Shadow communications: A compliance risk in Asia
Summary
The increasing use of consumer messaging apps like WhatsApp, Telegram, and Signal for business communications – known as 'shadow communications' – presents a critical governance and compliance risk for enterprises, particularly in Asia. While employees prioritize agility and speed, these unmanaged channels move sensitive data outside of auditable IT systems. Regulatory bodies like the SEC, CFTC, MAS, and SFC have already levied billions in fines for failures to record and preserve off-channel communications, setting a global precedent.
The misconception that end-to-end encryption provides sufficient security is dangerous, as it doesn't protect the endpoints (personal devices) from data leakage, screenshots, or unauthorized sharing. This creates vulnerabilities related to data loss upon employee departure and complicates e-discovery processes during legal disputes. Simply banning these apps is ineffective; instead, organizations need to adopt sanctioned platforms that offer similar convenience within a secure, governed framework.
Addressing this requires a comprehensive strategy including clear policies, training, and the implementation of secure VoIP systems and managed messaging applications that capture both text and audio communications. Ultimately, enterprises must prioritize data sovereignty and recognize unmanaged off-channel communication as a serious data breach risk, aligning with international record-keeping standards to avoid costly compliance crises.
(Source:Frontier Enterprise)