Confidentiality in messaging platforms
We live in a society where the knowledge and the information flows are essential for the individual and collective relationships.
Every day a huge amount of data is generated and stored in the cloud, arising the need to exploit all the available public information, from a global perspective (Big Data).
Problems related to such platforms are well known nowadays. Their information is not sufficiently protected and every day news of security holes, which complicate the use of these applications appear, in the professional environment.
Many experts warn that none of the chat applications for mass use protects users against potential threats nor respect their privacy. This applications could make available to all persons malicious data, photos, files and contacts the user has shared since you he or she began to user the application.
Most instant messaging applications do not comply with the EFF (Electronic Frontier Foundation) regulations and analysis. This foundation is the nonprofit organization based in San Francisco, USA, with the avowed aim of devoting their efforts to conserve the rights to freedom of expression.
There are several aspects to take into account to evaluate the messaging applications:
- Encryption in transit: Encrypted communication “on the way”. Data and metadata encryption is not mandatory to obtain a “Yes” in this category.
- Encryption in order the provider cannot read: Point to point Full Encryption, private keys generated and stored in user devices without leaving the device.
- Identity Contact verification : There is a method to verify the contact authenticity and the channel integrity, although one of the parties concerned shall be compromised.
- Safe past conversations in case of theft of the keys: Requirement that the keys have an “expiration date” and render them inoperable after that date. The point-to-point encryption is a requirement for this process.
- Opened Code to independent analysis: The existence of enough published code to detect potential problems, security holes, and structural problems.
- Well documented safety design: clear and detailed cryptography used by the application.
- Recent code audits: If an external and independent company has made an analysis of the code in the last 12 months.
As it is demonstrated by the EFF there is long way to go. And every user needs to protect the information considered sensitive, meaning, all the information addressed exclusively to a restricted group, and whose protection depends on the assets safety,otherwise, its value could be undermined or cause any risk to the organization.
In the business environment, information is one of the main organization assets, capable of being protected to preserve its strategic objectives, while ensuring their distribution between authorized, in real time, by using modern technologies users communications available today, ensuring their availability and synchronization across all platforms (PCs, smartphones, tablets, etc.).