Jan 26, 2017. From all this, we can conclude that “the Big Three” are pretty secure chat apps. “The Other Three” do take some security steps, but using them may risk your business' intellectual property. If security is a big concern, stick with the “Big Three.” Even on secure chat apps though, prudence is called for. VSee is a secure skype alternative for video chats and virtual consultations. It delivers high definition video quality even in low bandwidth and ads free. Stay away from this software! It is not safe! It is not open source. There might be intentional backdoors or security flaws from improper coding. Skype with it. New promising chat encryption. SecureChat performs a RSA 2048 with Optimal Asymmetric Encryption Padding (OAEP) on chat messages with Personal and Public certificates, thus no one can read them, except the participants. Does Skype use encryption? All Skype-to-Skype voice, video, file transfers and instant messages are encrypted. This protects you from potential eavesdropping by malicious users. If you make a call from Skype to mobile and landline phones, the part of your call that takes place over the PSTN (the ordinary phone network) is not encrypted. For example, in the case of group calls involving two users on Skype-to-Skype and one user on PSTN, then the PSTN part is not encrypted, but the Skype-to-Skype portion is. For instant messages, we use TLS (transport-level security) to encrypt your messages between your Skype client and the chat service in our cloud, or AES (Advanced Encryption Standard) when sent directly between two Skype clients. Most messages are sent both ways, but in the future it will only be sent via our cloud to provide the optimal user experience. Voice messages are encrypted when they're delivered to you. However, after you have listened to a voice message, it is transferred from our servers to your local machine, where it is stored as an unencrypted file. Skype uses the AES (*), also known as Rijndael, which is used by the US Government to protect sensitive information, and Skype has for some time always used the strong 256-bit encryption. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates. *Skype is not responsible for the content of external sites. To learn more about encryption, please visit our. In a recent Spiceworks survey, 59% of respondents said that “Sensitive files/information should not be shared via collaborate chat applications.” Image courtesy of Spiceworks.com. So, 59% think chat rooms aren’t secure. A little more than half. Healthy caution; nothing wrong with that. But you know it’s going to happen. Someone asks a co-worker for help, not realizing they’ve asked for some Intellectual Property. The co-worker pastes it into the chat window. Does everybody gasp at once? Scramble to delete it? Or do they just shrug and keep chatting, believing the chat room itself has enough security to protect the IP? Chances are, they do the latter. The question is, which business chat apps DO have the security to protect data shared within them? That’s what we’re tackling in this post. A comparison of 6 popular business chat apps at the security level. The Source: A 2017 Spiceworks Survey The Spiceworks survey that started all this is here: I came across it in my daily reading. (Hey there Spiceheads!) A group of IT Pros gave their thoughts on 6 chat apps – Skype for Business, Slack, Google Hangouts, HipChat, Microsoft Teams, and Workplace by Facebook. This section caught my eye, talking about chat room security: “In terms of security, the results show less than one third of IT pros are concerned about business chat apps introducing security risks. For example, 32% said messaging apps put corporate data more at risk of being hacked, and 29% said they pose a security risk that is difficult to manage. “However, that doesn’t mean caution can be thrown to the wind. Nearly 60% of IT pros believe sensitive files/information should not be shared via group chat apps. In other words, IT pros aren’t overly concerned about the security risks as long as their employees use chat services wisely.” Using chat services wisely. When it comes to IP, take care to keep it safe. So, which of those 6 is the most secure chat platform? Can we rank them? Let’s find out. The Big Three: Slack, Microsoft Teams, Skype for Business SLACK & MICROSOFT TEAMS—The Bitglass Blog put together a review of Slack’s security vs. Microsoft Teams’. They’ve done their homework; it’s definitely worth a read. Slack and MS Teams are pretty much neck-and-neck in terms of their security. Teams has greater regulatory compliance, but Slack already delivers on at-rest and in-transit encryption. Adding external users is a risk on both services. This of course makes me happy! I like seeing Slack and Teams in competitionlike iron sharpening iron, they should continue to make each other better. That they both have good security on their chats is yet another benefit to users. (I talked before about Slack and MS Teams – when it was called Skype Teams –.) SKYPE FOR BUSINESS—Our favorite, naturally. And in terms of security, it’s our favorite for good reason. Persistent Chat is a server within Skype for Business Server, and uses SQL Server for its database. Hardening the SQL Server and configuring security on the Windows Server on which Persistent Chat runs will provide high-grade security for the chats. In addition, a controls memberships, file uploads, and the domains from which users can join. There’s a lot of granular control. It’s safe to say that if you’ve secured your Skype for Business Server, your Persistent Chat rooms are pretty darn private. Now, what about the others? The Other Three: HipChat, Google Hangouts, Workplace by Facebook HIPCHAT—HipChat is run by Atlassian, makers of Jira and. Their indicates 256-bit SSL encryption on your chats & files. It even tells you where HipChat hosts its data – on Amazon Web Services, which employs its own security. However, HipChat has had a couple issues. In 2015, from HipChat. Atlassian responded with fixes of course. But in February 2016, a Redditor pointed out if you have a link, without logging into HipChat. I haven’t used HipChat much, so I don’t want to disparage it, but I am left a little uncertain on its security after reading these accounts. GOOGLE HANGOUTS—Okay, let’s talk Google. The search giant is famous for collecting data on its users. But it tries to maintain their privacy, at the same time. Hangouts uses encryption to protect your chats and files. A few things I note on this page: • Direct peer-to-peer. Good; cuts down on overhead and helps keep the chat private. • 128-bit encryption. Not 256-bit like HipChat. You’d think Google would go higher on its encryption level • No mention of end-to-end encryption like Slack and Microsoft Teams. In fact, Google when asked in May 2015. Verdict: Google Hangouts is convenient and. But it’s not the most secure business chat option. WORKPLACE BY FACEBOOK—Up until now I hadn’t even looked at Workplace. It’s very new, and as such, I’m keeping expectations low. The Workplace app does almost exactly the same things as Microsoft Teams and Slack: chat rooms, groups, external users, video, etc. It’s just made by the Facebook team. Pricing is cheaper than Slack, which makes sense if Workplace wants to grab users from other platforms. Some good (and bad) points: • Workplace accounts are different from Facebook accounts. That’s good; separating work and play means better privacy overall. • Workplace has a Trust Center posted, like Office 365:. Good for you guys! • Workplace debuts with a handicap though—Facebook’s dubious privacy practices. It’s a separate system, but Workplace does run off Facebook’s servers. Some businesses will shy away on reputation alone (and I can’t honestly blame them). It’s too soon to tell what kind of adoption Workplace gets. As such, I don’t want to say this is a good or bad choice in terms of security. It looks like they’re doing all the right things security-wisebut we’ll have to see how it unfolds. The People Side of Chat: Use a Secure Business Chat App, but Exercise Caution All the Same From all this, we can conclude that “the Big Three” are pretty secure chat apps. “The Other Three” do take some security steps, but using them may risk your business’ intellectual property. If security is a big concern, stick with the “Big Three.” Even on secure chat apps though, prudence is called for. There’s the technical side of security, and the people side. As a good security practice, you should only share sensitive data over channels you know are secure. And only when it’s necessary. Enjoy Business Chat Apps Responsibly! Readers know I’m a big advocate for group chat. It’s fast, easy, nobody gets bothered by a phone ringing, no participant limit, and there’s a record for conversations. So long as that record, and all files sent to colleagues within the chat app, are kept secure. It’s easy to presume security, and chat with everybody on the team as if it’s always there. It’s not so easy to verify security after-the-fact. Which business chat app do you use? Why that one? Please comment or email your thoughts. I would hope that none of my readers have ever experienced a security breach due to a chat appbut if you have, I’d like to hear your account too.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
February 2018
Categories |