Self-deleting e-mails: An enterprise nightmare?
Network administrators already have a lot on their plates as they adapt to challenges laid out by their agency’s mobile device policies. Lately they have something else to keep them up at night – self-destructing e-mails.
There are several apps available that will delete content sent from a mobile device after a specified timeframe. Snapchat, designed for sending photos, is one. Wikr, with which users can send encrypted, self-destructing voice, text or audio, is another.
There also are websites that let people send self-deleting messages, such as Burn Note, KickNotes and OneShar. On Burn Note, for instance, the sender writes a message, enters an e-mail address and sets the amount of time the message will be available. After that, it disappears.
This might sound like James Bond or “Mission: Impossible” stuff, but you can bet at least some of your users are thinking about using it.
The makers of these services promote them as a way for people to have private communications from their phones or other devices while also using those devices for work. The services do provide a measure of personal security. Jason Cipriani at CNet, for instance, points out that a message that self-destructs after being read once could come in handy when sending a loan officer your Social Security number.
But for government employees, these services could be a problem.
Federal, state and local governments have established rules for storing e-mail and other electronic communications that constitute a public record. Not every e-mail needs to be kept, so a personal photo sent to a friend or a message setting a dinner date can be disposed of. But when a message disappears on its own, who’s to say what was in it.
A big fear about these services is that it would make leaks harder to trace, according to Information Week. Employee-caused data leaks are already common — whether accidental or intentional — but figuring out how information got out is much easier as long as the data and a trail still exists.
In some ways, apps like these could be a boon if used properly. Some agency rules, for instance, want e-mails that don’t qualify as public documents deleted after 90 days, in order to cut down on storage requirements. Setting them to delete automatically could save admins a little trouble. But again, who would decide which e-mails are to be kept or deleted?
As agencies develop their mobile and BYOD management practices, one recommendation is that they review apps before allowing users to add them to their devices. It would seem that these apps are better left outside the enterprise.
Posted by Greg Crowe on Jan 29, 2013 at 9:39 AM