Managing the use of ephemeral Instant Messaging applications (IM apps) for business communications is difficult:
IM apps can be considered as an information security risk for reasons like privacy, confidentiality or data retention in case of legal disputes.
On the other hand, in some regions IM apps have become the primary channel for conducting business and communicating with customers.
How does your organization balance this?
Do you prohibit IM apps, do you define use cases or do you accept the risk?
Please choose your option and provide just 3 answers regarding your current practice.
I'm interested in the use of ephemeral Instant Messengers which are not centrally managed by your own corporate IT, such as WhatsApp, Line, Hike or WeChat.
FORBID - My organization prohibits the use of IM apps in a business context
- Did you define strict policies against it
- Yes
- No
- Did you implement technology to prevent these apps from being installed or used
- Yes
- Not yet, but planning to
- No
- Do you follow a COPE (Corporate Owned, Personally Enabled) mobile device strategy?
- Yes
- No
DEFINE - My organization defines the use of IM apps in business context, allowing but a few justified exceptions
- Did you define allowed use cases at policy level?
- Yes
- No
- Did you create an exception process?
- Exceptions are approved by Corporate Board level
- Exceptions are approved by other level of management
- No
- Did you implement supporting technology (for e.g. central backups or monitoring)?
- Yes
- Not yet, but planning to
- No
ACCEPT - My organization accepts the risks
- Did leadership accept the risk?
- Risk accepted by Corporate Board level
- Risk accepted by other level of management
- No
- Did you implement supporting technology (for e.g. central backups or monitoring)?
- Yes
- Not yet, but planning to
- No
