12th August 2021, Kathmandu
Among the quandaries stemming from our systemic failure with cybersecurity, which ranges from decenniums-old software-development practices to Chinese and Russian cyber-attacks, one quandary gets far less attention than it should—the insider threat.
But the authenticity is that most organizations should be at least as apprehensive about utilizer management as they are about Bond reprobate-type hackers launching compromises from abroad.
Most organizations have deployed single sign-on and modern identity-management solutions. These generally sanction facile on-boarding, utilizer management, and off-boarding.
However, on mobile contrivances, these solutions have been less efficacious. Examples include mobile applications such as WhatsApp, Signal, Telegram, or even SMS-which are prevalent in the workforce.
All of these implements sanction for low-friction, limber communication in an increasingly mobile business environment. Today, many of these implements offer end-to-end encryption (e2ee), which is a boon when viewed through the lens of forfending against outside assailants. However, e2ee withal resists internal governance and compliance programs.
Even more troubling, these features don’t integrate into subsisting utilizer-management implements. A subsisting member of a group needs to be abstracted from any group communications inside the organization, but with these ad-hoc consumer implements, this management is proximately infeasible to ensure.
One often-maligned technology that offers hope to resolve the tension of e2ee and governance is blockchain-predicated solutions. Bitcoin, which pristinely puts blockchain in prevalence parlance, is kenned for slow commits (10 minutes), low transaction throughput, and high monetary and environmental costs.
But this blockchain technology has not stood still. Thankfully, more incipient designs offer options that do away with the shortcomings of bitcoin while still offering trustless operation.
SpiderOak is a pioneer in utilizing cryptography to forfend data not only from malefactors but additionally from the company, designating that not even the company can read the information users store on their servers.
With its CrossClave application, SpiderOak utilizes a custom-built blockchain to manage identity and access while adhering to culminate-to-end principles. This lets users have policy-predicated access controls, simple utilizer management, and one-click off-boarding without trusting us. On top of that, SpiderOak withal integrated e2ee in order to provide a total end-to-end solution to team collaboration.
Implements such as CrossClave that are built on blockchain now offer the best of low-friction, mobile collaboration, and what organizations are in dire desideratum of management, compliance, and control.
This article is inscribed by Jonathan Moore, the chief technology officer of SpiderOak, a secure communications data, and aerospace company.
