Out-of-Band Communications vs. Secure Out of Band Collaboration and Understanding Secure Out-of-Band Collaboration in Incident Response highlight the evolving threat landscape and underscore the inability of traditional and general-purpose secure communications solutions to meet the specific needs of incident response and similarly sensitive use cases. ArmorText specifically designed Secure Out of Band Collaboration™ as a superior alternative for such situations. This solution not only ensures the continuity of communications when primary channels are compromised but also addresses critical security, transparency, and independence requirements.
Through user+device / scope-of-review specific end-to-end encryption (E2EE), ArmorText’s approach offers unique benefits that address the inherent challenges in securing incident response communications:
- Maintains E2EE: Other solutions may compromise on encryption at some point, but ArmorText ensures communications and audit trails remain encrypted end-to-end, safeguarding against unauthorized access and eavesdropping. These optionally retained archives enable organizations to meet regulatory, statutory, and legal requirements, avoiding common pitfalls that could lead to non-compliance.
- Mitigates account compromise risks: Exposed credentials do not result in exposed data, so the architecture significantly reduces anxiety over the impact of account compromises.
- Alleviates supply chain and third- and fourth-party risks: Keys necessary for decryption are client controlled and never stored or transmitted through ArmorText’s systems, meaning neither we nor our partners, suppliers, or providers can access your communications. This approach effectively shields sensitive communications from data leaks, even in the event of supply chain attacks, ensuring that your critical information remains secure.
- Cuts costs with the cloud: Being 100% cloud-based, ArmorText eliminates the need for costly infrastructure or personnel with a comprehensive licensing model, offering a cost-effective solution without hidden expenses, ensuring organizations can deploy a secure communication platform without financial strain.
- Provides seamless user experience: ArmorText removes the need for users to have knowledge of keys, certificates, or seeds, thus simplifying operations without compromising security. Because encryption is user+device-specific, when a user’s device is lost or stolen, they can continue to collaborate from their remaining devices while the potentially compromised device has its keys and data wiped remotely.
- Protects against insider threats: The solution’s design enforces a segregation of duties between admins and reviewers, and it secures audit trails against unauthorized access, including the option to require multiple parties to come together before the review of retained archives can occur.
Shortcomings of common alternative approaches
On-premise audit trails
Examples: Wickr, Highside
Solutions that rely on on-premise or self hosting for audit trails, such as Wickr and Highside, reintroduce significant insider and third-party risks.
Issues:
- The continuous export of audit trails in plain text creates a vulnerability during network compromises or outages. Will the infrastructure necessary to host retained archives be available during a network outage? Can you trust the retained archives will be secure during an attack?
- On-premise or self-hosted infrastructure significantly increases the total cost of ownership, including ongoing admin, technical, and support personnel expenses. It also places the onus of providing a place and protection for these plaintext exports on the organization, which is a significant challenge during network outages or compromises.
- It lacks E2EE audit trails, leaving sensitive communications exposed.
- The absence of enforced segregation of duties between admins and reviewers or a multi-party workflow for reviewing retained archives elevates insider risk, potentially allowing a single rogue admin to pull an Edward Snowden.
Enterprise Key Management
Examples: Premium offerings from Slack, Microsoft Teams
Enterprise Key Management is not E2EE and does not fully shield communications from providers and their integrated solutions, suppliers, partners, or supply chain in the way client controlled end-to-end encryption does.
Enterprise Key Management solutions, seen in premium offerings from Slack and Microsoft Teams, process messages in plain text until a signing key is revoked, akin to shutting the barn door after the horse has run out. The reliance on a centralized key management system fails to offer the robust security promised by true end-to-end encryption, as it doesn’t protect audit trails or prevent unauthorized access by insiders or compromised third-party actors.
Drawbacks:
- Lack of E2EE, which leaves all communications vulnerable to insider threats and third-party breaches until a signing key is revoked.
- Centralized key management that lacks E2EE does not secure audit trails or prevent unauthorized insider access, leaving organizations exposed to risks even after an incident is contained.
- High total cost of ownership stems from a higher per user license cost and higher minimum purchase sizes / license counts, and the need for managing additional security infrastructure.
- Lacks enforced admin-reviewer segregation of duties and multi-party-required review safeguards, risking a single rogue admin ‘Snowden scenario’.
Shared keys/seeds
Examples: Highside, ShadowHQ
The use of shared seeds, keys, or recovery codes for data portability introduces significant security risks.
Challenges:
- This model effectively reduces end-to-end encryption to a mere second passcode. If lost, the entire access control must be reset, disrupting continuity.
- The requirement for users to manually manage these keys or seeds complicates the user experience and is error prone. It also increases the administrative cost and burden, particularly for less tech-savvy users who may require extensive support and administrative burden
- Reliance on such a system also means that if a device is lost or stolen, the continuity of conversation is broken, requiring a complete account or key reset.
- Once again, we encounter the ‘Snowden Scenario’ risk posed by absence of enforced segregation of duties and a lack of multi-party-required review safeguards.
Key escrow
Example: Symphony
Key escrow systems present a centralized single point of failure. If the escrow service is down, access to encrypted messages is impossible. Moreover, this model implies that administrators involved in key management can become targets for attackers, compromising the security of all keys.
Risks:
- The reliance on VPNs for accessing the valuable key escrow exposes organizations to additional security risks, making it a less desirable solution for secure communications.
- This centralized system also escalates the total cost of ownership, necessitating significant investment in self-hosting infrastructure along with admin, tech, and support personnel costs.
- Requires a full account or key reset whenever a device with a currently ‘checked-out’ key is lost or stolen.
- Self-hosted retained records could be inaccessible or unable to be stored during outages, or could be surveilled during compromises.
- Repeats a common vulnerability: lacking enforced segregation and multi-party review, it elevates insider access risks—a recurring ‘Snowden scenario’ concern.
Encryption-in-transit and at-rest
Examples: Slack, Microsoft Teams, Mattermost
Encryption-in-transit and encryption-at-rest tools can create a false sense of security by leading users to believe their data is fully protected against all threats. In reality, these measures safeguard data only during transfer and when it’s stored. This overlooks key vulnerabilities, including:
- Internal threats: These encryption methods do not protect against insiders who misuse their legitimate access to the data.
- External threats: This same legitimate access to data can be used by threat actors who obtain administrative credentials, or after provisioning their own access once in control of identity systems.
- Advanced persistent threats: Sophisticated attackers can intercept communications when they are decrypted as TLS (encryption-in-transit) terminates at the network edge.
Despite being foundational to the security of cloud-based collaboration platforms, encryption-in-transit and at-rest fail to address many insider and third-party risks. This leaves a wide gap in protection for sensitive communications, especially when service providers or insiders with elevated privileges could access the unencrypted data. Tools limited to this approach can give attackers a front-row seat to an organization’s communications, allowing them to leverage insights into incident response strategies for unparalleled advantage.
These solutions also increase total cost of ownership due to the need for additional security and monitoring software to attempt to cover inherent vulnerabilities.
Why settle for less when you can have the best?
Communication security flaws can have catastrophic consequences. ArmorText’s Secure Out of Band Collaboration™ stands out as a superior alternative for addressing threats, such as those highlighted in Out-of-Band Communications vs. Secure Out of Band Collaboration and Understanding Secure Out-of-Band Collaboration in Incident Response.
Don’t wait for a security breach to expose the limitations of your current communication platforms. Contact us to learn more about how ArmorText maintains user+device- and scope of review-specific E2EE to close gaps left by traditional solutions.