If you’ve been following technology news, you’ve probably heard of end-to-end encryption. It’s the technology that makes sure the data you send—whether it’s a file, an email, or a text message—will only be accessible to its intended recipients. To malicious actors monitoring, internet service providers, and government agencies, end-to-end encrypted data will appear as indecipherable gibberish. Even the developer of an \ application and the company hosting its servers won’t be able to read user data if it’s end-to-end encrypted.
End-to-end encryption has become very popular in recent years, especially in the consumer messaging application market. Signal, Telegram, WhatsApp, Skype, and Viber are just some of the household names that have end-to-end encryption capabilities.
But the enterprise sector has been slower in adopting end-to-end encryption. Many companies rely on cloud providers to keep their data safe, while others set up their own on-premise servers to make sure data remains within their physical boundaries.
In an interview with TechTalks, Gyorgy Szilagyi, co-founder and Chief Product Officer at end-to-end encrypted cloud storage platform Tresorit, discussed how enterprises can benefit from end-to-end encryption and what challenges they must overcome.
The benefits of end-to-end encryption for enterprises
Most cloud storage platforms provide a convenient user experience at the cost of security. You get access to file viewing, editing, sharing, and collaboration features. But your data is encrypted at rest, which means the encryption keys are stored in the cloud provider’s servers. If the server gets hacked, you lose your data.
In many sectors, enterprises are bound by regulatory constraints such as GDPR or HIPAA, which put severe constraints on how they store their data. They’re also worried about the impact of possible data breaches at the cloud provider. This makes it difficult for them to adopt cloud products.
“The majority of Tresorit’s larger customers are drawn from highly regulated industries–think financial services, R&D, healthcare, and life sciences,” Szilagyi says. “During their day-to-day work, they need a solution that is easy to use and capable of handling confidential data in a compliant manner. In-the-cloud (or at rest) encryption models do not satisfy both requirements: they are convenient but not secure.”
End-to-end encryption provides a strong barrier against data breaches. In case malicious actors break into a company’s server, they won’t be able to access end-to-end encrypted data because the keys are stored on user devices, not on the servers.
“Enterprise IT buyers want a system where they do not have to rely on trusting employees with using digital services or securely sharing and managing confidential files,” Szilagyi says. “Human errors are the most common causes of data breaches, so companies need workflows with built-in security.”
End-to-end encryption can also add a layer of security to cloud platforms, enabling secure collaboration with external parties such as contractors, advisors, and partners. What you get is the flexibility of cloud solutions with enterprise-grade security.
“Almost two-thirds of our enterprise customers lack a virtual data room–like solution for securely sharing confidential data beyond company walls,” Szilagyi says. “In our experience, end-to-end encryption is often the final pull factor for businesses to switch from on-premise solutions to the cloud or start using the cloud as an additional solution that enables flexibility and sharing.”
End-to-end encryption is a strong data-protection measure that ensure compliance to strict data protection regulations. It can also accelerate the legal review process for technology procurement. “Having zero access to the data stored on servers offers less liability in data processing agreements,” Szilagyi says.
End-to-end encryption during the covid-19 pandemic
The coronavirus outbreak forced many countries into lockdown. Organizations had to figure out how to their employees with the tools to work safely from home. Large enterprises that already had remote working tools in place had to find ways to scale and expand their infrastructure. Small and medium businesses that had no experience in remote work had to start from scratch.
“Companies needed to switch to remote work almost overnight—this was challenging for both SMBs (who didn’t typically have work-from-home policies) and enterprises (who did not have remote work policies not suitable for large-scale deployment),” Szilagyi says.
Making on-premise tools available to remote workers became a major challenge. Many companies started considering cloud-based solutions for file storage, collaboration, and messaging. Naturally, data encryption and security became a serious concern.
“In my view, the difference in the challenges faced is not really between those who had and did not have end-to-end encrypted solutions, but between those who took data security seriously before COVID and those who didn’t,” Szilagyi says.
The pandemic has given rise to a new wave of security risks. One example phishing scams that use misinformation surrounding covid-19. Many attackers are banking on the weak defense barriers of home networks to lure remote workers into traps. And the sudden shift from on-premise to cloud solutions has opened the way for many human errors, such as security misconfigurations resulting from lack of experience and know-how.
“This global switch to remote work created both cloud security risks and end-point security weaknesses,” Szilagyi says. “End-to-end encryption is not a magical, all-in-one solution for each of these security risks, but, combined with strict data control capabilities, it can help to protect data from common security threats—like cloud attacks and employee errors—and will continue to remain crucial to companies after the pandemic has been and gone.”
The future of end-to-end encryption for enterprise
Tresorit is one of several companies that have focused on client-side encrypted tools. The company launched its cloud storage solution for consumers in 2013 and for businesses in 2014. Since then, it has grown to more than 10,000 business organization users. During the pandemic, Tresorit saw a sudden surge in demand for its end-to-end encrypted cloud storage solution. The company, which was founded in Switzerland and Hungary in 2011, now has offices in Budapest, Munich, and Zurich. It has servers across 12 geographical regions from the U.S. to Singapore, and it has grown from 10 to 120 employees.
In 2017, Tresorit’s cloud storage service became a finalist at the Cybersecurity Product Awards in the encryption category. In 2020, Tresorit became the first end-to-end encrypted service provider to be named a Customers’ Choice in Gartner Peer Insights ‘Voice of the Customer’: Content Collaboration Tools. The recognition is based on user feedback and shows that end-to-end encryption doesn’t need to come at the expense of convenience and user experience.
“We would like to continue advocating the widespread adoption of end-to-end encryption among businesses of all sizes,” Szilagyi says. “End-to-end encryption is gaining traction in messaging, especially in the consumer market, but it is not as common for other use cases such as emailing, data storage and file collaboration—all of which are vital for business workflows.”
Fortunately, we’re seeing some positive trends in the adoption of end-to-end encryption in enterprise applications. Zoom added end-to-end encryption to its video-conferencing platform in late 2020. More recently, Microsoft announced that it will be adding end-to-end encryption support to Teams, its enterprise messaging and collaboration tool.
“The fact that Microsoft Teams has added end-to-end encryption shortly after Zoom, one of their biggest competitors, shows that protecting privacy has become a competitive advantage in the enterprise SaaS market as well: e2ee has become a must-have technology for companies in this space,” Szilagyi says.
In the future, the Tresorit team will continue to add enterprise-level product features on their platform.
“Developing features that could be seen as at odds to end-to-end encryption, such as search capabilities, extensive service integrations, or user provisioning, is challenging. But we’re working to solve as many of these technology challenges as possible,” Szilagyi says.
In tandem with growing support for end-to-end encrypted solutions, there are calls for regulation that requires encrypted services to provide government agencies access to encrypted data. This would mean that, for instance, if a law enforcement body is investigating a criminal case, service providers should be able to assist them by providing them the unencrypted data records of suspects. This would require e2ee service providers to create backdoors into their own technology, such as a master key that could decrypt all data encrypted with their applications. This would undermine the main goal of end-to-end encryption, which is to give users exclusive ownership of their data.
“Despite a growing need for digital security and a strong support of data protection regulations, end-to-end encryption is under threat from global regulatory attempts to access encrypted information,” Szilagyi says. “We will continue to advocate for the integrity of encryption and to stand up against attempts to gain backdoor access for law enforcement. Any attempt to access encrypted data, even if it is deemed ‘lawful’ or ‘targeted,’ creates vulnerabilities in encrypted systems and affects the security of millions of businesses and billions of people.”