No Jitter is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

What’s AWS Conveying With Its Acquisition of Wickr?

AWS_AdobeStock_270049168_62821.jpeg

Someone typing on a laptop with a security icon
Image: Song_about_summer - stock.adobe.com
Last week, AWS announced the acquisition of encrypted messaging provider Wickr in a company post by CISO Stephen Schmidt. Wickr provides collaborative communication services, such as messaging, content sharing, and video and voice communications, but it’s primarily known for its privacy features.
 
Encrypted communications and collaboration seem like a savvy acquisition in 2021, as the technology will help AWS expand its enterprise and federal offerings.
 
Enterprise Encrypted Communications
Encryption and privacy are topics that are getting a lot of recent attention. “Privacy is a basic human right” is the new mantra from tech CEOs. I’ve heard it, or variations of it, from Satya Nadella at Microsoft, Chuck Robbins at Cisco, Tim Cook at Apple, and others. While the statement seems irrefutable, the interpretation and implications vary widely.
 
It is easy to understand privacy in a personal sense. We all have information that we prefer not to share. It might be age, weight, medications, income, or any number of other concerns. It’s a basic concept that, as individuals, we control our information. Even if we share private information with a doctor or attorney, we have the expectation that they will also keep it private.
 
But things get more complicated at work. If an employee arrives at work late, that’s relevant information to a manager. Is it any different if a remote employee checks email late? To whom does “privacy is a right” apply to when the employee is accessing company data or company systems using company software or services? Employees should assume that corporate communications are subject to monitoring, including highly automated technologies that track usage, sentiment, education level, and policy compliance.
 
However, communications surveillance becomes much more difficult when encrypted end-to-end or when they are automatically destroyed. That’s what Wickr offers, and this is a rare feature in enterprise communications. End-to-end encryption (E2EE) is not a crime. If privacy is a basic right, then everyone deserves the right to encrypt their communications, and there is nothing suspicious about restricting who can see or hear private conversations.
 
While most communications services use encryption, they commonly decrypt conversational data to provide advanced services such as search, discovery, and AI-powered services (i.e., transcription). And, if the provider has access, the information can be hacked, modified, analyzed, shared, or subpoenaed.
 
8x8, Cisco, and Zoom offer forms of end-to-end encryption, but they are not frequently used or turned on by default. During the pandemic, organizations turned to new collaboration tools to accommodate work from home. The NSA felt it necessary to provide guidance to federal agencies and examined 17 different collaboration and conferencing applications from a security perspective in this report.
 
Only Cisco Webex, Wickr, and Wire offered E2EE on all five modalities. Among the 17 solutions is Amazon’s own Chime service, and that possibly highlighted an opportunity within the company. Microsoft, Google, Apple, Workplace from Facebook, and Zoom are among the too many to list of providers that offer enterprise voice, messaging, and meetings. If Amazon wants to differentiate its offer, encryption and privacy represent a decent way to do so.
 
Federal, Government Encrypted Communications
In addition to a general increase in security concerns, the timing is good for federal business. The SolarWinds hack in late 2020 was an eye-opener. The supply-side breach gave suspected nation-state hackers access to 30,000 public and private organizations — including local, state, and federal agencies. The full extent of the damage is still unknown, but we know that email messages were compromised at several federal agencies, including Homeland Security, State, and Commerce and Treasury.
 
Amazon AWS remains locked in a legal battle over a $10 billion U.S. Department of Defense contract (known as JEDI). The acquisition of Wickr brings advanced expertise in cryptography to AWS. It was just last March when a Microsoft Exchange hack compromised nine government agencies and over 60,000 private companies.
 
Wickr also brings to AWS several federal agencies, military sites, and as mentioned above, an NSA endorsement. Although the acquisition price was not disclosed, it might be a relatively inexpensive way to increase AWS’s credibility in (government) security.
 
In addition to E2EE, Wickr also offers a zero-trust architecture, which means it doesn’t collect user information associated with the service it delivers. For example, Wickr does not require the user to provide a phone number, email, or other personal information. It does not upload the user’s address book, and there is no logging of timestamps and IP addresses. WhatsApp is also known for E2EE, but it collects device ID data, approximate location or payment information, metadata about the conversation, and requires users to provide their cell number and to share their address book. Also, WhatsApp does not encrypt attachments.
 
Wickr has encryption on by default and offers a wide range of options for deleting messages. Users can send text messages, pictures, videos, audio files, and documents that last for as little as one second to six days after it has been read. All messages are secured with military-grade encryption, and the app has gained traction with a wide range of users, including governments, militaries, politicians, and criminals.
 
Earlier this year, Wickr announced the general availability of its Global Federation service, which extends E2EE to all Wickr users, even those outside their network. It offers a wide range of use cases for both enterprise and federal users. For example, employees or soldiers in the field communicating with family members back home, partners/suppliers that communicate with the military (supply chain correspondence), and different agencies, even nationalities, that communicate with each other.
 
Amazon’s move to acquire Wickr may seem surprising, but the real surprise is how few enterprise communications and collaboration solutions offer E2EE and zero-trust services. AWS also does not intend to disrupt Wickr’s current business, which includes channels and partners.
 
Dave Michels is a contributing editor and analyst at TalkingPointz.

Enterprise Connect 2021 logo
Discover all of the latest technology trends and topics in enterprise communications and collaboration at Enterprise Connect this Sept. 27-29 in Orlando, Fla. Use the promo code NJAL200 to receive a $200 discount. Register now!