Not All End-to-end Encryption is Created Equal

You can’t read anything these days that doesn’t refer somehow to COVID-19 and what’s happening with the virus. At the same time, I feel like anything that doesn’t address the virus and its effect on our lives is sort of missing the point, so this is my attempt to straddle the line.

Big shocker for you — lots of people are now working from home. Companies have had to quickly invest in video teleconferencing capability to support their new remote workforce. The immediate solution was to extend the products already in place such as Skype, Slack, and WhatsApp since folks were already familiar with them and they seemed to work fine before.

That lasted for about a week, until Zoom had all of their issues — which made everyone take a step back and wonder if the systems they were using were actually appropriate for the new virtual world we all were living in for a while. The message we got from experts was that we needed something that had end-to-end security (E2E). Great! So what the heck is E2E security, how is it defined, and how do I know if it’s right for my company?

Information security experts knew exactly what they were looking for and could ask a few questions of vendors to figure out which had the security they needed. But for those of us that don’t have a cyber or technical background, we were a little lost.

What is End-to-End Security?

I liken the definition of E2E security to reading the labels on food at the supermarket. There is a difference between what is organic vs. homegrown, non-GMO vs local, etc. All of these are on the packages of food we buy and all are supposed to mean something very specific, but there is very little oversight into the practical usage of these terms by food providers, leaving it up to the consumer to really read the labels and determine what is most important to them. Simply buying something off the shelf because the food producer says it’s healthy is not enough.

It’s the same with E2E security. There are many definitions of E2E encryption (Wikipedia version) which can be found from a number of reputable sources. Most of them will allude to a method of communication where only the communicating users can see messages or be included on a call. Some will use other related terms such as at-rest/in-transit, cryptography, safe from hacks and eavesdropping, or third parties. Figuring out what works best for your business can be very complicated, like trying to figure out which granola is healthier: natural or organic.

How Can I Tell If a Platform is Truly Secure?

We have seen a great number of new commercial and government inquiries into Wickr since the world was forced to work from home less than two months ago. They are confused about what they need to protect themselves against breaches like we have seen from other communication platforms. I tell them to focus on the outcome they are looking for rather than the buzzword that the vendor is applying. Typical results of a secure communications platform include:

  • It does not get breached.

Focusing on the results and asking the vendors you are considering how they help achieve those results will help you determine whether a solution is right for your company. Let us know if we can help.

Originally published at on May 7, 2020.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

Secure Ephemeral Communications. Built for the enterprise. End-to-end encrypted messaging. Secure rooms. Peer-to-peer encrypted file sharing. Multi-platform.