Securing Corporate Conversational Apps: How OneLogin Approaches Encryption


According to data compiled by BI Intelligence, the research division of from Business Insider, the number of active monthly users on conversational apps has now surpassed the number of active monthly users for the top four social networks. Furthermore, it appears this trend, that fundamentally changes the way we do business, will continue with no end in sight.

WhatsApp, owned by Facebook, is used by more than 900 million users. People get Uber rides using Messenger. Customers connect with businesses through Siri or Amazon Alexa. Suddenly, “conversational commerce” and “conversational business” is the new way of the world! This makes sense too because natural language interfaces are more intuitive for users so it makes learning how to use a new business tool a snap for the end user.

Regardless of whether or not a business wants to use conversational apps, the shift to this type of interfacing is being driven by customers and clients who expect it, even demand it, of the businesses they interact with and buy products and services with. It’s also so rapidly becoming part of the corporate culture that it would not be wise to try to circumvent it.

So what happens if a business has several employees who need access to several conversational apps? How does a business maintain security and protocol, especially in highly regulated business sectors like health services or financial services where security compliance is of upmost importance?

Does every employee have a different password for each app they are expected to use in a company? How do they keep up with them all? What happens when a new employee comes on board and needs access to all these different apps? Does HR have to take a half day to set them up? What happens when an employees leaves a company for whatever reason? How does the company disallow their access across all the different apps the ex-employee had access to? How is security maintained through this turnover?

These are some of the important issues that OneLogin has been working on making seamless and easy, especially given the rapid expansion of conversational apps. Customers will never trust a business that compromises their security and privacy, especially when it comes to their finances or their health, or perhaps the same for their children or spouse.

When dealing with the new security challenges of conversational apps, it’s a shift from a Graphic User Interface (GUI) to a Conversational User Interface (CUI). In a traditional GUI, users might be asked to provide a user name and password. In more sophisticated GUIs, they may be asked for biometrical proof of who they are such as their iris pattern, fingerprint, or their face. However, the natural fit for a CUI would be asking the customer or employee to answer a natural question or say a particular phrase for voice recognition. What’s important is that security challenges not break the natural flow of the conversational app.

So, for example, if a person asks Alexa to check on their bank account balance at a particular bank, the security challenge may be to ask them for certain information in a conversation tone, “Can you please state your pin number to gain access?” whereas in an old GUI, the phrase “Pin Code” may have appeared on the screen and the user would have had to type in their pin code to access their bank account information.


Of course OneLogin understands that the classic “backend” security is still of upmost importance when securing conversational apps. You still have to make sure that you use a firewall, a web application firewall (WAF), and the highest class encryption (SSL) on all your communications. OneLogin has even added multifactor authentication to their service for when employees are out of the office or traveling and they need to login to use the various apps.

Unauthorized access to a host of conversational apps on an unattended device can be be prevented by adding another layer of authentication. So, for example, you can ask a conversational question to ask for the identity of the person who is accessing the device after a certain amount of time has passed with no interaction. This can prevent access to private data that should only be seen by one particular person.

You must also make sure to structure your security so as to make compliance for your industry, such as HIPAA rules, automatically adhered to without an employee inadvertently revealing something she should not. With OneLogin, this is done automatically because every app and every device will already be set up to ensure compliance even if it is a new employee who doesn’t quite know all the rules yet. In other words, the HR person does not have to get the Tech Department to go through everything again with a new person.  Learn more about OneLogin, and internet security on Twitter, as well as their corporate YouTube.


Please enter your comment!
Please enter your name here