Voice-controlled technology brings security challenges, opportunities to enterprises
Though consumers remain divided on whether voice-controlled personal assistants and apps are novelties or functional tools, enterprise organizations appear to have made up their minds. By 2021, the enterprise virtual digital assistant market is projected to come close to $15.8 billion in revenue, with unique enterprise voice digital assistant users increasing to nearly 850 million, according to a study from Tractica.
The potential uses of voice-controlled technology span several aspects of enterprise operations. Individual workers could use voice-controlled digital assistants to conduct hands-free searches, set timers, recall key information, dictate notes and perform other tasks in support of their productivity.
Meanwhile, voice and speech recognition — as well as natural language voice assistants powered by chatbot technology — could replace human-to-human interactions that otherwise might have taken place over the phone with customer service representatives. Though the makers of voice-controlled assistants are heavily marketing their solutions to consumers, efforts are also underway to make voice-controlled devices and software integral parts of enterprise networks.
Despite the opportunities, experts caution that there are several security challenges to consider before implementing such technologies. In many cases, it’s possible to implement voice technologies with minimal risk, so long as you take steps to protect your company’s mobile network.
Using voice for user authentication
The availability of voice-controlled technology naturally lends itself to the notion that voice could be used to increase security. Just like fingerprints and eye scans, your voice could be an individual signature that authenticates identities with an extremely slim margin of error.
That’s the theory, at least. However, in practice, voice recognition technologies are too nascent to rely on this security to protect organizations from external threats. As Information Age points out, voice technology and voice-enabled authentication will continue to improve over the years. In its current state, it isn’t effective as a standalone layer of security. Even the best recognition technologies aren’t 100 percent, and it’s possible for software programs to stick together sound bytes of your voice to create an audio clip that is comparable enough to pass an authentication test.
With that said, voice recognition can be very effective when used in two-factor authentication. Combining a password or other identifier with a voice sample creates a distinct layer of authentication that’s easy to execute and hard for cybercriminals to solve. In addition, voice offers one distinct advantage over passwords where IT is concerned: Unlike your password, you’ll never lose your voice, which means the inclusion of voice authentication won’t create a new pile of help tickets for IT to wrangle.
Managing app access and device management
An ongoing challenge of voice-controlled devices is how to use them while managing privacy and security within an organization. A Forcepoint report outlines the crux of this paradox: The effectiveness of voice-controlled technology often depends on listening to users even when they aren’t providing explicit voice commands.
In some cases, voice technologies relay voice commands back to the AI housed in a command center, and it’s the AI that actually hears your request, understands it, contextualizes it and generates a response. Enterprise leaders will notice one big problem with this: In order to effectively use voice assistants, they have to send their internal conversations, queries and voice data to an outside source, where they have little to no control over what happens to it, including where the data is stored and how it’s analyzed.
Many voice-controlled devices are always listening, whether you’re speaking to them or not. Enterprise organizations will have to figure out how they want to govern the use of these technologies during business hours. Your available options will depend on the voice-controlled technologies you’re using, including whether your organization built its own solution on top of a self-service platform. You might be able to disable voice functionality in certain situations or develop a protocol for allowing voice permissions on certain devices. This voice management will need to be outlined before the technologies are deployed company-wide, providing everyone with a clear protocol on how to use voice-controlled technology and when to make sure these solutions are disabled.
On an app-to-app basis, you should decide whether to grant access to voice functionality to individual apps. Research how your voice data is stored and used, and limit access to apps that have strong cases to benefit your organization. Don’t adopt technology for novelty’s sake: Unless there’s a strong use case to be made, the technology likely isn’t worth any security risks. Forcepoint notes that the app market for voice-controlled assistants is set to explode in 2017 and beyond, so enterprises should be wary of new technologies with poor data governance or unknown reputations.
Voice-activated solutions are inevitable components of the enterprise mobile environment, but because the technology is relatively new and untested, it’s wise to err on the safe side and adopt these technologies slowly after carefully researching how each solution protects or compromises your data.