Zero Trust Model: How messenger and security intertwine
Crisis situations can be manifold these days. Whether it is the implementation of hybrid work caused by a global pandemic or the increasingly frequent cyberattacks on corporate IT infrastructures - all digital IT systems must be protected against emergencies under all circumstances.
The implementation of a zero trust model in a messenger
Hybrid work is the latest trend. Particularly employees who spend more time sitting at a desk than being on the move want to be able to work from anywhere – regardless of whether it’s in the office, home office or remotely. A similar principle applies to mobile workers, of course. While this does not change their daily work routine, those who have been partially excluded from corporate communications in the past due to a lack of communication channels in particular should benefit from a hybrid communication model just as much as location-independent office workers. Mobile communication channels, such as our business messenger Teamwire, make it possible to include all employees in communication and connect them with each other via text and voice messages as well as video calling for communicative arrangements.
However, location-independent working as a result of the digital transformation is unfortunately not only an opportunity, but also harbors dangers. A hybrid form of work opens up even greater attack vectors for cybercriminals, for example through the use of unauthorized (communication) applications or through connection via virtual private networks (VPNs). Thus, the number of cyberattacks on companies per day is steadily increasing. In addition, the current situation surrounding the Ukraine crisis, the topics of cyber security and secure communication in crisis and emergency situations have increased once again.
To be prepared for hacker attacks, more and more companies want to better protect their IT infrastructure and communication systems to close security gaps. On the other hand, to ensure end-to-end communication, they need failsafe and stable server environments that are independent of foreign cloud providers, as well as provide protected communication channels for collaboration on all end devices.
In this context, it is hardly surprising that a new security model has been established that companies should follow for even more cybersecurity: the Zero Trust model. At Teamwire, we welcome this development, as it has always been our mission to enable optimal communication for all employees of a company – Secure. Simple. High-performing. This means smooth communication with the greatest possible data security and sovereignty. In doing so, we rely on the Zero Trust model, both from a product and a company perspective.
What is the Zero Trust model all about? – A definition
First, let’s explore what Zero Trust is all about and make the Zero Trust model a little more tangible. Zero Trust assumes that absolutely nothing is secure – no matter what tool or platform; not even behind the corporate firewall. Therefore, under the Zero Trust model, every request is checked as if it came from an openly accessible network. The principle of “trust is good, control is better” applies. Before access is granted, the request must be fully authenticated, authorized and encrypted. At the same time, it means verifying identity and checking the state of the end device. Lowest possible access rights help contain propagation in the system. Comprehensive business intelligence (BI) and analytics help better secure the digital environment by detecting and mitigating anomalies in real time. This makes it much more difficult for cybercriminals to access data or cause damage.
The Capgeminie study “IT Trends 2022” (available in German) also confirms that the Zero Trust model is currently one of the most important technologies. Zero Trust is ranked second out of 10 technology trends. According to the study, almost 20 percent of the CIOs surveyed are currently implementing it. That is twice as many as a year ago. Around a further quarter are also planning to implement a Zero Trust model before the end of 2022.
The three Zero Trust principles
The Zero Trust model is essentially based on the following three principles:
1. Explicit (re)verification
Authentication and authorization must always include all available data points, such as anomalies, data classification, device integrity, resources and location.
2. Least possible authorizations and rights
To fully protect data and remain proactive, it is important not to assign more permissions and rights than necessary. It is recommended to limit user access with Just-in-Time (JIT), Just-Enough-Access (JEA) and risk-based adaptive policies.
3. Minimize (threat) propagation
Zero Trust microsegmentation helps base security policies on a strong, machine-generated identity for individual workloads, rather than general IP addresses. This enables the use of technologies such as containers and microservices. Encryption and analytics also help protect data and detect and defend against attacks.
How can the Zero Trust model be implemented in companies?
It is a fact that the time has come for a new security model that fits seamlessly into complex modern environments, incorporates the hybrid workplace and protects data, devices, applications and users at any place and at any time. Not only planned solutions, but also those already in use must meet the demand for zero trust. This also applies to communication solutions such as our business messaging app Teamwire because, as mentioned at the beginning, any solution, including a business messenger, could be used as a potential attack vector. At the same time, insecure messengers for private use – such as WhatsApp, Signal, and Telegram – are excluded from the outset. The reason for doing so is that consumer messengers are not sufficiently positioned in terms of data protection, functionality or technology with regard to zero trust, and they are reaching their limits in terms of cyber security and secure communication, including administration via IT.
How Teamwire fulfills Zero Trust in its business messenger
At Teamwire, our core business is fast, secure, and confident communication via text and voice messaging, as well as video calls. We have always made no compromises when it comes to data privacy and security. Below, we’ve summarized aspects and features of our messaging app that are built on the Zero Trust model from a business perspective:
- Centrally managed user administration, which allows permissions and rights for users and devices to be assigned individually and restricted and controlled by IT administration at any time.
- Modular administrator rights enable different permissions at the IT administration level to meet the lowest possible access rights of the Zero Trust principle.
- Two-factor authentication via email address and phone number, providing secure proof of identity within the Zero Trust messenger and thus in the digital environment.
- Device and user authentication each time the app is opened or accessed, messages are retrieved, and messages are sent.
- MDM authentication enables usage to be restricted to selected and verified endpoints.
- Multiple and complete encryption of messages and data in transmission and storage – both on the end devices and on the servers.
- Data economy for personal data and metadata, which is collected pseudonymously and only stored if required for specific features of the Zero Trust messenger.
- Encrypted app container that securely compartmentalizes sensitive data on corporate as well as BYOD devices and controls access and disclosure of data.
- Fail-safe and stable server environments that are sovereign and independent of foreign cloud providers and ISO 27001 certified.
- Audit logs that record every access by users, endpoints, and administrators.
- “Privacy by Default” as a technology design, which includes strong privacy settings by default.
- Regular security updates to ensure robustness of the Zero Trust messaging app.
- Internal and external security audits that include comprehensive penetration testing and vulnerability assessments.
- Zero Trust product strategy prioritizes data security, privacy and sovereignty, and Zero Trust in further development.
Bottom line: One Messenger = 100% Zero Trust
Increasing digitalization is accompanied by security risks – there’s no question about that. To improve cybersecurity and guarantee secure communication, a Zero Trust architecture is the order of the day. But Zero Trust cannot be implemented overnight. It is an ongoing journey that starts with simple first steps and improves processes continuously as well as iteratively. A messenger like Teamwire, which is based on the Zero Trust model, can provide companies with crucial support in this process.
We are here for you!
Do you have questions about how you can use Teamwire as a zero trust messenger in your company? Then contact us and arrange a free consultation without obligation.