What’s within an employee chat? More than emojis. Employee communications via chat, voice calls, and videoconferencing can include customers’ personal information, insights about business operations, or other highly sensitive material.

Consumer apps aren’t suited for such purposes. They lack enterprise controls for management and compliance, have privacy policies and terms of use that can change to the detriment of user privacy, and present potential risks for eavesdropping and data exposure. Multiple major banks are also currently facing regulatory fines of up to $200 million each due to employee use of consumer messaging apps.

Enterprise apps are not always a sufficient fit for every business purpose, either. They may not meet an organization’s requirements for specific use cases, such as out-of-band communications for incident response, where they require a separate channel from existing enterprise communications (which may be compromised in an attack) and other functionality to bring in external parties to respond, controls for ITAR compliance, or use in low-bandwidth environments.

Secure communications tools can help support use cases in which organizations require added data security controls for business communications. They are enterprise alternatives to popular consumer apps such as WhatsApp and WeChat. They can also be used alongside enterprise apps like Microsoft Teams and Slack in scenarios that require additional controls or in place of them entirely.

Forrester defines secure communications as platforms for messaging/chat and other capabilities like voice calling, videoconferencing, and more, all for communicating and collaborating on sensitive content requiring strong data controls.

I’m excited to announce that The Forrester Wave™: Secure Communications, Q3 2022 has published! This is a 26-criterion evaluation of secure communications providers. Some highlights from this Wave report:

  • The offerings in this space span a wide range when it comes to how they meet enterprise and government customer requirements for secure communications. The heritage of a secure communications offering provides insight into its philosophy and approach, the key industries and geographies it aims to serve, and the types of innovation it focuses on. Many have a foothold in government and defense, while others have a stronger presence in other sectors like critical infrastructure, financial services, or business services.
  • There is a spectrum of focus across security and privacy capabilities, some of which involve trade-offs in design to optimize for security or privacy. User privacy can mean fully anonymous enrollment and use of the secure communications app where required, as well as capabilities for individual users of the app to control what information from their user profile is visible to other users of the app. There is also the distinction between user privacy and the privacy of the messages exchanged. This is seen in a provider’s perspective toward metadata collection, protection, and use.
  • How secure communications offerings approach data retention for compliance purposes, or as a business requirement for forensics purposes, will vary greatly. Often, the design of secure communications tools prioritizes ephemeral messages and handling of privileged content over retention. But retention is possible! An offering might enable this via policy settings, integrating with an archiving solution, or the provider’s value-added service or built-in functionality.

In a world of anywhere work and reliance on digital conversations for everyday interactions, the tools your organization relies on for employee communications must be secure, reliable, and easy to use. Secure communications tools can help provide added control over sensitive information within business communications for situations that require it, protect employees and their privacy, and meet compliance requirements for data protection and retention.