The majority of executives and IT managers are normally unaware how many unauthorized shadow IT or shadow cloud apps and services their employees are using. Cloud apps and services are easy to use without oversight, they can be quickly adopted by employees or teams to solve business problems, and often no formal involvement of the enterprise’s IT department is required. Since there is a huge demand for messaging for the internal business communication, if there is no enterprise messaging app available, employees are quick to use Whatsapp as an insecure and unprotected alternative (please read our blog posts on the disadvantages, damages and security of Whatsapp). Actually many businesses currently have a huge Whatsapp problem as part of the shadow IT, because they haven’t deployed an enterprise messaging app yet.

Why Is Whatsapp as Part of the Shadow IT a Big Problem for Enterprises?
  1. Whatsapp can lead to unexpected leakage of confidential corporate as well as customer data. These leakages are very hard to track down.
  2. Whatsapp does not fulfill the data protection requirements of enterprises, and sensitive business, partner and customer data will end with Facebook.
  3. The enterprise data within Whatsapp is not protected properly and there are no back up systems in place that are required for audit reasons and to secure data.
  4. There is no access management (e.g. for data loss prevention) in order to block unauthorized use of Whatsapp in case of a stolen or lost device.
  5. Whatsapp does not support all important use cases for enterprises which leads to ineffective communication and collaboration.
  6. Whatsapp is not integrated into the enterprise IT ecosystem which leads to workflow interruptions, unmanaged dependencies and overall lower productivity.
  7. Whatsapp is not compliant and can lead to significant fines (e.g. lack of audit trail, license issues, chat data required for law suits, violation of regulations).
How Can Enterprises Identify if Whatsapp Is Part of Their Shadow IT?
  1. Enterprises can use their mobile device management solution (e.g. MobileIron, Airwatch) to check on how many managed devices Whatsapp is installed and how big the Whatsapp problem is.
  2. Businesses can check firewall, network and web proxy logs. This will show the Whatsapp usage in case employees use the corporate Wifi regularly for mobile devices.
  3. Enterprises can simply ask employees if they use Whatsapp for the business communication. This can also give insights what use cases need to be covered with an enterprise messaging app.
What Should Enterprises Do if They Have a Whatsapp Problem?
  1. Businesses should understand the use cases of employees for Whatsapp and why messaging is so important for them.
  2. Enterprises should evaluate the data protection, security, compliance, productivity and business risks due to Whatsapp.
  3. Enterprises should define rules for acceptable Whatsapp usage (e.g. for family and friends only), or completely blacklist Whatsapp with a mobile device management solution.
  4. Businesses should deploy an enterprise messaging app to improve team communication, collaboration, security, data protection and compliance in the messaging era.
  5. Businesses should quickly roll-out and use the enterprise messaging app for many of their employees for a few core use cases.
  6. Businesses should connect the enterprise messaging app to their IT ecosystem in order to accelerate and automate workflows. This enables additional use cases and ensures maximum productivity.

Whatsapp as part of the shadow IT shows a clear demand of employees for an enterprise messaging app. Sometimes the shadow IT also includes other consumer messaging apps like Telegram, Facebook Messenger, etc. which show the same need. If you have questions on how to identify and solve your Whatsapp problem, please contact us on

The original article can be found here.