How to keeps calls, text messages and internal comms secure

If you want to keep your data and device safe, implementing a secure communications program within your organization is a critical step to take.

One issue people find with secure communications terminology is the lack of familiarity with what that actually means. In the military, secure communications could mean a variety of things; such as encrypted radios or other Secure Terminal Equipment for wired or landline communications.

For our private sector users, secure communications are broken into five categories:

  • Encrypted and pre-configured phones
  • Private and encrypted text, voice, video calls, and VPN
  • Private external SMS and phone calls
  • Threat detection and mitigation
  • Supply chain and logistics

Consumer secure messaging apps are gaining popularity, mostly due to press around high profile mobile device compromises. For most organizations, a secure messaging app alone will not provide complete coverage from data loss and attacks on mobile devices. While each organization should transition sensitive communications over to services that provide end-to-end encryption, doing this at scale is not an easy task.

Additionally, we’re seeing a growing use of secure communication tools based on the global messaging security market valued at ~$ 5.9B in 2022 and is expected to reach ~$ 12.7B by 2028.

Private and encrypted text, voice, video calls, and VPN

One of the major pain points we discovered first hand was the ability to set up a secure messaging platform at scale. Sure, there are plenty of apps both paid and free that will provide encrypted texting, but as soon as we invite multiple users we start to see issues with lost passwords, not wanting to give phone numbers or email addresses, new devices, new phone numbers, team members leaving, team members joining… It can get messy.

We wanted team leads to be able to quickly stand up a way to communicate securely with their users while taking as limited amount of information as possible. Today, users can be onboarded with only a username, meaning we’re not asking for a phone number or email address.

Once a user authenticates to Glacier, all of their contacts are preconfigured. No exchanging information like phone numbers, email addresses, or barcodes. Within the app users can send messages, files, create groups, make video calls all end-to-end encrypted. Additionally, we’ve added a one tap VPN solution to protect all data exiting your device.

External phone calls and SMS

Users can eliminate the threat of exposing their true phone number by using Glacier to send and receive text messages, as well as make phone calls to any number in the world. Glacier encrypts this data in transit to a proxy before delivering it to the other party.

Securing Your devices

“I’ve never used an Android device, and I’m not going to use this one.”

When we started Glacier nearly 8 years ago, my team had an opportunity to pitch our secure communications product to a Fortune 500 company bringing in over $400M in revenue per year. At the end of our pitch I handed one of the executives a hardened Android device (at that time it was a Moto G with custom Android firmware) and challenged them to use this as their primary device. To this day, I still remember when their patience ran out, saying “I’ve never used an Android device before, and I’m not going to use this one.”

We learned an important lesson that day that each organization has different needs, and a one size fits all solution to mobile security did not exist.

“If a user feels restricted by their secure device, they will inevitably replace it with something far more insecure.”

Today we work with each organization to determine the mobile security posture that works best for their needs. In most cases we’re working with teams to build a secure device that provides best in class security while not limiting its functionality. If a user feels restricted by their secure device they will inevitably replace it with something far more insecure. The challenge for us is to balance security and convenience.

Threat Detection And Mitigation

While building your organization's secure communication program it’s critical to implement a mobile threat detection product. Some organizations still believe that managing a device via Mobile Device Manager (MDM) is the same as securing it. Simply extending basic compliance policies to the mobile fleet and blacklisting certain applications is not enough to fully secure mobile devices from phishing, risks, malicious versions of legitimate apps, and risky network connections outside the office.

Glacier’s Security Hub provides teams & organizations insight into the security of their mobile device fleet while protecting the privacy of their users. Security Hub detects compromise, critical security updates and poor device security hygiene such as disabling screen lock and biometric security features.

Supply Chain And Logistics

The final piece of your secure communication puzzle is the most complicated. Once you begin your deployment, it’s critical to consider where devices are procured. This is more of a concern for corporately owned devices provided to their employees.

Adversaries exploit supply chain vulnerabilities to steal America’s intellectual property, corrupt our software, surveil our critical infrastructure, and carry out other malicious activities. They infiltrate trusted suppliers and vendors to target equipment, systems, and information used every day by the government, businesses, and individuals.

- The National Counterintelligence and Security Center

Glacier works with companies globally to securely procure mobile devices to eliminate supply chain threats that are actively targeting your company or organization.

About Glacier

Glacier was launched in 2015 by a group of engineers and developers with backgrounds from the National Security Agency. Our goal was to solve mobility pain points we experienced first hand in the government. We’re on a mission to make organizations feel confident their associations, conversations, data, and devices are secure and protected.

Interested in finding out how Glacier can increase the security posture of your mobile devices, protect sensitive communications, and eliminate threats to your employees’ devices? Contact our Enterprise Sales team here for additional information, or start your secure communications program here, for free.

Photo by Charles Deluvio on Unsplash

April 18, 2021
Team Glacier