In the latest release version of the MindLink product suite v19.8, we have introduced an exciting new security feature for MindLink Anywhere: Message Classification.
What are Classifications?
One of the most common references to classification is likely government security classifications, of which the most widely known specification is CAPCO. Whether you recognise this term or not, this is the specification that refers to ‘TOP SECRET’, ‘CONFIDENTIAL’ or ‘UNCLASSIFIED’ classification markings for information. Sometimes the classification marking may include additional elements e.g. ‘DISPLAY ONLY USA, GBR’ which determines who may see specific information.
The classifications attached to information help users to determine its risk-sensitivity and who it may or may not be shared with. Although classifications are typically applied to documents there are significant security benefits in applying classifications to chat messages too.
What is Message Classification?
Chat message classification is the process of attaching classification markings to messages that are sent within a chat system. Messages sent with an attached classification marking maintain the classification marking throughout the message lifecycle within the underlying messaging system. This allows integrated products such as compliance solutions to read the markings and assess compliance with data privacy standards.
Beyond CAPCO classifications, organisations can leverage custom classification schemas for novel use cases. Custom schemas may include markings that represent confidential HR conversations, conversations regarding medical records, broker-trader or financial conversations, legal conversations or more simply, conversations with external users.
How does Message Classification work?
Message classification works using MindLink’s Classification Engine, the engine ingests user attributes, classification schemas and attribute-to-classification conversion configurations to provide users with a range of available classification markings to attach to messages.
Message classification leverages a generic set of configuration entities defined in XML to build up fully customisable classification schemas. Currently the CAPCO classifications have already been transcribed in this way, but the classification engine is equally capable in handling other, custom classifications as well.
The classification schema can also specify and describe complex classification marking relationships as well. Beyond listing the markings available to a user, the classification engine is capable of defining relational behaviour like:
- “If you’ve selected Marking A, you can’t select Marking C”
- “if you select Marking C, you’re required to select Marking B”
- “you can only choose one of A, B or C”
This guides the user along the way when building classifications to ensure they are valid and keeps the user informed about the risk-sensitivity at all times.
Typically users will have different levels of classification available to them. Which classification levels are available to individual users is managed by an external service that manages identity for users on the chat system (this could be an in-house service or third party provider). The service returns attributes which are used to determine their classification markings following the applied classification schema and a configuration file that bridges identity and classification.
Under the hood, the Classification Engine cross-references the attributes of different users to find a common set of classification markings. The common set of markings between users in the conversation determines the active set of markings a user is able choose from, also, the engine goes on to drive all the functionality visible to the end user.
Message Classification Features
Application Classification Banner
This will inform the user of their maximum possible classification and is shown above and below the main application after logon. In the image below the banner shows ‘TOP SECRET//ENGINEERING//HR//INTERNAL USE ONLY//ACTS TEST’ as the maximum possible classification, colour-coded in yellow. The purpose of the banner is to inform users about the risk-sensitivity their chat session poses.
Using the classification builder users in a conversation can select from a variety of classification markings available to them dependent on their user attributes such as security clearance level. When sending messages the selected classification marking is appended to their messages and these classifications will appear in the conversation history. In a one-to-one conversation the total available classification markings available to either user is based on the common set they both share.
It guides users through the process of creating classifications, and prompts users with actions they need to take by highlighting markings and displaying messages with additional context. The classification markings shown in the classification builder update dynamically based on the current selection and only displays applicable markings to add to the current selection.
Users can build on their selected message classification by adding new markings from the classification builder to build a valid, appropriate classification to attach to a chat message. When messages are sent using a higher classification, up to the maximum, the conversation classification banner will reflect this.
Conversation Classification Banner
The Conversation Banner shows you the roll-up of all the message classifications. It determines what the highest representative classification is. The banner is colour coded to help distinguish between varying classification levels across multiple conversations.
In the image above a message has been sent with the ‘CONFIDENTIAL//INTERNAL USE ONLY’ classification marking and this is reflected in the conversation classification banner.
In this image the user has received a message with ‘SECRET//INTERNAL USE ONLY’ marking, this supersedes the ‘CONFIDENTIAL//INTERNAL USE ONLY’ marking according to the schema. It is the highest classification marking used in this conversation and is reflected in the Conversation Banner. The banner quickly informs users of the risk-sensitivity of their conversation and who they are or aren’t allowed to share the on-screen information with. In this case, only people with clearance for ‘Secret’ or above.
When is Chat Message Classification available?
With the release of MindLink Anywhere v19.8 this feature comes built in. It allows users to attach a classification to Skype for Business Instant Messages when using the MindLink Anywhere web client to access Skype for Business.
Using the Skype for Business desktop client, users can see classifications sent by MindLink Anywhere users but cannot attach message classifications.
What’s next for Chat Message Classification?
The chat message classification feature will be extended to restrict access to Multi-Party conversations and Persistent Chat or chat rooms, when completed, only users with a sufficient classification level will be allowed to join conversations and chat rooms depending on the pre-configured classification you specify when creating the chat. Please make sure to subscribe below for updates.
Where can I get Chat Message Classification?
To help maintain data privacy in messaging today, or if you would like to know more, you can get in touch with us here.