While generative AI advancements seem to dominate headlines in enterprise communications (EC) these days, security has also been receiving some welcome attention. Security is not the most glamorous topic in EC, but it’s critically important to stay at least one click ahead of the bad guys. Here are some recent announcements suggesting a more secure future for enterprise comms.
End-to-End Encryption: The Good, the Bad, and the Nonexistent
Once again, WhatsApp is ahead when it comes to enterprise solutions. They have had end-to-end encryption (E2EE) for a long time, but they are going further now with private messages. Have you ever shared your phone’s screen with a spouse or friend when a confidential message arrives?
“Honey, what’s this mean?” Oops. Smartphones are reasonably secure but can share too much at the wrong times. WhatsApp now protects chats that require extra protection with a new Chat Lock feature that hides certain, confidential chats with a separate password for access. It’s an interesting new feature and fuels the jabs between Zuck and Musk as they now compete in direct messaging. It’s a logical feature for enterprise messaging apps, too, possibly after they get around to E2EE.
Twitter made its foray into E2EE, but not well. The social media platform is striving to be “the most trusted platform on the Internet” with the help of the recently launched E2EE capability. But they botched it. Badly. We are increasingly seeing Twitter under Musk as either a tragedy or comedy of errors. Musk himself provided a warning label with the new capability: “Try it, but don’t trust it.” There are all kinds of caveats regarding what Twitter is actually encrypting and how, and its design is vulnerable to man-in-the-middle attacks.
Many enterprise apps have weak security and it hasn’t really hurt them, but that is starting to change. Consider Slack: Ninety passionate organizations, including Mozilla, recently sent an open letter urging the platform to support better encryption. Whether they’ll comply or not is yet to be known. But given that nearly half of Fortune 100 companies use the platform, you’d think that upping the security ante would be top priority.
Government-grade Security – FedRAMP and Beyond
For government or highly regulated industries needing more than just E2EE, Pexip and Webex are delivering new options. Pexip announced that its Government Cloud (PGC) platform has achieved FedRAMP moderate designation (in process), making it the first Microsoft Teams Cloud Video Interop (CVI) provider to do so.
This means that federal employees can now securely join Microsoft Teams calls using CVI from standards-based video conferencing systems. This is typically used with older meeting rooms, but also works with newer and personal systems. Agencies can also use Pexip to manage existing video infrastructure investments and host mission-critical meetings.
FedRAMP is great for private cloud solutions, but what about public SaaS? How do you benefit from a cloud-delivered service without the dangerous Internet? The feds came up with “air-gapped” implementations. In the data center days, the idea was to build a fortress. Real walls, alarms, moats, etc.
With cloud-delivered systems, air becomes the defensive weapon. Hackers can’t get past air. So, air-gapped clouds are difficult to penetrate. It’s the new FedRAMP, and Cisco built an air-gapped version of Webex for National Security and Defense. The air-gap rules were built for public cloud providers — a FedRAMP of their own. I expect air-gapping is about to get popular.
Cisco also announced that Webex is the first collaboration and conferencing solution to achieve Level 3 adherence with the EC Cloud Code of Conduct (EU Cloud CoC). It signals Webex compliance with EU General Data Protection Regulation (GDPR).
Less Painful Password Solutions?
I hope we are at the peak of password management complexity. Personally, I like yellow sticky notes, but passwords have become too complex to actually write or type any more. Luckily, there’s been some recent improvements.
Google added a new password management feature to Chrome that could eliminate the need for separate password managers. They are also testing passkeys on Google Workspace accounts, hoping to put an end to the risk and ruckus involved with passwords. The feature uses facial recognition or fingerprint identification before Chrome auto-fills your passwords, an especially handy feature if you’re sharing your computer but don’t want to share access to your Gmail account.
Other password announcements include the ability to save notes about account credentials, the ability to import passwords from old password managers into Chrome, and a password checkup capability on iOS that will prevent you from using weak passwords, compromised passwords or previously used passwords.
Privacy Announcements from Apple
At their Worldwide Developer Conference, Apple announced a bunch of features due out this fall. They’re making search more private with an improved browsing mode that locks open tabs when a user steps away from their device, adding measures to protect against websites that identify and track users, and protecting users from spyware.
Apple is also offering developers new tools that evaluate data practices of third-party SDKs. Additionally, they’re helping keep kids safe from sending and receiving sensitive data in messaging, AirDrops, FaceTime videos and more, and providing sensitive content warnings for adults. Developers get APIs so they can integrate this tech into their own apps.
Staying Safe is a Platform Play
As cloud services mature, the differences between enterprise communications providers are less about features and speeds, and more about the robustness infrastructure. And that’s where security comes in. Platforms with the ability to quickly build user-friendly security features will always have the upper hand and should be considered top contenders in the never-ending race to protect IP and other critical communications.
Dave Michels is a contributing editor and analyst at TalkingPointz.
