Security Experts:

Google Misses an Enterprise Opportunity with Allo

Think of Microsoft and you think of Satya Nadella. Think of Google and you think of, well, who? While Microsoft has a single guiding vision for the future, Google does not. Microsoft intends to dominate the corporate cloud, and everything it does is based on that intention. Google, however, seems to have lost its way.

This lack of focused direction is clearly shown in Google's products. At last week's annual Google I/O conference for developers it announced two new messenger apps to add to the two it already has: Allo for messages and Duo for videoconferencing. It already has Google Messenger and Hangouts.

Compare this to Microsoft. Microsoft also has multiple messenger capabilities, but there is little doubt that it is channeling everyone, willing or not, into Skype. While Microsoft will have one application that can do everything for everybody, Google is drifting towards multiple apps that only do one thing for any one group of users.

While this multiple choice scenario may be useful for savvy consumers, it is a problem for enterprises that want to offer a flexible BYOD policy to their users. For Microsoft shops, the end-user really has a single choice - Skype. Security teams know what they have to work with.

This is not the case with Google and Android. If Google had a firm focus on the enterprise cloud, it has - and is not currently using - an excellent opportunity with one of the new apps, Allo. Allo has two main elements: Google Assistant (an AI-based prompt system), and Incognito (including end-to-end encryption and automatic message deletion). Both are strong selling-points: the former for the consumer and the latter for the enterprise.

It would seem that the consumer market is more important than the enterprise market. The Google Play entry starts with the Assistant blurb, is followed by four other selling points, and finishes with the Incognito entry. It further seems as if one of the developers who stressed the value of end-to-end encryption and disappearing messages had his knuckles rapped. 

Incognito is not 'default on'. In a blog, the developer originally wrote, "I wish it's the default (because it's my feature haha :), but even if it is not default all is not lost. I can't promise anything now, but I'm pushing for a setting where users can opt out of cleartext messaging. Basically with one touch you can tell Allo that you want to 'Always chat in incognito mode going forward'..."

Within a few hours this entire section of his blog was removed. The current version is here.

The value of a messenger that employs full end-to-end encryption automatically and then, after a period of time, automatically removes the messages, will not be lost on enterprise security teams. BYOD is here to stay and is largely unavoidable. What Allo's Incognito mode does is fill a serious hole in compliance.

Consider the health sector. Visiting nurses and junior doctors do not hesitate to pass technically sensitive PHI from one nurse to another, generally in cleartext, when someone's health is at stake - even when they know it is against corporate policy. If Allo's default was incognito 'always on', this particular regulatory concern could disappear.

It is currently a missed opportunity for Google. And it has to be said, it is possible that current levels of pressure from governments and LEAs against end-to-end encryption might just be the reason.

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.