Are Virtual Collaboration Tools a Necessary Evil for Enterprises? How to limit the risk?

Ask yourself: have you used WhatsApp, Zoom, Teams, Slack (or similar) today?

For the majority of business leaders — and their employees — the answer would be a resounding yes.

In just 2 1/2 years since the onset of COVID-19, organizations have come to rely on such virtual collaboration tools. They are nothing short of essential for internal and external collaboration, business continuity and remote working – and everyone within a company just expects to use them.

But with their advent and explosion in growth, it has been made abundantly clear that these tools pose a significant security risk. Organizations are puzzled in preventing data exposure and misuse, while also closely monitoring communications and, in regulated industries, ensuring compliance.

Most organizations are aware that many of these platforms are not secure or compliant – so why are they still using them?

Simply put, “the pandemic forced our reliance on video communication channels like Zoom, and now we can’t expect to put the toothpaste back in the tube,” said Shiran Weitzman, CEO of communications compliance platform company. Shield.

However, he pointed out: “In today’s workplace where work can be done anywhere, it is likely that companies, regardless of the industry, will be required by law to maintain standards related to protecting customer data and keeping internal communications and discussions.”

Share data, risk compliance

Employees spend on average 2 1/2 hours every day on applications like Zoom and Teams — and 27% of US workers spend more than half of the workweek on them.

For example, WhatsApp has approximately 2.44 billion unique active users worldwide. Zoom has more than 350 million daily meeting participants. Teams is used by more than 1 million organizations as their default messaging platform. Slack has 10 million daily active users.

In a study by Veritas Technologies71% of office workers worldwide – including 68% in the US – admitted to sharing sensitive and mission-critical business data using virtual collaboration tools.

The Veritas Hidden Threat of Business Collaboration Report surveyed 12,500 office workers in ten countries and found that 58% of U.S. employees store their own copies of business information shared via IM, while 51% delete that information completely. Both approaches, the report notes, could expose companies to significant fines if regulators ask to see a paper trail.

Employees acknowledged sharing data such as customer information, details on HR issues, contracts, business plans and even COVID-19 test results. And sensitive data continues to be shared, even though 39% of US workers have been reprimanded by bosses — and 75% said they would continue to share such information.

Likewise, “you can expect executives looking to make deals, regardless of industry, to quickly send a WhatsApp message to colleagues and business associates, especially if there’s an established relationship,” Weitzman says.

In response in the banking sector, the Securities and Exchange Commission (SEC) is expected to announce a combined multi-billion dollar fines as Wall Street’s largest banks use banned messaging apps, including WhatsApp and Signal. In fact, some experienced bank executives are fired just for using unapproved communication channels, Weitzman said.

Traders and brokers have become “overly dependent” on electronic messaging tools to discuss investment terms, hold client meetings and conduct other business, particularly because of the pandemic, he said.

Most of the problems arise when it comes to regulation, because encrypted messaging apps get in the way of adequate monitoring. But while they are often used for nefarious behavior such as money laundering, insider trading or data breaches, many use them because customers or business partners prefer them.

Weitzman also pointed to unencrypted services — especially video — that pose significant challenges. “Analyzing video images is a complex process that requires in-depth technology, and storing all those audio files is a logistical nightmare that cannot be accomplished without exorbitant costs,” he said.

Ultimately, “once the SEC digs into the context of the actual conversations taking place over electronic messaging platforms, it will be relevant to the broader company because then we actually get a glimpse of the nefarious behavior,” he said.

Manage BYOE

When it comes to preventing data exposure, the biggest challenge is enterprise control, said Patrick Hevesi, VP and analyst at Gartner.

Organizations can only fully manage virtual collaboration tools on managed devices and enterprise versions of messaging apps. On a managed device, IT can implement methods to prevent sensitive data from being sent to unauthorized users, monitor communications and ensure secure use of applications, he said.

But with more and more companies allowing BYOE (bring your own everything) – along with the lack of corporate controls in many of the messaging apps – this is getting very difficult. IT can’t stop employees from using personal devices and downloading and using the messaging app they choose.

Also, if a messaging app enables customer communication — and there’s no corporate version available — businesses can lose money by not using it, Hevesi pointed out.

The more popular tools, especially those with enterprise versions, have added more security and enterprise features for control. Also, some messaging apps are built from the ground up with end-to-end encryption, making them secure by default.

As Hevesi noted, “it’s less about using the business and more about the employees using the apps to do their jobs.”

Proactive supervision

In response to all this, the global message security market is experiencing significant growth. According to Mordor intelligencethe segment will be valued at approximately $15 billion in 2026, up from just over $4 billion in 2020. This represents a compound annual growth rate (CAGR) of 24.5%.

Hevesi called it a “very difficult use case to completely shut down,” but advised that enterprises provide a secure and managed alternative to personal messaging apps and require employees to use the company-approved apps.

This allows IT to use tools such as Secure Web Gateways (SWG), Cloud Access Security Brokers (CASB), enterprise authentication, Mobile Threat Defense (MTD), Data Loss Prevention (DLP), and other tools to protect user and business data. pointed out.

Simplifying and standardizing electronic communication channels is also critical for productivity and safety, Weitzman said. Those that are no longer needed should be eliminated to avoid application sprawl. And tools that work across borders must adhere to each country’s protocols.

Deep Tech Monitoring

Companies therefore need to devise strategic monitoring and archiving solutions that safeguard data privacy while reducing risk, Weitzman said.

The once silo-shaped approach just doesn’t cut it anymore, he said. The sheer number of electronic communication channels creates “a great need” for workplace information and monitoring tools that proactively monitor all communication channels and are alert to all business conversations, reducing regulatory, reputation and information risks.

Surveillance systems that rely on artificial intelligence (AI), machine learning (ML) and natural language processing (NLP) can efficiently capture and archive employee communications regardless of encryption, he said (although these don’t always have the capability to video communications).

Across the board, Weitzman said, “organizations need to look for deep-tech solutions that can be tailored to their specific needs when it comes to archiving, transcription, ediscovery, and more.”