CyberNews Interview: Traditional collaboration & messaging systems present a large attack surface

Recently we had the opportunity to do an interview with about security threats associated with collaboration and messaging systems and MindLink's approach towards this.

You can see a transcript of the Q&A below. For the full, original interview, feel free to visit:

Q: How did the idea of MindLink come about? What was your journey like throughout the years?

A: As a company, we have a background in developing chat solutions for financial services and have built our expertise in delivering secure tools. Since then, we have innovated our chat system to meet security and usability requirements for intelligence and defense and are seeing the potential for added value in other sectors.


Q: Can you introduce us to your chat platform? What are its key features?

A: At its core, MindLink delivers secure persistent chat rooms, sometimes known as group chat. We have developed the platform to support mission use cases and innovated security to meet the strict requirements of our customers in defense and intelligence. Key security features include data classification, communities of interest, enterprise end-to-end encryption, and ethical walling.


Q: What are the main security risks of using traditional collaboration and messaging apps?

A: Traditional collaboration and messaging systems present a large attack surface, with insider threat being one of the main issues. For example, unencrypted messages can be viewed in the chat database by anyone with access. The idea of “secret” rooms offering additional security is misleading as an administrator can still view the entire database. Many traditional systems are not encrypted which leaves them vulnerable to such threats. 


On the other hand, where some modern chat applications are using end-to-end encryption, they are not suited for organizational use as they fundamentally compete with enterprise IT compliance policies. Although message content is encrypted, only participants will have the keys, and as an organization, you do not own the data and there is no organizational governance in key sharing. MindLink has developed an enterprise-ready, end-to-end encryption system designed to complement and enforce organizational governance.


Q: How did the pandemic affect your field of work? Were there any new features added to your services?

A: We see that people are using chat options more in general as a result of the pandemic, and the surge in working from home. Commonly, the roll-out of such tools has been done very quickly without extensive planning and gives rise to security vulnerabilities. As more conversations move from email to chat, securing the chat becomes increasingly important. The good news is that chat is inherently more securable if done correctly. Conversations taking place in chat rooms can be treated as containers, adding both structure and security, if managed with the appropriate tools.


Q: Since work from home became the new reality, what practices are crucial for teams to maintain secure collaboration?

A: Organizations need to provide and mandate the use of a chat system, otherwise, their users will lean towards consumer alternatives, and you end up with a fragmented, non-secure, and ungoverned chat estate. 


The organization should observe and take note of how people are collaborating and support this with chat rooms that are compliant and managed. The approach should allow formal as well as informal groups. For example, business chat rooms that are based on location and team or department, as well as more general chat rooms for networking and idea-sharing. Users should be empowered to create their own groups to collaborate autonomously whilst retaining structure and organization to avoid chaos and security risks. Our platform is designed as an overarching management framework, with each chatroom functioning as a secure collaboration space.


Q: What industry sectors in your opinion should put extra attention towards securing their collaboration channels?

A: There is an immense amount of data and knowledge built-up and stored in a collaboration system, and as such, all industries should view their chat system as a high-value asset. Naturally, industries dealing with highly sensitive information or those that drive core business operations using chat would place more importance on this than others. Ultimately, any data on the chat system is valuable and should be protected, more so than with current tools.


Whilst there has been an explosion of collaboration systems in the last 5 years the technology is not new. The way modern threats have evolved requires a new approach to security. Legacy chat platforms were not designed to mitigate the attack vectors we face today and should be replaced with ones that are up to date in security.


Our recent focus at MindLink has been to tackle the risks associated with insider threat by advancing our security capabilities in this area. Though many see a security threat as something external, the risks originating within the organization have grown considerably in recent years. Consequently, in MindLink we have diverged from the traditional chat system trust model towards the end-user whilst maintaining organizational governance, to deliver a compliant solution for regulated industries.


Q: Besides secure collaboration solutions, what other security measures do you think every modern company should implement?

A: In MindLink we have adopted the principles of attribute-based access control, a role-based security model, and organizing work around partitioned communities of interest. We have seen the impact of applying this approach to chat for a scalable, sustainable, and fail-safe way of securing a large, high-traffic IT system. We advocate extending this architecture across the further IT estate, providing that the tools and systems used natively support these mechanisms.


Q: As for individual users, what tools would you recommend to secure their activity online?

A: Users should take personal responsibility for their IT security and how they use the tools their organization provides. On the other side, organizations should provide and mandate the use of secure tooling for work-related matters. Where there isn’t a formal work system the users should advocate for it.


Can you give us a sneak peek into some of your future plans for MindLink?

We’re constantly pushing our roadmap. Currently, we are looking at how organizations and their partners can collaborate better and more securely. Subscribe to our blog or get in touch for more.