End-to-end encryption (E2EE) has for years been an integral part of consumer messaging applications such as WhatsApp, Viber and Skype. In the last six months, Zoom has added security to its video conferencing platform and Microsoft added it to Teams shortly after, highlighting the growing popularity of E2EE as a solid security option for companies that have adopted the cloud computing as a standard business model.
However, E2EE has its detractors. Designed to ensure that messages are kept private among correspondents, E2EE has been a thorny issue between law enforcement and intelligence agencies that want to access users’ encrypted messages and technology companies that want to keep their messages confidential. communications from its customers.
What is E2EE?
End-to-end encryption is an encryption technique that uses cryptographic keys to shuffle messages between a sender and a recipient. A program on the sender’s device generates two keys (one public and one private) that encrypt the message which is then used to decrypt it for the recipient. This process ensures that no one, including the communications provider, can read or access the message while in transit, as it seems an unintelligible joke to prying eyes or malicious actors.
As the pandemic continues to reshape workforce models and the push toward digital transformation accelerates, the benefits of the E2EE company appear.
Advantages of Enterprise E2EE
Although E2EE has been around for years in consumer devices, the leap to business use is a recent development. As the COVID-19 pandemic consolidated, forcing large and small organizations to accelerate digital transformation initiatives, E2EE became an attractive consideration for companies concerned about data security in both the cloud and to local network environments.
Companies that have their cloud computing environments installed often rely on the security measures offered by their cloud providers. While this security provides data encryption at rest, data becomes vulnerable if hackers access the vendor servers where encryption keys are stored. Because E2EE stores encryption keys on user devices and not servers, access to encrypted data during this breach would not be possible.
“End-to-end encryption (E2EE) ensures that data is protected, no matter where it is stored,” says Istan Lam, CEO of Treasure, a Swiss-based E2EE solution provider. “In addition to providing the highest level of security, E2EE combines the convenience of cloud-based services with data security and control of on-premises solutions for businesses: it enables easy deployment, flexibility, accessibility and scalability, along with highest level of data security, integrity and confidentiality.
“End-to-end encryption ensures that control over encryption keys and the data itself remains in the hands of the owner, giving companies ultimate control over their data. No third party can access cutting-edge encrypted data At the same time, E2EE helps companies meet the strict requirements of data protection compliance and mitigate the risks of data breach and leakage. ”
As staff diversification continues, allowing remote workers access to files in the name of collaboration and efficiency has raised concerns about credential fishing scams and possible malware threats. These potential breaches also exist within organizations ’IT teams, where inexperience and the rush to build digitally driven processes can lead to configuration issues that open windows and threatening surfaces.
“IT companies are no longer usually a‘ known entity ’in which all parties are in a managed and fully controlled infrastructure,” says Mathias Ortmann, CTO / CSA of New Zealand Mega Limited, an E2EE solution provider. “Instead, there are mobile users, remote workers, and independent third parties that could make business networks porous. E2EE can add an important layer of protection in this scenario. E2EE also allows companies and other large organizations to outsource services. storage and communication without compromising security or having to build expensive and probably inferior systems from scratch. “
Challenges of using business E2EE
When properly implemented, E2EE providers cannot decrypt user data or communications that reside or move through their infrastructure, Ortmann notes. However, if you lose your encryption credentials, you also lose access to your data.
“Simply put, with proper E2EE, there is no password reset,” Ortmann explains. “Loss of password is the biggest E2EE risk an organization faces. MEGA recognizes this and frequently reminds its users of the importance of protecting their recovery keys, which allow them to set a new password. Maintaining access to your data Robust and secure key management is an essential component of using E2EE at the enterprise level. ”
Lam also acknowledges that there are some gaps in the set of features offered by EE2E providers that cloud service providers offer, such as file and content searches, a bug in EE2E technology itself.
“Because end-to-end encryption ensures that data never reaches service servers in a readable format, processing user data for functions such as searching the contents of the file presents complex problems for developers to solve.” , points out Lam. “However, there is promising scientific research (for example, in the field of homomorphic encryption) that should help vendors overcome these technological challenges in the future.”
The use of the E2EE company is increasing
As global companies like Zoom and Microsoft implement E2EE on their platforms and products, solid security measure is on its way to becoming an industry standard. This growing recognition of the benefits of E2EE parallels the efforts of law enforcement agencies to establish regulations to require E2EE providers to create forms, such as master keys, that allow them to access customer data, a direct violation of the purpose created by E2EE, which is to provide users with complete control over how their data is accessed and shared. .
“MEGA sees E2EE as the norm for corporate audio and video calling and conferencing,” predicts Ortmann. “E2EE will also help protect sectors that simply cannot afford to expose their data to any unauthorized person, due to confidentiality and regulatory requirements, not to mention reputational risks. They could be law firms, healthcare providers, insurers and financial sector companies. “
Lam, like Ortmann, Lam sees E2EE as a security tool for the industry, with emerging use cases in consumer and business data protection.
“As the demand for data security grows with digital acceleration, I expect even more enterprise IT vendors to integrate end-to-end encryption into their products and adoption in the business sector will increase.”