The French Prime Minister, Elisabeth Borne has banned the use of consumer messaging solutions WhatsApp, Signal and Telegram by government ministers and their teams. The ban cites security vulnerabilities, something that we at Armour have been talking about for a number of years now!
Many organisations still commonly use mass-adoption platforms for communicating, when there is an alternative that is every bit as convenient and easy to use as a consumer-grade app, and is approved by the UK’s National Cyber Security Centre (NCSC). This solution, Armour Mobile, is widely used throughout the MOD, and parts of the government that require higher assurance.
Why are mass-adoption services so unsecure?
Any messaging, communications or collaboration platform that allows anyone to join can not be considered secure, simply because without strong, identity-based authentication, participants cannot be sure that they are really communicating with who they intended to. Account theft, SIM swapping and simply renaming one’s social media account to look like someone else makes it very easy for people, including government personnel, to get phished and accidentally leak sensitive information. The exponential increase in the power of AI to generate deep-fake impersonations mean that this is going to be an escalating issue. Our recent blog explains the dangers of impersonation-based attacks and how to mitigate them.
On top of this very significant security flaw, there are a number of other issues such as:
A tempting target
Mass-adoption platforms, due to the very nature that everyone uses them, are a lucrative target for hackers, activists, cyber criminals and nation-state sponsored attacks. This means that any organisation using WhatsApp, Signal, Telegram, or Teams, Zoom, GoogleMeet could easily get caught in the cross-fire, and suffer lost data, or inability to communicate, even if they are not the intended target.
No data sovereignty
You have no control over where your data goes, what server it is held on and who might have access to it. At the very least, this raises data privacy concerns, for example, GDPR compliance, quite apart from the issues around handling sensitive data that, if exposed, could put an organisation at a commercial disadvantage, or even compromise national security.
No control over where your information is sent
With social media apps, once a communication has been sent to a third party, the sending organisation has no control over what the recipient then does with that information. Ex-Health Minister Matt Hancock’s published WhatsApp messages demonstrated this point admirably. The fierce back-and-forth arguments between Boris Johnson and Dominic Cummings are another such example. Read more here, complete with fruity language https://www.bbc.co.uk/news/uk-67275967
How Armour Comms delivers secure communications
In answer to the issues outlined above, Armour Comms delivers a secure communications platform with all of the convenience and usability of a consumer-grade app, but with enterprise-grade management features. Such as:
- Managed communities meaning that only verified people can join, so users can be confident they will only be communicating with authorised and authenticated users.
- All information is protected within the Armour environment. Armour can be hosted in the secure Armour cloud, or on-premises (e.g. within a government or other known data centre), so that you know exactly where your data is being held, delivering your data sovereignty requirements.
- Message Burn and automated message deletion mean that any conversations can be set to automatically delete after a set time to ensure sensitive data doesn’t accumulate on a device. Additionally, individuals can set a message to delete at a certain time after it has been read, or after it has been sent.
- For any device that is lost, stolen, or compromised, all data held within the Armour environment can be remotely wiped.
- Secure auditing capabilities mean that all communications are securely recorded for secure review at a later date, even if the messages have been deleted from the original device, delivering compliance needs, such as Public Records, the Freedom of Information Act and other industry specific regulations.
Armour Mobile is approved by the NCSC and NATO. It is widely in use across the MOD and defence contractors, as well as areas of the UK government that require higher assurance.
Read our buyer’s guide for more information about how Armour Comms’ secure communications platform can help, and what questions you should be asking. DOWNLOAD HERE