Secure messaging is a serious challenge for many organisations. It is not just about locking down the primary communication channels; it is getting all employees, from the boardroom down, to understand the risks of different communication channels.
To understand more about the challenges, Enterprise Times spoke with Anurag Lal, CEO of NetSfere, a secure enterprise messaging service. Lal explained that NetSfere is an amalgamation of multiple mobile messaging assets the company has acquired over a few years. Its initial focus was the mobile operator market.
The company has since pivoted to the enterprise messaging market. Lal said, “A few years ago, we felt very strongly that there was going to be a boom in mobile message messaging utilisation apps. We’ve delivered a range of offerings to the enterprise, one being our omni-channel capability. We also felt there was a huge need for a secure messaging platform within the enterprise.”
Part of that need is users’ increased use of WhatsApp and other apps. Lal says that IT has lost control of what is happening when it comes to communications. It is not just convenience that has users adopting the apps. They are often attracted by claims of security.
Lal points out that this is a false premise. He said, “Its [WhatsApp] business model is built on mining data and information, and they make no promise of security, even though they talk about encryption.” He points to WhatsApp’s statements in the iOS and Android App Store about the amount of data they are collecting. It is not just WhatsApp that Lal calls out. He also calls out Slack, Teams and other apps.
Mobile devices and COVID added to the problem
Securing communications is not a new concept; just ask those in regulated industries like finance. Lal agrees but says that while highly regulated industries understand it, even they struggle with it. When it comes to the enterprise, there is a huge gap in understanding the risk.
At the heart of that is the use of personal devices, including smartphones, tablets and computers. Even before COVID, Lal says IT was trying to work out how to manage them. They had invested in mobile device management platforms, but the workforce was still mainly defined by enterprise boundaries. When COVID hit, Lal notes, “All of a sudden, the workforce got distributed. The physicality of an enterprise environment or a campus disappeared. And that opened a huge hole.”
Data on personal devices has always been a challenge. Organisations have embraced the idea of personal devices but have struggled with how to legally wipe those devices when users have left the company. The issue is that wiping a dual-use device means wiping users’ personal data, and that is a major legal nightmare.
Another challenge when people started working from home was the app explosion. People found SaaS apps that solved a problem for them. They then spread them across their team and, once again, IT was faced with users taking advantage of unauthorised apps. That led to data flowing out of the enterprise and into places where it was at risk.
But what happens when a user leaves the organisation?
One of the biggest challenges for IT is offboarding a user, especially when they are using a personal mobile device as a contact number. NetSfere has resolved this, says Lal, by not using the mobile phone number. He said, “Our primary means of authentication is the email address, which remains with them only as long as they are an employee of that corporation. The minute they leave, that’s cut off.”
It’s a good move, but one that does need corporate policies configured to ensure that happens. In most organisations, accounts are left in place for a period of time, whether that be handover, someone leaving, or someone quitting. It is critical that those policies are linked to NetSfere.
The need for a secure platform
Lal says that the solution is a secure enterprise platform, which is what NetSfere delivers. He said, “When we architected the platform, we did it in a manner where, as part of our encryption implementation, data always belongs and stays with the company. We don’t own it, we don’t touch it, even my engineers can’t see it. That little space that the application holds on the device, whether that be a laptop, or a smartphone, that essentially belongs to the company. The company has complete control and ownership of it at all times.”
Another key point Lal makes is that NetSfere has only been built for enterprise communications. It is not a dual-use platform. It prevents that fatal mix of personal and business data and makes it easier for IT to take control. All data is not only encrypted within NetSfere, but the company allows customers to bring their own key (BYoK). It further ensures that NetSfere cannot have access to corporate data and increases security.
Lal also says that blocking apps doesn’t work. The key is to sell the benefits to users of a secure messaging platform for business data, leaving them to use what they want for personal comms. On one level, there is the reduction of fines from regulators for data breaches and compliance failures. On another, there is the increase in productivity.
To qualify the productivity benefits, NetSfere recently commissioned research from 451 Group. Lal said, “They spoke to 500 CIOs and asked them specifically about productivity. The data came back that after deploying a NetSfere type product, productivity went up between 10 to 15%. If you’re paying somebody $100,000, that’s 10 to $15,000 per person.”
Lal continued, “The cost of our platform is minimal compared to that. That’s the reason enterprises are figuring it out, and moving forward effectively with this.”
APIs and Integration
NetSfere comes with a set of secure APIs to allow customers to link it with other applications. However, Lal sounds a word of caution. The strength of NetSfere is in its encryption on the platform. Lal said, “We have APIs, but we have a set of secure APIs. Because we are encrypting everything on the platform, which is encrypted constantly. We want to make sure we never compromise that. The secure set of APIs has very strict rules on any information coming in or going out, it has to cater to those encryption requirements.”
But what does that mean for customers? Lal believes that the quickest and safest way to populate the contact database is to export the data from another app and import it directly into NetSfere. However, for some customers, this is going to be a challenge, especially where ERP or CRM are their core enterprise apps. In those cases, customers are going to want to bi-directional data flow.
Lal says that this can be done by customers using the APIs. However, they have to accept that they are taking the risk of potentially weakening the security of NetSfere by using and integrating those external apps.
Enterprise Times: What does this mean?
Secure messaging should be a key goal of many organisations. But as the number of messaging, collaboration and email apps has proliferated, few have control over the security of their corporate communications. NetSfere has built its platform on a range of mobile messaging assets that it has acquired from other vendors. It has also proven itself by becoming a key part of the telco supply chain.
Bringing that expertise to the enterprise market gives it a depth of experience and technology that many organisations will welcome. The challenge for most organisations is going to be adoption. Lal sees a strong business case in protecting against data leakage, meeting regulatory requirements, and avoiding fines. However, it will be interesting to see how many businesses ignore the warnings and go for bi-directional data control.