How Secure Communications Can Keep Your Data and Devices Safe

If you want to keep your data and device safe, implementing a secure communications program within your organization is a critical step to take.

One issue people find with the secure communications terminology is the lack of familiarity with what that actually means. In the military, secure communications could mean a variety of things; such as encrypted radios or other Secure Terminal Equipment for wired or landline communications.

For our private sector users, secure communications are broken into four categories:

  • Private and encrypted text, voice, video calls, and VPN
  • Secured or hardened devices
  • Threat detection and mitigation
  • Supply chain and logistics

For most organizations, a secure messaging app will not provide complete coverage from data loss and attacks on mobile devices. While each organization should transition sensitive communications over to services that provide end-to-end encryption, doing this at scale is not an easy task.

Consumer secure messaging apps are growing popular in the workplace, both due to COVID-19 forcing companies to think about the threats post perimeter, and recent high profile mobile device compromises.

Additionally, we’re seeing a growing use of secure communication tools based on the global messaging security market valued at ~$ 3 Bn in 2019 and is expected to reach ~$ 8 Bn by 2027.

Image for post

Private and encrypted text, voice, video calls, and VPN

One of the major mobile pain points we discovered first hand was the ability to set up a secure messaging platform at scale. Sure, there are plenty of apps both paid and free that will provide encrypted texting, but as soon as we invite multiple users we start to see issues with lost passwords, not wanting to give phone numbers or email addresses, new devices, new phone numbers, team members leave, team members join… It can get messy.

We wanted team leads to be able to quickly stand up a way to communicate securely with their users while taking as limited amount of information as possible. Today, users can be onboarded with only a username, meaning we’re not asking for a phone number or email address.

Once a user authenticates to Glacier, all of their contacts are preconfigured. No exchanging information like phone numbers, email addresses, or barcodes. Within the app users can send messages, files, create groups, make video calls all end-to-end encrypted. Additionally, we’ve added a one tap VPN solution to protect all data exiting your device.

Securing Your devices

“I’ve never used an Android device, and I’m not going to use this one.”

When we started Glacier nearly 5 years ago, my team had an opportunity to pitch our secure communications product to a Fortune 500 company bringing in over $400M in revenue per year. At the end of our pitch I handed one of the executives a hardened Android device (at that time it was a Moto G with custom Android firmware) and challenged them to use this as their primary device. To this day, I still remember when their patience ran out, saying “I’ve never used an Android device before, and I’m not going to use this one.”

We learned an important lesson that day that each organization has different needs, and a one size fits all solution to mobile security did not exist.

“If a user feels restricted by their secure device, they will inevitably replace it with something far more insecure.”

Today we work with each organization to determine the mobile security posture that works best for their needs. In most cases we’re working with teams to build a secure device that provides best in class security while not limiting its functionality. If a user feels restricted by their secure device they will inevitably replace it with something far more insecure. The challenge for us is to balance security and convenience.

Threat Detection And Mitigation

While building your organizations secure communication program it’s critical to implement a mobile threat detection product. Some organizations still believe that managing a device via Mobile Device Manager (MDM) is the same as securing it. Simply extending basic compliance policies to the mobile fleet and blacklisting certain applications is not enough to fully secure mobile devices from phishing, risks, malicious versions of legitimate apps, and risky network connections outside the office.

Our threat detection partner Lookout uses artificial intelligence to analyze data from nearly 200 million devices and over 100 million apps to protect your devices from the full spectrum of mobile risk. Each one of Glacier’s enterprise licenses includes Lookout threat detection.

Supply Chain And Logistics

The final piece of your secure communication puzzle is the most complicated. Once you begin your deployment, it’s critical to consider where devices are procured. This is more of a concern for corporately owned devices provided to their employees.

Adversaries exploit supply chain vulnerabilities to steal America’s intellectual property, corrupt our software, surveil our critical infrastructure, and carry out other malicious activities. They infiltrate trusted suppliers and vendors to target equipment, systems, and information used every day by the government, businesses, and individuals.

- The National Counterintelligence and Security Center

Glacier works with companies globally to securely procure mobile devices to eliminate supply chain threats that are actively targeting your company or organization.

April 18, 2021
Team Glacier