Secure communications principles

Is your data safeguarded against eavesdropping and manipulation?

Communications generally travel over untrusted networks, such as the internet, which can allow unauthorized access or alterations to the data in transit.

To protect against eavesdropping and alteration, choose a service that encrypts data and maintains its integrity while being transmitted between users.

Can participants verify their communication partners’ identities?

Communications might inadvertently reach incorrect recipients due to simple errors like mistyping, posing risks of sensitive information leakage outside of your organization. Additionally, impersonators can deceive users into thinking they are legitimate contacts, spreading harmful links and misinformation.

Utilize a service that includes user authentication, allowing recipients to validate the sender’s identity. For platforms allowing unauthenticated participants, such as video conferencing, ensure there are mechanisms for trusted users to control access to the communication channels.

Are network components handling unencrypted data secured properly?

Communications typically pass through various servers and routers. Any network nodes with access to unencrypted data might access all communications between all users. Moreover, services that enable user data backup to cloud solutions could store a significant amount of historical messages.

Ensure that network nodes with access to unencrypted data are secured at a level appropriate to the potential impact of any security breach. If adequate protection cannot be assured, opt for services that encrypt data in transit and while stored at network nodes.

Are network nodes managing cryptographic key material properly protected?

Secure communications rely heavily on cryptography, with trust based on cryptographic keys. If key management systems within a service are compromised, this trust can be exploited, allowing an unauthorized party to impersonate other users or access confidential information.

Any service component involved in cryptographic key management must be protected according to the potential risk of compromise.

Is user access to the service adequately secured?

When users send messages, they expect that only the rightful owner of their account will have access to them. If unauthorized individuals gain access to an account, they can impersonate the user, view private communications, or disseminate false information.

Access to the service must be authenticated, ensuring only designated users can engage with the communications.

Is the user’s device sufficiently secured?

The device using the communication service processes unencrypted data and may store user credentials or key information along with historical messages. If unauthorized access is gained to this device, data compromise becomes possible.

Devices must be appropriately configured to prevent unauthorized access and protect communication privacy. Employing mobile device management (MDM) or mobile application management (MAM) solutions can provide additional control over application data.

Does the service maintain logs of security events?

Both accidental and intentional misuse of communication services can adversely affect an organization. Certain indicators of misuse could include:

• multiple failed login attempts
• access occurring at unusual times or locations
• excessive messaging activity

Selecting a service that logs security events enables authorized administrators to identify potential issues early and mitigate damage.

Is access to content necessary for auditing purposes?

Communication services may be misused for activities such as disseminating malware or phishing. Furthermore, insiders might leak sensitive information or commit fraud.

Organizations must determine if auditing their communications is necessary for effective defensive monitoring or legal compliance (for instance, investigating fraud). Audit capabilities may influence the choice of solutions to align with principle 1 regarding data protection in transit.

The communication service must provide essential audit functionalities where required.

Is access to audit features and content limited?

Improper use of auditing capabilities could lead to unauthorized access to communications content. Only authorized administrators—those with the proper permissions and oversight—should access sensitive information, with all activity logged and justified. The audit functionality should comply with principle 2 to ensure security of sensitive data.

How can administrators effectively manage user accounts?

If users are permitted to manage their own accounts, overall organizational control may be weakened. Organizations must typically oversee account management processes, which can include policies for onboarding, personnel changes, and exit strategies to revoke access when individuals leave the organization. Furthermore, managing access to distinct groups within the service is crucial.

The communication service must facilitate secure administration of user accounts, enabling administrators to control user access responsibly throughout their lifecycle, adhering to the principle of least privilege.

Are management and administrative functions securely restricted?

Access to the administrative features of a communication platform can allow unauthorized account creation and access alterations. If compromised, this access may lead to the creation of illegitimate accounts or the disabling of valid accounts.

Administrative access should be confined to designated individuals, requiring authentication for privileged actions—and ideally using two-factor authentication. Enrolling users onto the platform must involve verifying their identity before granting access credentials, ensuring that administrative actions are executed properly and consistently across the organization.

Is metadata usage clearly defined and minimal?

Communication services rely on certain metadata for operational purposes, including user identifiers and timestamps (essentially answering ‘who’, ‘where’, ‘when’, and ‘how’). If mishandled, metadata could expose user connections unduly.

Ensure that the communication service only collects essential metadata required for its functions, and that such data isn’t misused for other purposes. Services should transparently outline their terms and conditions regarding content and metadata collection and processing, with an assurance that they adhere to these stipulations accommodating your organization’s needs.

Do you have confidence in all service components?

If any component of a service lacks confidence in its security and functionality, the overall assessment could be jeopardized. It’s crucial to foster trust in the service provider and ensure their supply chain security, including any third-party services they employ.

Consider how much control you need over your data, particularly to comply with regulations like GDPR. Select services that allow you to maintain ownership of your data, including where and how it is stored. Using platforms with open APIs may facilitate better data access, or you might prefer solutions that can be operated on your infrastructure.

How resilient is the service?

Relying solely on one vendor for communication services introduces specific risks. A vendor outage, whether accidental or deliberate, can affect service availability. If services are unreliable, users may revert to less secure alternatives. Changes in service ownership may also result in failure to adhere to security principles.

Opt for standardized communications services that multiple vendors support interoperably, as alternatives reduce dependency on a single provider. Additionally, ensure measures exist to maintain service availability.

Can users easily connect with external contacts?

Organizations often need to securely communicate with external partners. If a service cannot accommodate this, it may prompt users to rely on less secure methods that do not align with established principles.

Organizations should select services that enable interoperability with secure platforms used by external collaborators to facilitate secure communication.