Goodbye, Skype for Business! Time for Virola. Learn more

Challenges of using end-to-end encryption for business

Illustration of the secure chatting
Share on Facebook icon Share on LinkedIn icon Share on Twitter icon

End-to-end encryption (E2EE) is a secure communication process that encrypts data before transferring it to another endpoint. Data stays encrypted in transit and is decrypted on the recipient's device. Messaging apps as well as other communications services rely on E2EE to protect messages from unauthorized access. However, together with security, E2EE brings certain limitations to business communication. Corporate messengers that support end-to-end encryption have it either disabled by default or limit certain features when it is enabled.

Let's see what kind of challenges businesses face while using end-to-end encryption in messaging apps

  • Compliance & Auditing. Centralized message logging is impossible with E2EE, but many businesses need message logging for legal or regulatory reasons.
  • Employees onboarding. E2EE can complicate onboarding employees since new group chat members cannot access previously shared information or files
  • Enterprise Integrations. Many platforms integrate with third-party tools (e.g., CRM, AI bots) that require access to conversation history
  • Search & Backup Limitations. With E2EE, companies cannot centrally search or backup messages.
  • Incompatibility with Security Solutions. Many cybersecurity tools (e.g., Data Loss Prevention (DLP), threat detection, and content filtering systems) rely on the ability to scan data in transit. E2EE prevents such systems from detecting malware, phishing attempts, or data exfiltration.
  • Insider threats. Malicious employees may misuse E2EE to hide illegal activities.
  • Performance Overhead. Encrypting and decrypting data requires computational power. As a result, this can impact the performance of systems and applications, especially for large-scale enterprises and video conferencing.

Top strategies for creating a safe communication environment

It is a known fact that end-to-end encryption is not the only secure way of communication. Companies can adopt one of the following strategies as an alternative to end-to-end encryption for secure communication and collaboration.

Self-Hosting & On-Premise Solutions

Instead of relying on cloud-based messengers businesses have started using self-hosted solutions like Virola, Rocket.Chat or Mattermost. This way, they control encryption and access policies while keeping data on internal servers.

Pros: Full control over security settings and data, cost-effective in the long run, no dependency on the service provider

Cons: Requires IT management and maintenance

Hardware Security Modules (HSM) & Key Management

Some organizations use Hardware Security Modules (HSMs) or External Key Management (EKM) to store encryption keys outside the messaging platform. For example, Microsoft Purview Customer Key for Teams, Google Workspace External Key Manager.

Pros: Prevents cloud providers from accessing data

Cons: Adds complexity in key management

Transport Layer Security (TLS) Encryption

Encrypts data in transit between client and server but does not protect it once it reaches the destination.

Pros: Ensures secure communication over the internet (e.g., HTTPS, VPNs, email encryption).

Cons: Data can still be accessed at endpoints, making it vulnerable to insider threats or server breaches.

Server-Side Encryption (SSE)

Data is encrypted when stored on a server (cloud or on-premises), with the encryption keys managed by the service provider.

Pros: Simplifies key management, supports compliance, and allows for access controls.

Cons: Trust is placed in the provider to secure keys; data can be decrypted by the provider, which may introduce security risks.

Zero-Trust Security Model

Zero-trust security model requires continuous authentication and least privilege access controls rather than relying solely on encryption.

Pros: Protects against insider threats and unauthorized access.

Cons: Complex implementation; it still requires encryption for data protection.

Looking for a secure business messenger?

Virola corporate messenger was created with security in mind. This is a self-hosted messaging app that allows you to take control over your data and use all communication and collaboration features without limitations. All data is protected during the transit by public-key cryptography and SSL. The security certificate for self-hosted Virola can be defined by a user or generated automatically on a server when it is launched. For voice chats, symmetric-key encryption AES is used. The keys are generated on the server when it is running and are renewed within a specific period. The keys are stored in RAM only while the server is running. With the help of Virola corporate messenger, you can communicate and collaborate in a safe environment without the fear that your corporate information leaks or gets stolen.