governance, visibility and reassurances that enterprises need. That's understandable because it is not an enterprise service, but that's the problem they have.”
Real-world use, data protection concerns
Since its launch in 2009, WhatsApp has proved immensely popular – leading to its $19 billion acquisition by Facebook.
As usage has grown, the app has shown up more frequently in corporate cubicles and on mobile devices. For instance, WhatsApp has become a favorite of physicians in the UK that had been forced to rely on outdated technology. A study of 2,107 doctors across five hospital sites in 2015 showed that a third of doctors and nurses use WhatsApp and other messaging apps to send clinical information, despite NHS warnings about data privacy risks.
A follow-up study in 2016 that looked at WhatsApp specifically concluded that the app delivered a range of benefits, “[breaking] down the traditional hierarchies that can stunt effective communication within a team.
“WhatsApp is performing an essential function, providing [less-experienced healthcare workers] whose teams are fragmented between [operating rooms] and wards with a hotline to senior opinion,” the research report said, noting that doctors “will continue to use methods of communication that are most useful and efficient in practice.”
For Danish shipping firm Maersk, WhatsApp became a lifeline for internal and external communications when the company was hit by a NotPetya cyber-attack.
“It was frankly quite a shocking experience,” Maersk CEO Soren Skou told The Financial Times. “Your email goes down, all your address systems. We ended up having to use WhatsApp on our private phones.”
Even though some companies have embraced WhatsApp, a growing awareness of data protection risks has pushed other firms in the opposite direction. In some cases, they have prohibited the use of WhatsApp (and other consumer tools) outright.
Deutsche Bank, for example, chose to ban WhatsApp in 2017 as it sought to improve compliance processes. And earlier this year, another German firm, tire manufacturer Continental, prohibited its 240,000 employees from using WhatsApp as it sought to comply with new GDPR rules, citing concerns around the storage of users’ WhatsApp contacts on Facebook's servers.
Enterprise concerns around shadow IT use pre-date WhatsApp’s rise and this year’s introduction of tightened data protection regulations in the EU. Ovum’s 2017 “Secure Enterprise Messaging” survey of 300 businesses found that 65% of respondents were worried that consumer chat apps can create a security “loophole,” while half were troubled by their inability to monitor and audit employee communications.
“The concern is not how secure is the app, the concern is that it is not an enterprise app. It is not built for work, which means that there is no way to administer it, there is no way to manage users,” said Stacey Epstein, CEO at Zinc, an enterprise mobile messaging vendor that sees corporate use of WhatsApp as a source of competition.
“So, if I am out in the field and I have a problem and I need to reach out to my buddies and I start creating these WhatsApp groups and just start adding people, well who has, not even control, but visibility to who's in the group,” Epstein said.
Mitigating consumer app risks
While Continental opted for an outright ban, most businesses are more pragmatic in their approach, acknowledging that such decisions are often hard to enforce.
Ovum’s research showed 38% of respondents that provided a company-authorized mobile messaging app also allowed the use alternatives such as WhatsApp. But two-thirds of that group said they “only did so because it was impossible for them to block them.”
TiVo CIO Steve Palmucci argued that, as with any organization, it is inevitable that some employees will use a tool like WhatsApp for messaging. Such communications aren’t an issue if they’re limited to personal conversations. It’s when corporate data is shared or stored externally without IT’s knowledge that problems can arise.
Part of TiVo’s strategy has been to deploy a "robust MDM solution" that covers all devices, whether company-issued or employee-owned, said Palmucci. “We have proper safeguards in place to govern how devices are used. This gives us the ability to protect data, to wipe the data in the event that devices are lost or employees are terminated.”
TiVo doesn’t use its MDM software to block mobile apps outright, a move he said would be seen as “draconian” considering TiVo’s “tech-savvy” workforce – though doing so would technically be possible.
“We, as a decision, don't control the applications that users can download to their phones – even on phones that we provide to the user base…,” he said. That’s true, even “to the extent that there may be some users who are communicating in WhatsApp…with external parties.”
Corporate policies and staff training are another part of TiVo’s strategy. "We have a policy that addresses the use of those types of applications. It doesn't list WhatsApp specifically, but it addresses the use of third-party mechanisms for sharing company data or for communicating with people outside of your company.
“So what we don't control by the tools we have in place, we try to limit by policy.”
Enterprise messaging app options
Another part of TiVo’s approach is to provide workers with a range of mobile-ready messaging tools that are more suited to enterprise communications, including Skype for Business, Slack and Zoom for video conferencing.
“We have other mechanisms for employees to achieve similar outcomes that are more enterprise-class, not necessarily consumer,” Palmucci said. “So it is not as if it is an unmet need. It is more a question of people's preferences and also their comfort level with a certain tool.”
According to Ovum’s survey, Skype for Business is the most popular enterprise mobile messaging app, though a variety of startups are targeting the market, too. That list includes TeamWire, Wickr and Zinc.
Despite the popularity of team chat tools such as Slack and Microsoft Teams – which offer mobile versions for iOS and Android – they don’t meet the needs of staffers that prefer a simple interface – particularly frontline workers, Zinc's Epstein said.
“You can't argue with how important it is to have real-time communications. Unfortunately, the communication apps that have ben built for the desktop world – like Slack and Microsoft Teams – have been built for a person staring at a computer screen,” she said.
“They are also effective, but when you are mobile and you are on your phone, logging-in to Slack or Teams is just not as efficient as using something like WhatsApp. The user experience is super simple, super fast; it is all about real time communications and everybody knows how to use it.”
An enterprise version of WhatsApp?
With employees keen on using simple chat apps at work, would it make sense for Facebook to launch an enterprise-friendly version of WhatsApp?
The company made similar moves with its social network platform, launching a business-focused application, Workplace, in 2016. It has also created an enterprise product for its Oculus VR hardware, another indication of a growing interest in corporate sales. And in 2017, the company announced WhatsApp Business, a platform for business-to-consumer communications. (Facebook officials could not be reached for comment on any enterprise plans.)
“It will be interesting to see whether Facebook starts to acknowledge that and starts to think about ways in which they can make WhatsApp more friendly to businesses,” said McQuire. “At the moment, it's more or less entirely a consumer product and enterprises have had to figure out ways in which they either support it or turn a blind eye to it because users are using it.”
While there might be complications to launching a “WhatsApp for Enterprise” service – how it would align with Workplace’s Chat function, for example – it would make sense, both for Facebook and for end users.
“It feels like that's the next phase for WhatsApp, but we'll see when that comes,” he said.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.