End-to-end encryption is taking over the world
It is encouraging to see end-to-end encryption technology becoming increasingly prevalent, first in chat, then in online conference services, and now in online storage. We at Tresorit believe that security should be an integral part of the product and not an add-on. This allows us to guarantee our products are easy to use and secure by default.
The news that Dropbox has acquired Boxcryptor is proof that the Tresorit mission and vision is more relevant than ever before. Tresorit has predicted that end-to-end encryption is the security architecture of the future back in 2011. Our mission is to empower all in getting back control over digital valuables – Tresorit achieves this mission by protecting privacy and confidential information with encrypted collaboration, productivity, and communication solutions. Tresorit enables organizations to collaborate in the cloud in such a way that not even the cloud provider has access to the data, this has even been implemented on high value add workflows such as electronic signatures. Security is very different on other mainstream platforms such as Dropbox, where the provider (in this case, Dropbox) sees every file uploaded by its users.
End-to-end encryption (E2EE) is slowly but surely proliferating in the tech space. In the chat space, there were niche players like Telegram and Signal that provided E2EE chat applications. WhatsApp, a popular chat application, implemented E2EE in 2016, pushing it into the mainstream. In 2022, almost every mainstream provider – even Facebook Messenger – supports E2EE and is planning to enable it by default. In the chat space, end-to-end encryption is a must-have; while in the past only techies demanded eE2EE, today everyone expects it.
The next sector on the block was the video conference sector. At the dawn of the pandemic, Zoom was criticized for multiple security vulnerabilities. Zoom soon realized that the implementation of end-to-end encryption would make a lot of vulnerabilities redundant. Of course, even if E2EE is there to protect against unauthorized access, we at Tresorit take traditional IT security very seriously and we are sure that Zoom does too. Microsoft soon introduced the feature on Teams, albeit only for one-on-one calls.
The file storage space is a bit trickier when it comes to end-to-end encryption because there is no such thing as a session. Chats and videos only need to be transmitted once, therefore decrypting them as well as solving the revocation of access is not a requirement. In the storage pace, managing revocation is tricky: if you have a container of files and a user is removed from the container, all new files need to be encrypted with keys that the removed user does not have access to.
Another question that is important when it comes to security is usability. If a solution is not easy to use, then users will find work arounds that leads to shadow IT. It is very common that an application becomes unusable because of security add-ons or settings set by IT that are not well thought through. At Tresorit, security was part of the design from day 1 – keeping usability in mind at every step of the way. The result is an easy-to-use product that’s secure by default. It will not be easy for Dropbox to transform their product, however we wish them all the best, because we believe that end-to-end encryption should be in every cloud product.