Connect with us

Hi, what are you looking for?


Cloud Security

Google Misses an Enterprise Opportunity with Allo

Think of Microsoft and you think of Satya Nadella. Think of Google and you think of, well, who? While Microsoft has a single guiding vision for the future, Google does not. Microsoft intends to dominate the corporate cloud, and everything it does is based on that intention. Google, however, seems to have lost its way.

Think of Microsoft and you think of Satya Nadella. Think of Google and you think of, well, who? While Microsoft has a single guiding vision for the future, Google does not. Microsoft intends to dominate the corporate cloud, and everything it does is based on that intention. Google, however, seems to have lost its way.

This lack of focused direction is clearly shown in Google’s products. At last week’s annual Google I/O conference for developers it announced two new messenger apps to add to the two it already has: Allo for messages and Duo for videoconferencing. It already has Google Messenger and Hangouts.

Compare this to Microsoft. Microsoft also has multiple messenger capabilities, but there is little doubt that it is channeling everyone, willing or not, into Skype. While Microsoft will have one application that can do everything for everybody, Google is drifting towards multiple apps that only do one thing for any one group of users.

While this multiple choice scenario may be useful for savvy consumers, it is a problem for enterprises that want to offer a flexible BYOD policy to their users. For Microsoft shops, the end-user really has a single choice – Skype. Security teams know what they have to work with.

This is not the case with Google and Android. If Google had a firm focus on the enterprise cloud, it has – and is not currently using – an excellent opportunity with one of the new apps, Allo. Allo has two main elements: Google Assistant (an AI-based prompt system), and Incognito (including end-to-end encryption and automatic message deletion). Both are strong selling-points: the former for the consumer and the latter for the enterprise.

It would seem that the consumer market is more important than the enterprise market. The Google Play entry starts with the Assistant blurb, is followed by four other selling points, and finishes with the Incognito entry. It further seems as if one of the developers who stressed the value of end-to-end encryption and disappearing messages had his knuckles rapped. 

Incognito is not ‘default on’. In a blog, the developer originally wrote, “I wish it’s the default (because it’s my feature haha :), but even if it is not default all is not lost. I can’t promise anything now, but I’m pushing for a setting where users can opt out of cleartext messaging. Basically with one touch you can tell Allo that you want to ‘Always chat in incognito mode going forward’…”

Within a few hours this entire section of his blog was removed. The current version is here.

Advertisement. Scroll to continue reading.

The value of a messenger that employs full end-to-end encryption automatically and then, after a period of time, automatically removes the messages, will not be lost on enterprise security teams. BYOD is here to stay and is largely unavoidable. What Allo’s Incognito mode does is fill a serious hole in compliance.

Consider the health sector. Visiting nurses and junior doctors do not hesitate to pass technically sensitive PHI from one nurse to another, generally in cleartext, when someone’s health is at stake – even when they know it is against corporate policy. If Allo’s default was incognito ‘always on’, this particular regulatory concern could disappear.

It is currently a missed opportunity for Google. And it has to be said, it is possible that current levels of pressure from governments and LEAs against end-to-end encryption might just be the reason.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.