auris - Fotolia

Better team messaging app security could boost enterprise adoption

Enhanced team messaging app security, compliance and analytics could kindle adoption across enterprises. As an example, Cisco Spark just unveiled several updates.

Team messaging tools have been available for a few years, but use of these apps has been departmental in nature. Typically, small and agile project-based teams have picked one of many vendors and worked more efficiently than with traditional collaboration tools. Other business communication tools went through similar adoption cycles. 

Remember the early days of chat? Business users downloaded AOL Instant Messenger, Yahoo Messenger or a range of other applications. Eventually, many businesses standardized on certain tools, such as Cisco Jabber and Microsoft Office Communications Server, Lync or Skype for Business.

The transition from ad hoc adoption to an enterprise standard happens when businesses need enhanced control, security and analytics to understand the use of the app and protect the organization from unnecessary risk. 

Many companies of all sizes have at least a handful of workers using a team messaging app. Enterprises now need tighter controls on these messaging services.

Tighter security for enterprise-wide adoption

As the use of team messaging becomes more widespread, businesses must choose a product with enterprise-grade controls and security. Without these features, a company might find its data scattered over multiple platforms, making it difficult to secure and to meet compliance requirements. 

Also, purchasing apps in an ad hoc manner might be fine with a small amount of users. But, as the population grows, corporate standardization has a number of benefits, such as policy development, application integration and license agreements.

IT and business leaders should get a handle on team messaging now, as the number of users is still relatively manageable.

IT and business leaders should get a handle on team messaging now, as the number of users is still relatively manageable. Decision-makers should ensure their service -- whichever one they choose -- offers the required level of security and management to scale the product across the company.

Highlighting this need for security, Cisco recently beefed up its Spark collaboration service, hoping to get it ready for the next phase of adoption. The Cisco Spark updates, announced this week, include:

Enhanced security. Security has always been a differentiator for Spark, as it's the only platform to encrypt data from the cloud to the device. This security feature is critical for groups that want to share sensitive information, such as financial data or patient records.

Cisco has now added an e-discovery tool to search through Spark messages by email address, date range or keywords. This feature has been standard with email for many years and is important for legal reasons.

Compliance improvements. Spark now has configurable retention policies, so data can be purged from Spark spaces as determined by company policy.  Activities, shared whiteboards, files and messages can be deleted.

Also, through APIs, Spark can integrate with third-party data loss prevention vendors and cloud access security brokers. Third-party vendors that integrate with Spark for compliance or data loss prevention include Actiance, Symantec, Skyhigh Networks, Global Relay and Cisco Cloudlock.

Administrator portal and analytics. The Cisco Spark Control Hub provides administrators with information that could improve the end-user experience. For example, administrators can use the portal to see who had poor call quality, where the person was calling from and whether it was isolated to that individual or more widespread.

Also, the portal shows usage information for Cisco Spark, WebEx and Spark Hybrid, which can be helpful for different business-related tasks. For example, if Spark was provisioned across a company, the business unit leader can find out who is not using the service and determine if training is required or the license should be revoked.

Another use case might be to compare the use of WebEx and Spark to worker productivity. The business leader may find a direct correlation and mandate the usage of the collaboration tools. Through the portal, enterprises can access a range of data that can deliver insights to business unit leaders, security officers and other responsible parties.

Cisco Spark updates
Cisco Spark updates include extensive analytics and usage reports.

BYOD enablement. The use of personal devices by business users is rampant today. Almost every professional carries some combination of a laptop, tablet and mobile phone, often owned by the individual. With personal devices, it's often difficult to enforce such things as password-protected screens. Since IT can't control the endpoint, Cisco moved some of the security to the app. 

Cisco Spark now includes PIN lock and Web Smart Timeouts; the latter lets the Spark web app automatically lock after a certain time when running off the company network. The updates also include Enterprise Certificate Pinning, which protects users from breached public hotspots without requiring the use of a virtual private network.

On-premises key server. All Spark data is stored in the cloud, and that seems to be fine with most customers. However, many organizations, such as regulated verticals or ones that are ultra-security-conscious, may want better control over that content. For those customers, Cisco offers an on-premises key management server where the data may still be stored in Spark Cloud, but the key management is done on premises.

Now, if the Cisco Spark service is attacked, the data will appear encrypted and unreadable. This essentially creates the security equivalent to maintaining the storage on premises.

Cisco Spark is not for everyone, as there is a wide range of controls. However, the features Cisco has built into Spark do prepare it for enterprise-wide usage.

Editor's note: Cisco is a client of ZK Research.

Next Steps

Examine the different flavors of messaging encryption.

Team messaging apps challenge UC platforms.

Collaboration apps face interoperability woes.

Dig Deeper on Unified Communications Security