Securing Inter-Device Communication in "Work From Home" Era
Facebook will permanently embrace remote work, even after coronavirus lockdowns ease, Mark Zuckerberg told employees, accelerating the tech sector’s geographic diversification away from its home in Silicon Valley.
“We’re going to be the most forward-leaning company on remote work at our scale,” Zuckerberg said in an interview with the Verge. “We need to do this in a way that’s thoughtful and responsible, so we’re going to do this in a measured way. But I think that it’s possible that over the next 5 to 10 years – maybe closer to 10 than 5, but somewhere in that range – I think we could get to about half of the company working remotely permanently.”
Facebook is not alone. Market positions of Public Clouds providers during the coronavirus lockdown only became stronger. Organizations see that remote work can be done with fairly high productivity. There are tons of paid and free tools that help organize and control collaboration - Jira, Slack, and, of course, video conferencing, starting with Zoom.
With a shift towards working remotely, security issues come to the forefront.
On March 31st 2020, The Intercept reported that in its marketing materials, Zoom advertises end-to-end encryption for internet audio and video connections, giving an impression that no one can intercept web-based sessions. However, says the story, in reality Zoom provides only TLS or transport encryption — the same encryption web servers use to secure HTTPS websites. What this means is that, in theory, Zoom can access unencrypted video and audio from meetings, according to the experts interviewed in the article. The very definition of insider threat.
The next day after the report was published, SpaceX banned Zoom. Within a week they were followed by Google, NASA, governments of Taiwan and Germany, US Senate, Australian Defense force, Pentagon, to name a few.
The insider threat problem becomes especially severe if companies use servers in countries like China, which do not enforce strict data privacy laws and could conceivably demand disclosure of the contents of calls and videos stored in data centers located there.
All of these facts lead to the following conclusions: 1. Clients working with sensitive data will stop using tools that do not offer end-to-end encryption. 2. Previously, organizations working with sensitive data could afford to not use cloud environments and virtual tools. Coronavirus lockdown took this away. The only solution now is adequate data protection.
About us: AltaStata toolkit, which can be implemented in hours in public clouds, enables end-to-end encryption for inter-device communication and removes internal and external threats. Our patented approach combines client side encryption, PKI and cloud data services orchestration. As a result, personal data is always encrypted at rest and on transit with a unique data key per each file or video stream, while data owner is able to share access with humans and programs without degrading cloud performance and scalability.