Forrester's 2022 Now Tech report on secure communications platforms includes Element
Forrester, the research and advisory firm, recently published its Now Tech: Secure Communications, Q2 2022 report which provides an overview of 25 providers and helps enterprises understand the value of a secure communications platform. And (we’re all flushed in the face), Element is listed as one of the secure communication providers (available to view here).
“Secure communications tools support use cases where existing applications don’t provide the enterprise with sufficient data protection controls for business communications,” explains Forrester.
“[These tools] are enterprise alternatives to popular consumer apps that are not suitable for business use. They can also be used alongside enterprise applications like Microsoft Teams and Slack in scenarios that require additional controls or in place of them entirely.”
The need for secure communications
It’s a powerful warning to security and risk professionals: consumer messaging apps are simply not suitable for business use. Indeed those apps do not provide the functionality an enterprise needs, and in fact, the use of consumer messaging within the workplace causes serious data management and security issues, even if they are end-to-end encrypted. The report cites two recent examples where this has seriously impacted enterprises.
It’s a similar, albeit different, situation with traditional collaboration tools. Some are enterprise-grade collaboration tools, but they are not end-to-end encrypted. They also don’t deliver data sovereignty. They might be part of everyday office life but they aren’t suitable for secure communications; much like email should also not be considered secure.
Forrester defines secure communications as:
“Platforms for messaging/chat, and other capabilities like voice calling, video conferencing, and more, for communicating and collaborating on sensitive content requiring strong data controls.”
Element’s experience of the secure communication trend
In our view the secure communication trend began in earnest a few years ago, led by governments who are driven by the need for digital sovereignty and welcome the protection of end-to-end encrypted collaboration.
More recently we’ve seen security-conscious enterprises adopting secure collaboration, usually starting with relatively contained initiatives around sensitive areas of the business such as senior executives, cybersecurity, DevOps and air-gapped environments.
Generally our customers have been looking for a secure alternative to traditional collaboration tools. However, as the Forrester report shows, enterprises are now taking a far more serious approach to addressing the use of consumer-grade messengers in the workplace too.
Forrester’s Secure Communications guidance
The Forrester report includes a useful five-step overview to help enterprises understand the value of Secure Communications, select the provider most suited to their business requirements and ensure smooth implementation and adoption:
Inventory your business use of existing communications app use.
Research who uses what, why, and the type of information they share through each tool; remembering to include unapproved Shadow IT such as consumer messaging apps.
Identify relevant risks of current communications apps use.
Use the risk analysis to address priority issues.
Determine relevant compliance, contractual, and integration requirements.
Beyond the use case(s), practical requirements will drive the selection of a secure communication platform.
Develop policies for acceptable use.
Ensure employees understand their responsibilities, and potential consequences, when using a secure communication platform.
Create a plan to drive adoption and use.
Employees should be able to use the tool confidently and consistently.
Secure communication platforms need to be flexible
Forrester’s guidance is a useful set of exercises to help scope out the requirement and assess potential solution providers, but we would add a further four aspects to consider:
Table stakes secure data management
Whether deployed on-premise or as a hosted service, a secure communication platform for enterprises must deliver data sovereignty and complete control of its data. Default end-to-end encryption is an absolute must (for messaging, voice and video), along with device verification to ensure the identity of conversation participants. Large scale deployments are likely to want border gateways and cross domain solutions as additional layers of security and control when connecting to external networks, or liaising between networks with different levels of security.
Most security-centric products are quite rigid, enforcing security through a lack of options. Enterprises, in particular, need a flexible architecture with options to customise a deployment to suit its risk profile and meet differing practical requirements across the company. That runs from basics such as delegated authentication and group sync to support access permissions, through to enabling antivirus (AV) or data loss prevention (DLP) within an E2EE environment, and the ability to meet compliance requirements.
Enterprises should insist on a secure communications platform that’s based on an open standard to enable easy, secure connectivity with external parties. It also protects against vendor lock-in, giving enterprises the freedom to switch where their data is hosted or even the app itself. Choosing an open source solution is just as important, so that enterprises can be crystal clear on the technological detail behind their secure communication platform. It is also the catalyst to ensure there’s a vibrant ecosystem developing alternatives, add-ons and extensions. Element is built on the Matrix open standard. Both Element and Matrix are open source.
A good user experience is secure communications’ secret sauce. An enterprise-grade messenger has to be as easy to use as the best consumer messaging apps, otherwise people simply won’t switch.
So selecting a new secure communications platform has to take user experience into consideration; for both the employee (an easy to use app) and the network administrator (in terms of managing the app’s functionality).
It’s why we focus on making the Element app ‘spark joy’ while simultaneously ensuring the enterprise can choose whether or not to deploy in-app features and options such as secure login, location sharing, jailbreak detection, mandatory server-side key backup, content sharing controls, screenshots, camera access and MDM capabilities like remote wipe.
It’s also why we ensure both enterprises and end users benefit from the wizardry of bridges (for interoperability with other communication apps), integrations (for GitHub, GitLab, Jira etc) and chat room widgets to embed web-based apps (such as calendars and calculators), and live data (for example Grafana).
The bottom line
The Forrester report summarises: “You can use secure communications platforms to control sensitive information within business communications, protect employees and their privacy, and meet compliance requirements for data protection and retention.”
Absolutely. The enterprise also needs to be able tailor the solution to suit its requirements and it must be easy enough for everyone in the organisation to use.
The business case for secure communications.
Forrester’s report helps organisations understand the value of secure communications. It also gives guidance on how to assess, select and implement a secure communications platform.