100% on the safe side
The most necessary security settings for a messenger for organisations
As typical for the SaaS market, you find either open-source solutions on the business messenger market, such as the freely available Matrix protocol, or out-of-the-box solutions like Teamwire, with which you as a user can start directly. In our blog post “Open-source messenger vs. out-of-the-box (part 1): what makes the difference in business messaging?” we already pointed out,
– Where the general origins of instant messaging and unified communication & collaboration (UC&C) solutions lie,
– how and why open-source and out-of-the-box solutions have become established, and
– what developments this has resulted in for the business messaging market.
Time for a checklist that compares both solution approaches so you can take the appropriate approach to your own business messenger.
When strategically choosing your own business messenger, five factors in particular play a fundamental role: security, ease of use, administrative management, third-party system integrations and hosting.
Both out-of-the-box vendors and the open-source community are committed to security and privacy. With Matrix, for example, which is highlighted as end-to-end encrypted, security is ultimately the responsibility of the developers and administrators in the user company. With established business messenger providers, customers know from start what kind of measures the out-of-the-box solution – in line with the Privacy by Design and Privacy by Default approaches – entails to ensure data privacy and data security. Both approaches pursue the goal of the greatest possible data sovereignty according to GDPR, the fulfillment of comprehensive compliance standards and the highest data sovereignty via cloud and self-hosting options.
With open-source, every developer can view the open-source code. On the one hand, transparency is high, but on the other hand, there is a risk that potential attackers will discover and exploit precisely these security gaps, even if the source code can be adapted individually by each company. In this case, the developers in the community or in the company’s own organization would have to provide fixes or patches as quickly as possible to close the vulnerability and defend against cyberattacks. Established messenger providers are usually faster at fixing security deficiencies in their closed system, which is immediately secure again for all users (e.g., via security update). In addition, providers of out-of-the-box solutions use external security audits and penetration tests.
Of course, established business messengers offer typical features for application scenarios in the business environment “out-of-the-box”. These include all standard features familiar from the private messenger sector, such as group chats and voice-over-IP. More important, however, is the implementation of important and innovative business features, such as polls, live location sharing, push-to-talk, and attention messages. Newer open-source protocols mostly already include relevant standard features for messenger apps and good encryption technology, but all business features have to be programmed individually.
Since out-of-the-box solutions undergo regular UX quality checks and are then further developed and optimized, the user experience is usually better. In addition, the products are mature and stable, so users encounter significantly fewer bugs. A high-quality product is also possible with open-source. However, it takes a lot more effort to achieve and, above all, maintain this status. The user experience can either be programmed by the user or implemented with the help of available open-source clients such as element.io for Matrix protocol.
Out-of-the-box business messengers are convincing with convenient administration, specifically aligned to the requirements of an IT administrator or solution officer: Users can be managed via a dashboard and settings can be made with regard to data protection, compliance and end device management. Central administration is not a fixed standard for open-source protocols and must be programmed individually.
Particularly for critical infrastructure companies, government agencies, hospitals, and research and development departments of independent organizations, it is often necessary to communicate across departmental, unit, and organizational boundaries. In the open-source environment, it is possible to link different messenger providers with each other by means of so-called bridging. In the area of out-of-the-box solutions, on the other hand, this is a question of the interoperability of a messenger in order to ensure the mutual exchange of information smoothly and securely. Here, established solutions, such as Teamwire Federation, create unified communication between autonomous companies. Via an interoperable out-of-the-box solution, federated companies can exchange information without any problems.
If there are no dedicated and industry-specific business messengers available that reflect your own use cases and requirements, an open-source solution can be used to implement an individually tailored alternative. However, a wide range of out-of-the-box solutions is now available – some with a specific industry focus, such as healthcare, government, retail, police, financial services, and additional comprehensive configuration options. Most organizations should already find what they are looking for here, so there is no need to develop their own open-source-based messenger solution.
Dependence on software vendors is often described as “vendor lock-in”, which can exist on a contractual, technical and process-related level. It makes it difficult or even impossible to adequately replace a product once it has been implemented. In the case of the diverse and highly competitive business messenger market, however, this is not to be feared and a change of provider is entirely possible. In the case of open-source solutions, on the other hand, continued operation and development of the messenger always depend on the knowledge of the community or the team of developers deployed, that could also make a change more difficult.
With open-source solutions, the community supports each other. Online documentation, forums and wikis are available. The quality of the information varies greatly here. The same applies to the regularity and quality of routine & fixes updates, which are carried out by the community or own developers. With out-of-the-box messengers, personal and customized support is usually already part of the solution. There are regular updates, bug fixes and further developments. The established messenger providers also usually close security gaps directly to protect their customers and avoid reputation damage.
As a rule, the standard programming code of an open-source messenger is available free of charge; customization and further development of the software – in this case a business messaging app – as well as operation and maintenance are associated with costs, including full-time equivalents or freelance developers. These need to be put into relation to out-of-the-box solutions. By contrast, there is lively competition among the established providers of business messengers, from which the customer benefits: High-quality, industry-specific solutions can be purchased at low prices, and professional services and further developments are included as a free service in the standard product. It is therefore necessary to make a comparison between the license costs – including operation and maintenance – and the self-development costs, such as the salaries of three to five software developers over the corresponding development period with an open-source solution – plus operating, maintenance and possible additional license costs.
The benefit of an out-of-the-box solution is that it is hosted in a public or private cloud and is therefore activated and ready for use as soon as the license is purchased. Since business messenger providers place great emphasis on the quick and simple use of the product, the messenger should be immediately usable for any non-technical user. Even in an on-premises environment, including installation into an MDM/UEM environment and setting possible administrator preferences, an out-of-the-box solution can be rolled out across an entire organization within 30 days. The connection of additional third-party systems is possible via open API interfaces, but is to be understood as an IT implementation project and is not included in a standard scope of services of an out-of-the-box solution. With an open-source solution, even the launch for initial use requires significantly more time: Even with the connection to pre-defined user interfaces such as Element.io, the messenger must first be programmed and tested. Based on purely standard features, an average development time of six to eight months can be expected – for individual Messenger projects, a development time of one to two years is more likely.
Basically, both out-of-the-box and open-source solutions are good, because both approaches pursue clear and logical objectives. The fact is that the business messenger market has grown strongly in recent years and already offers suitable solutions for many industries. The fact that open-source solutions are enjoying growing popularity is not infrequently due to the desire for data or digital sovereignty, i.e. autonomy and above all independence from large American cloud and software providers. However, professional out-of-the-box solutions such as Teamwire are already well positioned and advanced in this respect. To catch up to this status with an open-source solution requires time or a very large development team. The right features, the ideal user experience – all that is associated with considerable costs. In contrast, license fees are usually manageable and include support and maintenance costs. Even though the open-source basis may be free of charge, it does not mean that a business messenger based on it is free of charge at all. For many companies, public authorities, public agencies and medical institutions, open-source solutions are therefore hardly affordable. As a first step, it is advisable to examine the business messenger vendors on the market. For specific use cases that do not have out-of-the-box solutions, or if the size of the organization makes it necessary, open-source software may be an alternative.
Do you have questions about which type of business messenger is suitable for your organization? Then contact us and schedule a meeting. We are happy to provide you with advice and support.