Managed Secure Messaging | Wickr

Unmanaged vs. Managed Secure Messaging

Messaging Platforms: For the purpose of this post, a “message platform” is any distributed system which facilitates asynchronous real-time communication between its users. By “asynchronous,” I mean that when a user goes offline, all of their incoming messages are buffered by the system until they come online again. On the other hand, if both sender and receiver(s) are online at the same time, then the system provides a (near) real-time communication channel. Think: Wickr Messenger, Pro, and Enterprise, etc. Traditionally, we would expect such a platform to provide (at the very least) for text comms. Though more powerful and modern platforms may also enable other methods of communication such as file transfers, voice & video (even conference) calling, and screen sharing.

  • The admin also decides what the permitted minimum and maximum Time-To-Live and Burn-On-Read can be for each user (type).
  • The admin controls the home network’s authentications policy. E.g. the admin may opt to integrate an external single-sign-on system.
  • The admin determines how the subnet’s infrastructure should be deployed. E.g. for ease of use, the infrastructure can be hosted in the Amazon cloud. Alternatively, it can be self-hosted a.k.a. “On Prem,” which affords the admin greater control and (potentially) greater security.

Managed Secure Messaging for Organizations

With these differences in mind, I think it’s safe to say that these fundamental differences between USMs and MSMs will matter to almost any user deciding on how to protect their communication. In a nutshell, this all stems from the fact that these two classes of platform are designed to reflect two quite different kinds of power and control structures in their user base.

  • Controlled Information Flows: Another example of structures arising naturally in most organizations (that should be reflected in the secure messaging platform) are information boundaries. Typically, membership in an organization confers new information access and communication privileges upon the member compared to non-members. For example, employees could be privy to secret business intel which they need to discuss with each other that should not leak to non-employees. An MSM can be a useful tool for reflecting and enforcing such natural boundaries via network segmentation. For example, users that have no legitimate need to communicate with external individuals can simply have that capability removed by the admin. In fact, beyond protecting against adversaries, I think the biggest concrete benefit of network segmentation of comms is the reduction of the risk of unintentional information leakage. For example, with appropriate segmentation in place, there is no more risk of, say, mistakenly CC’ing outside parties on sensitive comms or sending messages to the wrong “Mike”. More generally, having a trained admin set security policy rather than leaving such choices up to each user helps avoid unintentional security lapses due to poor configuration by untrained users. It is as unreasonable to expect every last member of your organization to have sufficient security knowledge to make policy decisions correctly as it is to hope that a one-size-fits-all security policy decided upon by a global service provider of a USM will be the right choice for your particular organization.
  • Private Infrastructure: Finally, for organizations with extremely sensitive comms, it can be worthwhile to invest in a communication system which allows explicitly routing all internal comms exclusively via an organization-owned and controlled infrastructure. For example, this can be particularly useful in defending against government surveillance and traffic analysis, as well as to limit exposure to upstream ISPs and the SM platform’s service provider. Here too, MSMs (at least those with On Prem. capabilities) will be of particular interest to achieve these security goals.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store