Replacing WhatsApp? Advice from NCSC
What exactly should you be looking for?
When considering a secure communications solution for your organisation there are a lot of different options. Not least of these are free-to-use consumer grade apps. Without vigilance these apps can seep into business use without any oversight from the organisation, often because employees use the apps for personal life and they seem like an expedient way to communicate. These apps claim end to end encryption, but do they really meet the needs of an enterprise? And what extra do paid-for Enterprise solutions offer?
As we’ve point out many times before, there is much more to security than just encryption – this is an important point made by the UK National Cyber Security Centre (NCSC). It has published a document ‘Secure communications principles’ highlighting key points for secure communications. As usual, NCSC has done an excellent job of laying out the potential hazards – and how to avoid them – in an easy-to-read form. Here is an outline of those principles and why they are important.
NCSC 7 Principles for Secure Communications
There are seven principles defined by NCSC, and they are:
- Protect Data in transit
- Protect network nodes with access to sensitive data
- Protect user access to the service
- Ensure secure audit of communications is provided
- Allow administrators to securely manage users and systems
- Use metadata only for its necessary purpose
- Assess supply chain for trust and resilience
Protect Data in Transit
At some point, your communications are very likely to travel over the public internet, which is by its nature an untrusted network. You don’t control it, so you can’t trust it. If not well protected, data travelling over an untrusted network can be tampered with, or people may be able to eavesdrop on your conversations and exchanges.
Another issue is messages being sent to the wrong person. This could be because you mistyped their address, or someone has spoofed or stolen an identity. This means that you could think you are interacting with a trusted colleague, when in fact a hacker has misappropriated their account. You could be tricked into giving sensitive, valuable information, or downloading malware.
Protect network nodes with access to sensitive data
A node is a connection point inside a network that can receive, send, create, or store data. Each node requires you to provide some form of identification to receive access. As your message travels across the network and passes through these nodes, if it has any unencrypted data, it may be accessed by the nodes. While the communication within the message may be encrypted by the app, your metadata may not be.
Another key point to consider is that encrypted messages rely on an encryption key to encrypt and decrypt. The key needs to be shared with the recipient for them to read the message, so there needs to be some form of key management system. If someone were to get hold of the key, they could read the message. If someone could get into the key management system, that would undermine the trust of the communications system, and you wouldn’t necessarily know that this had happened until it was too late, and that sensitive information had been compromised.
Protect user access to the service
As alluded to earlier, when you communicate with a trusted colleague, you assume that it is them. However, if their account is hacked, you may not be communicating with who you think you are*. For this reason, strong user authentication is an important part of a communications system.
If your colleagues are using their own phones for business use, i.e. an unmanaged device, there is also the danger that details such as user credentials and historic communications content are processed and stored without being encrypted. Therefore, if someone else gains access to that device/phone, information could be compromised. This is another reason for strong access control authentication (for example, fingerprint scan or password).
*In case the risk here isn’t clear, this is the ‘messaging app’ analogy to Business Email Compromise (BEC) which the FBI’s 2020 Internet Crime Report https://www.fbi.gov/news/pressrel/press-releases/fbi-releases-the-internet-crime-complaint-center-2020-internet-crime-report-including-covid-19-scam-statistics indicated cost $1.8B last year, more than the total costs of confidence fraud, ransomware, identity theft and several other categories all added together!
Ensure secure audit of communications is provided
For those working in regulated industries (financial services and health, for example) it is important that all communications can be audited (i.e. recorded and stored). However, this is not as easy as it sounds. The communications content must be kept secure, and there needs to be tight controls around who can access the content, when and why. This level of access would be highly desirable to criminals. Consumer grade apps certainly do not provide this level of service and some may even monitor your content for advertising or other purposes.
Allow administrators to securely manage users and systems
All IT service desks know that if users are allowed to administer their own accounts you end up with anarchy. For a secure communications system to remain secure, it must be properly managed. This means controlling who can join, and who can communicate with which groups. In contrast, consumer apps allow anyone to join – which could include hackers, criminals, and disgruntled ex-employees – and then to contact anyone else on the system.
Controlling who is admitted to the system provides a level of trust, that you know who you are communicating with, and that should someone leave the organisation, their account is disabled.
Use metadata only for its necessary purpose
Put simply metadata is the ‘who’, ‘where’, ‘when’, and ‘how’ of the communication. It reveals information about the user, for example, who is talking to who, which in certain cases can be useful even if a malicious actor doesn’t know what they are saying.
When aggregated, metadata can become even more valuable and is often harvested and sold to advertisers. This is how free-to-use services monetise their users. Apart from the adverts being annoying (and creepy), it is a security risk for organisations.
Assess supply chain for trust and resilience
Do you know every element of your secure communications service and who supplies it? Can you trust every element? If your existing solution uses the public internet then you can’t know every element, and therefore you need to mitigate the risks. Another point to consider is whether the system is standards-based (and so can be supported by multiple vendors) or a proprietary system? If proprietary, what happens should that supplier go out of business or be taken over by another organisation?
A final point to think about, for a secure communications solution to be genuinely usable (in other words, there is no reason for users to circumvent the system with workarounds or “shadow IT”), can users communicate with people outside of the organisation? Any solution adopted needs to be able to talk to other secure communications systems.
The ease of use of a communications app belies the underlying complexity, so when looking for a solution that is secure enough for enterprise and business use, there is a lot to consider.
Our new technical white paper goes into each of the NCSC’s Secure Communications Principles in much more detail and explains how Armour applies these principles across our products. You can download a copy here:
Alternatively you can view our Podcast:
Part 1: Click Here
Part 2: Click Here