British tech firm YEO Messaging is stepping up efforts to tackle the widespread use of consumer messaging apps in sensitive areas of the UK public sector, warning that reliance on platforms like WhatsApp and Signal poses major risks to data security, compliance and public trust.
“The idea behind messaging is really creating a situation where you have a secure network that is fully authenticated, and you have a technology that really protects the sender,” YEO’s chief revenue officer (CRO), Christo Conidaris told Think Digital Partners.
The messaging market today is split between corporate collaboration tools such as Slack and Teams, and consumer-focused apps like WhatsApp and Signal. The problem with that, said Conidaris, is that consumer-grade products have increasingly “crept into the business world and the public sector,” blurring the lines between personal and professional use.
“This creates serious issues around cyber resilience,” he said. “If you think of all these cyberattacks, the reality is that in some cases they’re happening over email and messaging. Social engineering thrives on these consumer platforms.”
Another concern is data sovereignty – the principle that sensitive data should remain under the control of the organisation or government responsible for it.
“With consumer apps, all that data is not stored in the corporate environment. It’s stored in the consumer cloud,” said Conidaris. “In the UK public sector, the question of where that data is controlled – whether it’s inside the United Kingdom or not – is a very, very important concept.”
Secure by Design
To address these risks, YEO – which stands for Your Eyes Only – has developed what it calls its Open Business platform, comprising a server side, which can be installed on a customer’s own infrastructure, and an application side, which is used by vetted end-users.
“Everybody who joins the network has to be invited and vetted,” said Conidaris. “That makes it a secure network, preventing phishing attacks and intrusions from outsiders.”
If you liked this content…
Cybersecurity in the UK Defence sector
Protecting critical networks: Supply chain security in the utilities sector
Think Digital Identity and Cybersecurity for Government: Key Takeaways
The US’ latest cyber alert is a wake-up call for the UK
Could AI deliver on the broken promise of “many eyes” in cybersecurity?
The platform also offers governance features designed to meet regulatory obligations. “Every single process of the network is audited within the server,” he said. “For compliance reasons, administrators can search particular messages if needed – for example in the case of prosecution or a Freedom of Information request.”
Other features include:
- Continuous facial recognition: Messages are locked to an individual’s face, ensuring only the intended recipient can view them.
- Burn-after-read controls: Messages automatically erase after a set time, from one second to one hour.
- Geo-fencing: Messages can only be read within specific locations.
- Hold-and-release file sharing: PDFs can be viewed but only saved with the sender’s permission.
“You can’t forward a message, copy a message or take a screenshot,” added Conidaris. “It’s really a secure platform.”
Adoption across UK public sector
The company says demand is growing rapidly across public sector organisations. In June it announced a deal to supply the UK military, and sees further applications across police, local authorities and blue-light services.
“In the military, it’s about replacing consumer apps like WhatsApp with something under full control of the organisation,” said Conidaris. “Policing is another area – there have been well-publicised cases of officers misusing WhatsApp. Our technology ensures only vetted police personnel are inside the network, protecting operational and strategic information.”
Local authorities are also emerging as a key growth area, particularly in social work and fostering. “There are constant communications between social workers and foster parents around managing vulnerable children,” he said. “That’s another example of where a secure network is absolutely required.”
Ambulance services and housing associations have also shown interest, particularly where sensitive case information is shared in real time.
Said Conidaris: “Our focus now is on regulated environments, on organisations that care about privacy, and on those where the risk of data leakage is simply too high.”
