Users Can Be Just As Dangerous As Hackers
Among the problems stemming from our systemic failure with cybersecurity, which ranges from decades-old software-development practices to Chinese and Russian cyber-attacks, one problem gets far less attention than it should—the insider threat.
But the reality is that most organizations should be at least as worried about user management as they are about Bond villain-type hackers launching compromises from abroad.
Most organizations have deployed single sign-on and modern identity-management solutions. These generally allow easy on-boarding, user management, and off-boarding.
However, on mobile devices, these solutions have been less effective. Examples include mobile applications such as WhatsApp, Signal, Telegram, or even SMS-which are common in the workforce.
All of these tools allow for low-friction, agile communication in an increasingly mobile business environment. Today, many of these tools offer end-to-end encryption (e2ee), which is a boon when viewed through the lens of protecting against outside attackers. However, e2ee also resists internal governance and compliance programs.
Even more troubling, these features don't integrate into existing user-management tools. An existing member of a group needs to be removed from any group communications inside the organization, but with these ad-hoc consumer tools, this management is nearly impossible to guarantee.
One often-maligned technology that offers hope to resolve the tension of e2ee and governance is blockchain-based solutions. Bitcoin, which originally put blockchain in common parlance, is known for slow commits (~10 minutes), low transaction throughput, and high monetary and environmental costs.
But this blockchain technology has not stood still. Thankfully, newer designs offer options that do away with the shortcomings of bitcoin while still offering trustless operation.
SpiderOak is a pioneer in using cryptography to protect data not only from criminals but also from the company, meaning that not even the company can read the information users store on their servers.
With its CrossClave application, SpiderOak uses a custom-built blockchain to manage identity and access while adhering to end-to-end principles. This lets users have policy-based access controls, simple user management, and one-click off-boarding without trusting us. On top of that, SpiderOak also added e2ee in order to provide a total end-to-end solution to team collaboration.
Tools such as CrossClave that are built on blockchain now offer the best of low-friction, mobile collaboration, and what organizations are in dire need of management, compliance, and control.
Note: This article is written by Jonathan Moore, the chief technology officer of SpiderOak, a secure-communications data and aerospace company.