Pros and cons of using end-to-end encryption
Today communication security is number one priority not only for corporations, but also for people who use instant messengers on a daily basis. It is not a secret that nobody wants private to become public. However, if your messages are transmitted from one device to another, there is always a chance that they will be intercepted on their way. In recent years, many communication services have moved to centralized cloud-based applications, as a result increasing their scalability. Therefore, more and more users as well as corporations got accustomed to sending private and sensitive information through instant messenger applications.
Nowadays main cloud based instant messenger applications are controlled by a few companies. This, as a result, gave a lot of industrial and government spying opportunities, which led to the increase in privacy concerns from businesses and ordinary users. So, what did instant messengers service providers do to mitigate this? They implemented data privacy in their instant messengers by using end-to-end encryption.
End-to-end encryption is the first step to securing communication through instant messenger channels. Messages and files get encrypted before they leave the device and aren't decrypted until their reach their destination. Hackers can't access data on the cloud server because they don't have keys to decrypt the data. However, there are still chances for an untrustworthy service provider to gain full access to the information on the server or an attacker to break the security as the metadata is still open for spying and collecting.
Today end-to-end encryption has become standard for instant messenger providers. In this blog post we will describe its advantages and drawbacks.
End-to-end encryption pros
While having end-to-end encryption enabled for your information exchange, you can rest assured that your personal privacy prevails, and your private and company data is protected from third parties. E2EE requires high cost and resources from attackers since the data is not encrypted on a server and thus attackers should perform time and cost consuming device-level hacks.
With help of E2EE key system messages are protected from being opened by unauthorized devices. Malicious attackers just do not have needed keys to decipher data even if it has been intercepted or accessed.
End-to-end encryption cons
Though everything sounds good, there are still drawbacks of the E2EE:
- Message metadata cannot be hidden
- It does not guarantee data protection once the message has reached the recipient's device
- This type of encryption can be banned by governments and law enforcements
E2EE in Virola corporate messenger
Various self-hosted corporate messengers offer E2EE for their messages. However, if you host everything on your own server and are confident in the security measures taken, your self-hosted server even without end-to-end encryption is a more secure solution compared to a cloud corporate messenger with end-to-end encryption enabled.
We plan to add end-to-end encryption for Virola as an additional feature as many users find this additional protection measure vital for their communication needs.
However, with end-to-end encryption enabled some enterprise features like issues tracking or viewing conversation history, if a new chat member joins, will not work.
Corporate data safety
To keep your corporate data safe, you can use a self-hosted collaboration tool like Virola and store all data on your server. In this case you will have control over all information exchanged in your company. The only third-party services used by Virola are Google Firebase and Apple APNs services which send push notifications to mobile devices about new calls and messages. However, if push notifications are disabled on your server, you will be 100% independent from third-party services.
While using Virola corporate messenger, you will take advantage of different user roles and permissions, which can help you create the right working environment for your team:
- Admin role has full access to all functionality and gives an ability to create, edit and remove users, set permissions, etc.
- Moderator role allows managing specific conversation groups, add or remove users from them
- User role with full access to all features without admin privileges
- User role with limitations on creating group and / or private chat rooms
Though implementing strong security measures seems a challenging task, this is not something you should neglect. By hosting corporate chat messenger on your own server, you will first of all take responsibility for data security and will rely only on yourself rather than third party clouds.