Is there an enterprise use case for ephemeral comms?

Although disappearing comms will never fully replace email or instant messaging in the enterprise, is there a security argument for using them in certain scenarios?

By Shirley Siluk

Mon 28 Aug 2017 @ 11:34

Business executives, doctors, security experts and professionals across every industry have access to more data than ever before: data about customers, partners, patients, negotiations, contracts and much more. They also have more ways than ever to exchange that data quickly and securely.

But should they be saving all of those communications?

As numerous recent security breaches have demonstrated, there are risks in holding on to every email, text, photo or file you’ve ever sent anyone or anyone’s ever sent you - including the risk that someone other than the sender and the intended recipients will get hold of that information and use it for harmful purposes. From married users arranging affairs via the 'dating' site Ashley Madison to former US presidential candidate and Secretary of State Hillary Clinton, many people have discovered the downsides of stored communications: hacks, leaks and unwanted publicity.

Mobile apps like Snapchat – which lets users exchange texts, images and videos that disappear after a short amount of time – have become popular for casual communications. But is there a case for enterprise-quality communications that are similarly short-lived?

In some cases, yes. For example, Envoy, a company that specialises in iPad-enabled visitor registration services, sees a benefit in storing as little data as possible about the people using its technology. Founder and CEO Larry Gadea told The Washington Post in 2016: “We have to keep as little [information] as possible so that even if the government or some other entity wanted access to it, we’d be able to say that we don’t have it.”

Other business leaders expressed similar concerns in the wake of the Federal Bureau of Investigation’s efforts in early 2016 to compel Apple to unlock an iPhone in the agency's possession.

“[S]ome large tech firms are increasingly offering services to consumers that rely far less on collecting data,” the Post article noted. “The sea change is even becoming evident among early-stage companies that see holding so much data as more of a liability than an asset, given the risk that cybercriminals or government investigators might come knocking.”

Storing too much data on multiple devices, especially mobile ones, raises particular concerns in sensitive and highly-regulated industries such as finance or healthcare. (Some officials in Washington, DC, appear to be worrying about this as well.)

Apps for short-lived messaging can offer a security advantage for health professionals working in offsite locations such as a patient’s home, according to Galina Datskovsky, CEO of the ephemeral messaging service Vaporstream.

“Ephemerality ensures that no data remains on the device or the message server,” Datskovsky wrote recently in the health profession magazine HomeCare. “If a homecare nurse needs to take a photo of a patient’s wound to send back to the hospital for example, the image will expire from the device based on a period of time of inactivity. This alleviates any concerns that a copy of the photo could be compromised should the nurse’s phone be lost or stolen.”

The appeal of ephemeral messaging apps has grown as the cost of data storage has shrunk dramatically in recent years, according to Joel Wallenstrom, CEO and president of Wickr, another firm that provides short-lived communications tools for enterprises.

“The logic is: if storage costs 2 cents per GB why not store everything, in case someday it may become useful,” Wallenstrom wrote in a recent post on his company's blog. “Ironically, despite the almost zero cost of taking up the storage space, the real price of keeping the high-value communications secure has never been higher.”