DekkoBlog

The lastest in connecting and collaborating securely at work. From our leading minds in cybersecurity.


Whilst end-to-end encryption is the safest way to secure your data as it travels between connected entities, it’s not the whole picture when it comes to truly secure business communication. If you want to ensure the absolute security of your conversations, data and intellectual property you need to understand end-to-end security and how security extends beyond encryption.



So what is End-To-End encryption?


End-To-End encryption (E2EE) is a form of encryption that uses complex algorithms to secure data as it travels between users to ensure no third-party can ever view your communicated content. E2EE uses these algorithms to place a ‘lock’ on your data and communications and only people you give access to the unique ‘key’ can unlock this data.


Each user has two sets of keys, a public key and a private key. Your public key is used by the sender to encrypt the data before it is sent to you, and your private key is used to decrypt it on arrival. As the data travels between users, no one can view or read it as they do not have the unique private key which unlocks the data (which is stored safely and never in the hands of someone without permission).


This means that no one, not even the server, network provider or encryption provider has the ability to view your end-to-end encrypted data as they do not have the unique key required to unlock that data.



What other types of encryption are used?


Whilst there are many other forms of encryption security none of them are as secure as end-to-end encryption. For example ‘encryption in-transit’ may encrypt data as it travels but it can be, or often will be, decrypted as it is routed through servers before being re-encrypted, exposing it to vulnerabilities. The other common form of encryption is ‘in-transit and at rest’ which does encrypt the data for the whole journey however parties such as the service provider, who may not be trusted, have access to the keys that unlock that data, again exposing vulnerabilities.





How does end-to-end encryption differ from end-to-end security


End-to-end encryption is just a piece in the puzzle of ensuring total security, it’s the right place to start but if other security practices are being ignored, your sensitive data is no longer completely secure. There is no utility in encrypting data, if someone else has the ability to login to your account or access the data with a simple URL.


That’s why DekkoSecure isn’t just an encryption company, we are a security company. As encryption is just one crucial step, but one step nonetheless in ensuring total security. Dekko presents a complete end-to-end security approach by mitigating the human and technological risks beyond just data encryption to help provide total security. These additional steps eliminate security gaps ensuring the confidentiality of data, communications and intellectual property whether that be in files, documents, chat, email or video conferencing. At Dekko we provide security beyond encryption through the following steps:


  • Authentication: Dekko takes additional steps beyond industry standard to authenticate that the user is indeed the intended recipient. Unlike other services where you may be able to access a document or video call simply by clicking a link, Dekko requires you to login and authenticate yourself. Digital signatures are also used to ensure your content cannot be tampered with.

  • Authorisation: Dekko actively checks for who has authorisation to sensitive data. In comparison many other platforms may still give you access to data using a link (which often contains the required encryption key), URL or password that could be maliciously intercepted. Dekko also ensures that authorisations that are revoked are done so cryptographically.

  • Integrity: Dekko verifies the integrity of its platform through a number of steps such as running its applications in the browser ensuring they are fully updated with no need for software updates and offering data sovereignty to improve traceability.

  • Verifiability: Rather than typical applications where organisers are responsible of inviting participants through URL or email, exposing them to the risk of phishing attacks, Dekko manages this in the application to improve verifiability.

  • Auditability: Audit logs provide crucial data on data, when it has been altered, who has accessed and when and using Dekko this is stored encrypted within the cloud to mitigate risk of tampering.


If you want more information on our end-to-end encrypted, video conferencing platform visit us at https://www.dekkosecure.com/videoconferencing.


We also offer a complete product suite of integrated, end-to-end encrypted collaboration tools including video conferencing, email, chat and document signing, to find out more about these visit us at https://www.dekkosecure.com/.

There's a good chance you’ve never even heard of the term ‘user visibility’ but if you’re concerned about the security and confidentiality of your workflow or communications, it's a term you should definitely add to your vocabulary.


The basics


In its simplest sense, user visibility is the ability for a user in an online communication environment to be able to see who the other users in the same environment are. So can I, ‘user one’, see that ‘user two’ and ‘user three’ are also in the environment? Or perhaps I may only be given permission to see that ‘user two’ is in the environment but not ‘user three’.


Now it may seem pretty confusing as to why it even matters if users can see what other people are present, and after all, we all have access to the same service and the data within it, so why does it matter? There are a number of examples where user visibility is crucial in providing you complete security and can also help you build a business advantage as well.


Why the experts care


In a theoretical sense this seems like a concept that would be unlikely to give you many concrete benefits but when you drill into just a couple of potential use cases you can see the advantages it could provide your business. For example you may be an architecture firm sharing a proposal with a number of construction companies competing for a contract to build a design. Using a DekkoVAULT HUB with restricted permission for user visibility, these companies can all access these confidential designs without being able to view who their competitors for the contract are. If they were to know this, as they would in most typical file sharing hubs, this may influence their bidding for example putting in a higher price then they otherwise would if they know their competitor tends to bid high.


Another use case may be a law firm sharing a standardised document, sent to multiple clients. However under a typical file sharing platform, the clients accessing this file could view other users on the sharing service, removing peer-peer confidentiality and exposing the firm to a legal threat. Restricting user visibility on DekkoVAULT solves this problem, by making all clients an ‘external user’ (see diagram below), clients have no ability to see who else is on the Dekko, ensuring the firm maintains full security and meets their legal obligations.


Most file sharing platforms, even those who are marketed as highly secure, do not provide the option to restrict user visibility. At Dekko we integrated it into our DekkoVAULT platform after consulting a number of high profile clients and realising the security improvements it creates as well as the potential for business competitive advantage.


The techy side


User visibility on the Dekko platform is managed through our HUBS, which is an integral feature of our Vault, Sign, Chat and Mail products. A Dekko HUBS is an isolated environment where users can share work, ideas and projects to users within the same HUB. All files and data shared in this environment are end-to-end encrypted to provide complete security.


When creating a DekkoVAULT HUB,there are three different user types:

  • External members can only be seen by members who are ‘Visible to External’. They cannot see other external members. An example use case would be adding a customer to a circle where you do not want them to see other customers or employees.


  • Visible to External members can be seen by all other circle members regardless of type. An example user of this may be someone interacting with both customers and managers and thus should be visible to both.


  • Invisible to External members can only be seen by non-external members. An example use case would be for a manager that can view discussion in a circle and be seen by employees, but not customers.


In a traditional file sharing platform an administrator may try to avoid the security risk of users knowing the identity of other users by simply creating individual networks or hubs with every user. However this becomes a big issue at scale. What happens when you want to update a file that you have individually shared with 30 different clients, you now have to update this file on 30 different networks rather than simply updating the master copy as you would on the DekkoVAULT system.


If you want more information on our end-to-end encrypted, file sharing platform visit us at https://www.dekkosecure.com/dekkovault.


We also offer a complete product suite of integrated, end-to-end encrypted collaboration tools including video conferencing, email, chat and document signing, to find out more about these visit us at https://www.dekkosecure.com/.





© DekkoSecure 2020. All rights reserved.