As the world moves toward end-to-end encryption for personal messaging platforms, businesses are challenged to integrate the same level of security in corporate messaging apps.
Even encryption protocols for person-to-person messaging are still undergoing development. Services want to reduce the amount of sensitive data they store; however, only a few encryption protocols – Signal, for one – have been scrutinized for security.
"In the consumer space there are a few services with end-to-end encryption but in the business space it's very rare," says Raphael Robert, head of security at Wire, which launched in 2014 as a secure messenger primarily built for consumers. Since then, it has repositioned itself to build a secure business collaboration system. Wire is currently in the midst of working to develop Messaging Layer Security (MLS), a new protocol designed to facilitate more secure enterprise messaging platforms.
End-to-end encryption is supposed to exclude any man-in-the-middle attacks or interception at the servers (if implemented properly) but has only been implemented within the walled gardens of individual services, and sometimes not very well when it comes to groups of users. Between different services the encryption cannot work if both/all the services don't support it fully. This is why up to today e-mails are in open text when traversing between services. If a Whatsapp user wants to securely message two other users each on say Signal and Telegram, then all three services must support that same protocol. Many service providers will want to retain full control over their own walled garden and may resist efforts to allow us to exchange messages between services (that would mean too that you could migrate to a different service provider with client software that is more appealing to you). For those who do not want to put their users first, we as consumers should not be supporting.
Right now I can be on email system A and send a message to someone on email system B. I should be able to do the same with instant messaging, in a secure manner. MLS is addressing this (including encryption of the metadata) as an open standard that any messaging service can support.
Ahead of his talk at BlackHat 2019, Raphael Robert was interviewed by Dark Reading on the direction of MLS and why it is important to the industry – providing good reading for understanding why MLS is fundamental to the change the corporate work environment is undergoing. Read that interview at https://www.darkreading.com/perimeter/inside-mls-the-new-protocol-for-secure-enterprise-messaging/d/d-id/1335075.
The draft protocol can be found at https://protocol.messaginglayersecurity.rocks/.
#MLS Inside MLS, the New Protocol for Secure Enterprise Messaging
As personal messaging platforms see the rise of end-to-end encryption, businesses struggle to provide strong levels of security.