The EU Stance On Messaging Apps Matters - But Why?
A few weeks ago, news broke that the EU Commission is prohibiting administration and staffers from using WhatsApp. This is not the first time governments or commercial organisations have stopped the usage of consumer messaging apps such as WhatsApp or others.
Although most of these consumer messaging applications have a significant number of active users, as well as a large number of organisations monitoring and analysing the apps for security vulnerabilities, they do pose a significant risk.
These applications were designed for consumers with an “ease of use” versus a “security-first” philosophy. Fundamentally, the apps do not meet public or private, government or commercial requirements for two essential reasons:
- These applications are designed for the least common denominator security. They have not gone through the comprehensive security threat modelling at every stage of development, and rely on a “patch as you know” security approach.
- The applications are primarily focused on the privacy of consumer consumers and not protecting the users from sophisticated and targeted attacks, in particular, when those are of national security nature.
Today, government and global enterprises need to ensure public and business continuity by providing their users with secure mobile workspaces. These platforms, and their associated apps, not only offer security against today’s threat but should be fundamentally designed with a progressive set of security algorithms and protocols that keep the users secure against the future, post-quantum attacks. This is where consumer messaging apps consistently fail.
They must support auditing and management capabilities unique to organisational needs that include auditing, key management, and membership management to address different levels of access privileges and controls. They need to not only be able to manage and protect the users from outsider attacks but must be designed to be able to audit and prevent malicious intent of compromised users, identify breaches and recover quickly.
At Digital14, we believe to silence cybersecurity threats, global enterprises and governments need platforms architected differently. Key architectural capabilities and features must include:
- Control over data sovereignty. This is essential for securing sensitive data, intellectual property, and personal data.
- Advanced audit and compliance capabilities such as 'two-man' compliance access, preventing unauthorised access to compliance data.
- Defense-grade PKI-based identity, security protocol and authentication support to protect against post-quantum era attacks.
- Flexibility to deploy on-premise or private cloud.
Digital14 wants your organisation, public or private, government or commercial, to have confidence they can freely communicate and share sensitive information without risk. Visit our cyber products page today.