Company Focus

Solving the threat to business communications from consumer apps

The issue with free-to-use apps

Consumer-grade communications apps are ubiquitous, and, without vigilance, and a viable alternative, people are likely to use them for business communications too.  This is a serious security risk because the enterprise has no control over how the app may be used, and where sensitive corporate information may ultimately end up.

The most widely used consumer apps are owned by multi-national social media companies, that have demonstrated little regard for privacy and safeguarding of user data.  Tech giants are moving data away from the EU, and away from the stringent requirements of data protection legislation such as GDPR.  Proposed changes to one global communications platform’s Privacy Policy earlier this year sparked widespread comment in the media, with many commentators stating they will no longer use such services.  

All this begs the question – what is so bad about consumer-grade communications platforms and why are they so unsuitable for business use?

Large, high profile targets

As large, widely used platforms, consumer-grade apps are an inviting target to malicious actors.   

Removing enterprise communications from the aim of a large portion of the attack base is an obvious risk mitigation strategy.

Data can be stored anywhere in the world

With consumer apps people have no choice but to join a single community of users hosted on servers which could in any location. An individual’s private information, and any enterprise data shared through the platform, could therefore, go offshore without any option to prevent this.

No control over who joins the group

Being in a single group of millions of users opens up the potential for attacks from outsiders.

No partitioning of sensitive information

With consumer grade apps it is not possible to run your own instance or have a private instance hosted for your organisation.  

Mobile Phone Numbers are the only way to subscribe

For users to open an account it is usually a requirement that they use their GSM number. This requirement means that if an attacker can find the person’s mobile number, then the attack is easy to target.  

Use of consumer apps for business contravenes GDPR

Some consumer-grade apps stipulate that they are for personal use only.  Once enrolled, users are often asked if the app can access their contacts. The issue is that those contacts haven’t given consent for a third party to process their data.

This could be a breach of GDPR and therefore could pose serious consequences for non-compliance, including hefty fines.  

Lack of Enterprise features

Consumer products do not provide enterprise features such as conferencing, audit, connection to other unified comms systems and connection to desk phones.

High Risk to locally held data if devices are lost or stolen

The data held locally by consumer apps on mobile phones is not encrypted or secured in any meaningful way, giving easy access to message attachments and therefore making stealing phones of targeted victims, a potentially valuable source of information.

Using an enterprise app ensures that all data held locally is in encrypted form that is only accessible after the user authenticates themselves each time they start the app.

Enterprise-grade alternatives from Armour Comms

Armour Comms provides a range of solutions, and the knowledge and experience to curate a suitable service to meet exact requirements. Armour Mobile solutions are specifically designed to provide enterprise-ready capabilities, including gateways into existing unified communications systems, for professional customers including governments, financial and legal businesses, defence organisations and high net worth individuals.

Armour Mobile – available for iOS, Android and Windows Desktop, hosted on the Armour Secure Cloud, or as an on-premises solution. Based on NCSC and NATO approved MIKEY-SAKKE protocols, the Armour Mobile app is downloadable from app stores, and while centrally administered, provisioning new users is quick and easy.

SigNet by Armour – an alternative to Armour Mobile for specific use case requirements, using 256 bit encryption technology. Available as an on-premises solution, SigNet too is downloadable from the app stores, and quick and easy to provision.

About Armour Comms

Armour Communications Limited is a UK based company supplying market leading technology for secure communication via 3/4/5G, Wi-Fi and satellite for voice, video, messaging and data on Android, iOS, Windows, Linux and macOS platforms.

Armour’s products include NATO, CPA and ISO27001 approved offerings up to OFFICIAL-SENSITIVE and NATO Restricted with solutions via selected Armour partners available to mitigate threats up to SECRET.

Armour Comms has been awarded a prestigious Queens Award for Enterprise: International Trade 2021. The award was made for outstanding short term growth in overseas sales over the last three years.

For more information visit our website.

Partners

View the latest
digital issue