Social Media, Chat Platforms & Enterprise Security

A real world story

More often than not we use the chat platforms like WhatsApp for our communications, document sharing et. al for our official communications as well. Although most of these platforms claim to be end-to-end encrypted and secure, yet the question remains how safe is it. For an enterprise customer like a bank, where auditing and logging are mandatory, can these Social Media platforms be used? We know many of these platforms do not provide any audit reports or logs to address any data leak & other issues. Also, how do service providers use the available data, where the servers are located, et. al questions remain to be answered.

In this connection, I had an inquiry about whether it is possible for the bank to implement a similar platform which provides all those features like these popular platforms, yet be able to monitor the activities of the enterprise members, provides logging and audit features, able to integrate with the enterprise authentication system, scalable to be used by 10s of thousands of people within the bank.

Although the question was whether such a platform can be provisioned, I do not dwell into that question. Whereas what I like to highlight here is the concern of security of the Social Media platforms like WhatsApp for a Bank.

The primary concerns here are:
a. Apart from message initiator and receiver, who else have access to the personal/official data?
b. How do they use it?
c. Whether they are liable for any leak/abuse of available personal/official data?
d. In case of abuse, whether a remediation process is available? If yes, what is the process?
e. Whether they make any audit logs available?
f. Whether they provide an administrative interface to the bank for on-boarding their users, enforce their own Information Security policies?

Probably, many of these platforms answer the above in "Negative". But there is a necessity for such a platform in an enterprise like a bank. Implementing one for themselves, managed by their own IT administrators is the preferred one. However, there are many other considerations like platform vulnerabilities, considerations of directives from the Regulatory body et. al.

Whether we can address this challenge? We say yes if we carefully address the challenges and take all stakeholders into confidence, it is possible to create such a platform.

Do you wish to implement one? Talk to us