Following our announcement of the MindLink Chat Engine we would like to dive a little deeper and showcase our approach to addressing major data security vulnerabilities faced by some of the most heavily regulated industries. One major vulnerability currently on the rise, and all too often overlooked, is the insider threat, which serves as the focus of this blog post.
Security Vulnerabilities in Chat
Many organisations and their IT departments are well prepared to mitigate security vulnerabilities that originate from outside the organisation. The concept of such "external threats" is well documented, with data breaches regularly featured in the media over the past few years. As a result, there has been a substantial focus on addressing such threats. However, there are considerable security risks that originate internally, from within an organisation itself.
With many looking from the inside-out to detect, mitigate, and respond to security vulnerabilities, what goes on internally is equally - if not more - frightening and almost certainly more prevalent. To put it simply, you may think the biggest threat is external but more often than not the threat comes from internal users and, worse still, sometimes this isn't a user but an individual with administrator privileges the organisation's IT systems.
Typically, the threat from within ranges from rogue users and administrators, the "accidental user", information spillage, and others. Below I will briefly cover the most common internal risks and how the MindLink Chat Engine’s security features help to mitigate such "insider threats".
Rogue Users & Administrators
Enterprise IT systems are (almost) always protected against malicious intent from an external party, but what happens when the threat comes from within? A disgruntled employee with access to all sorts of sensitive information could be highly damaging to the business if shared with competing organisations.
A less sinister version of this is known as the accidental threat, which refers to the loss of data through an internal member of the organisation, often unknowingly, and without any malicious intent. The main point being, whether the data loss is intentional or not, there are ways to safeguard against this type of security threat.
The largest threat however is the rogue administrator. An administrator can possess near unrestricted access to enterprise IT systems and, assuming the worst, has the ability to tamper with or cripple these systems from the inside. Such an event can potentially cost organisations millions in revenue or simply grind business to a halt.
Whereas the example of rogue users and administrator threat above describes malpractice such as leaking of sensitive information, they may also have the potential to modify or delete data. In the case of chat, this could be an administrator who may delete messages from a conversation in order to alter a narrative in a chat room or discussion. At first glance this may not seem as disastrous as a data leak however, this can have a significant impact for an organisation. For example, removing or modifying a critical piece of information from a chat room may alter the entire context of a discussion and sway the decision-making process in critical situations like executing a large financial trade, routing a supertanker, planning a military operation, or determining price agreements with suppliers.
Protecting Against Spillage
Particularly in the case of interorganisational collaboration there is a fine line between protecting the privacy of each organisation and the ability to collaborate freely. In the case of a chat system, users often know little more than the display name of their contacts (outside their own organisation) and this doesn’t speak to their professional credentials e.g. seniority, authority and/or security clearances. The risk here is that collaborating with colleagues from other organisations without transparency regarding the identity of their contacts can lead to spillage. On the other hand, choosing to avoid the risk of spillage may hinder interorganisational collaboration altogether.
Mitigating the Insider Threat
The MindLink Chat Engine comes with enhanced, built-in security features which are designed to mitigate the insider threat at the application layer. Why is this important? By reducing the 'layers' involved, you're reducing the number of people and technology involved, which ultimately reduces the attack surface.
Attribute Based Access Control (ABAC)
Attribute Based Access Control - or ABAC for short - determines which users have access to the platform, which chat rooms they can be a member of, and which other users they are permitted or denied from chatting with. These decisions are made based on user attributes which are stored externally to the chat platform.
Using an externalised identity and authentication mechanism, which typically chatroom administrators do not have access to, the chat platform affords additional protection against unauthorised access by users, and more importantly, administrators.
This means that users - and especially the chat platform's administrators and managers - cannot add themselves to a chatroom's members’ list without meeting the access criteria (possessing user attributes that match pre-defined rulesets). As a result, rogue users or administrators cannot access sensitive chat data without authorisation from the third-party identity provider (for example Active Directory), and minimises the risk of a data leak, tampering, or other forms of malpractice.
Building on top of the above, we also support systems that have 'protected' attributes, meaning the identities of users that possess 'protected' attributes remain hidden from other users who do not share attributes. For example; if a user has a protected attribute like "clearance=nuclearweapons", then only the users possessing this attribute will know about each other.
Message and Data Classification
The MindLink Chat Engine embeds the MindLink Classification Platform, which allows message and chat room data to be labelled with human and machine-readable classifications. The classifications, displayed as distinct labels for each message, tell members of a chat room or private conversation about the risk sensitivity of the information being shared. The system calculates the maximum classification of information that may be disseminated using the chat system and displays this as a banner. The classification markings available to a group of users is determined from their attributes and is evaluated in real-time to help prevent the spillage of classified information, should a user's security clearance change.
Our classification engine supports well-known data classification schemas such as the U.S. CAPCO marking system (as specified by ICD 710 from the DNI) or any other custom schema tailored to industry, governmental, or organisational requirements.
You can read more about Message and Data Classification in our previous blog post.
Using attribute-based access rules, MindLink Chat Engine can be partitioned so that users in different partitions cannot see each other on the platform or send messages to each other. This is critical to prevent spillage of classified information as it prevents users with different security clearance levels from communicating or being visible to other users on the chat system. Similarly, the ethical wall feature also ensures that users without the appropriate clearance level are not able to participate in specific chatroom conversations. By partitioning the chat system into distinct sets of chat rooms, the MindLink Chat Engine cascades fine-grained permissions down to the role-based user estate, consisting of "managers", "members", "file uploaders", "presenters", and administrators. The ethical wall controls are defined in terms of both ABAC, Classification and traditional Active Directory controls, allowing for granular and overarching control over the chatroom and user estate.
To read about the MindLink Ethical Wall feature in more detail, please see our earlier blog post.
Communities of Interest (COI)
MindLink Chat Engine includes a unique security concept: Communities of Interest ("COI"s). This is an extension of the MindLink Chat Engine’s data classification and ethical walling capabilities to support the security and privacy requirements of specialist user enclaves within organisations. As a member of specific COI, new sets of classifications pertaining to that community are made available to the user. Effectively, this adds another layer of security on top of the MCE Ethical Wall to further contain sensitive information. As with data classification, the COI feature facilitates clear labeling of data to prevent spillage and helps auditing and tracing of data throughout the system.
All messages in the MindLink Chat Engine are encrypted at rest. This means that messages cannot be read in plain text from the database.
With encryption at the database level, the threat surface of the backend storage is mitigated. Database administrators cannot inspect or scrape conversations or message data from the database.
Immutable Event Streams
While encryption offers privacy and mitigates the insider threat where a bad actor has access to the message database, in terms of true security this eludes to the storage and sharing of data. Although messages are encrypted, a rogue administrator would have the capability to delete and or move messages to different rooms. To address this concern the MindLink Chat Engine stores its system state as an immutable sequence of events. This immutable event stream acts as a ledger of all interactions that happened on the chat system in real-time and can be used to verify the integrity of the system for both analytics and compliance.
MindLink Chat Engine
The security features of MCE create a secure, compliant and partitioned chat system that is highly suitable for interorganisational collaboration. Unlike other enterprise chat systems, MCE is designed and built following strict security principles gathered from the most regulated industries across the globe and leads the way in data privacy for chat.
To find out how the MindLink Chat Engine can benefit your secure chat and collaboration needs, get in touch with us on the contact us page.