End-to-end messaging encryption gives customers key controls

As enterprises adopt team chat applications, IT leaders should examine security tools. End-to-end encryption, for example, can provide key access to messaging servers.

More companies are now using team chat applications, such as Atlassian HipChat, Cisco Spark, Microsoft Teams, RingCentral Glip and Slack. As a result, IT leaders are moving from debating the merits of adopting such applications to practical concerns around security and information protection of corporate data stored within the apps.

Vendors in the team messaging space are increasingly differentiating themselves on the basis of security. For example, Cisco, ClearChat and Symphony tout their end-to-end messaging encryption models as superior to other vendors that only provide messaging encryption at rest or in motion.

The issue of messaging encryption has also spilled into the consumer world, with the European Union recently issuing draft legislation mandating end-to-end encryption for all messaging services.

As team chat applications gain traction in the enterprise, IT leaders should familiarize themselves with the various flavors of messaging encryption:

  • Encryption at rest refers to encrypting data stored in end-user devices and in the messaging provider's servers. Data encrypted at rest may be unencrypted for use, such as to enable search functions.
  • Encryption in motion refers to encrypting data as it is carried on a data network. Encryption in motion may only occur across public networks, such as the internet, or from client to server or client to client across public and private networks.
  • End-to-end encryption refers to encrypting all data, at all points, between end-user applications. In an end-to-end messaging encryption model, no third party should be able to decrypt messages or access unencrypted data. Many end-to-end encrypted services support customers holding their own keys in a key management server.

For IT leaders evaluating various team messaging applications, let risk be your guide. 

Consumer messaging services, such as Kik, and many popular business-focused apps, such as Slack, do not yet offer end-to-end encryption, meaning messages are only encrypted at rest and in motion. Therefore, messaging providers could be compelled by court order to decrypt and turn over message data. 

In a worst-case scenario, messaging systems could be hacked, resulting in the release of messaging data out into the wild.

Providers offering end-to-end messaging encryption -- with user-held keys -- offer an added layer of security by enabling customers to control access to message stores. With end-to-end encryption, even if a government agency were to show up at the provider's door with a warrant, the provider could only turn over encrypted message data to the agency. The only way of decrypting messages -- short of hacking encryption algorithms -- is by obtaining the keys from the customer of the messaging provider. 

Most organizations can accept the risk of not using end-to-end encryption. But for companies in regulated industries or organizations looking for an extra level of protection, evaluate end-to-end encrypted services with a self-owned key management capability.

Next Steps

Take these steps to secure your messaging applications.

Team chat apps see huge growth and fierce competition.

Are business chat apps becoming the next UC platforms?

Slack has a rocky start with direct messages

Dig Deeper on Collaborative Applications