The need for data security is at an all-time high, and end-to-end encryption seems like it should be integrated everywhere without question. However, when it comes to ensuring secure team collaboration platforms, IT must consider significant tradeoffs. Let's examine how E2EE fits into a team collaboration security strategy and what drawbacks to expect.
Benefits of end-to-end encryption in team collaboration
For communications that require the utmost in confidentiality and security, E2EE certainly delivers. Voice or video packets sent between calling and called parties are encrypted at the source device before being transmitted across the network. The data is decrypted only when it reaches the destination device.
Additionally, the only parties that have the decryption keys for the communication data are the source and destination calling parties. Thus, while voice packets could potentially be intercepted during transmission, there is no way the communications data could be decrypted and accessed.
Many collaboration tools that offer E2EE also encrypt any screen sharing and text chat that occurs within the platform during a call. This provides an additional level of secure communication beyond the bare basics.
Drawbacks of end-to-end encryption in team collaboration
Many team collaboration apps offer capabilities that function by intercepting the data flowing between devices to deliver value-added services and features, such as voice or video recording and transcription. Because E2EE encrypts the data between the sending and receiving device, it cannot be decrypted once intercepted by anyone except for the participants in the call. Thus, those features no longer work.
This is because, when voice and video packets are intercepted and rerouted to their respective recording or transcription servers, they are unable to decrypt the packet payloads where the call content is contained. While there are methods to provide decryption keys to these types of tools, it defeats the true purpose and security guarantees E2EE is supposed to provide.
Also, note that E2EE calls may be strictly one-to-one in nature depending on the platform being used. E2EE three-way calling in Microsoft Teams, for example, is not possible. This can be seen as too restrictive for many end users that participate in voice or video calls with multiple parties. Additionally, features such as call parking, merging and transferring are not available in a E2EE call scenario, which further limits what can be done in E2EE calls.
Formulating and implementing an encryption strategy
Because E2EE does significantly restrict what users can do from a collaboration feature standpoint, it's important to first consider if E2EE is truly needed and which users require that it be enabled. In most cases, the tradeoffs are too much to justify enabling E2EE for all users. Thus, most enterprise IT decision-makers choose to enable this feature for only the most sensitive of conversations.
The number of users that truly need E2EE is likely to be few and in executive or financial roles. Enabling E2EE for only this small group of users is recommended. In most cases, these users can be identified and placed into specific roles or groups within the communication platform. From here, E2EE is often required to be turned on both the platform level and the user/device level for the encryption mechanism to be fully enabled.
Alternatives to end-to-end encryption
Organizations that want enhanced encryption but can't implement E2EE can explore other security options. VPNs and Secure Access Service Edge are essentially proxy-based encryption methods that provide an extra layer of protection while enabling full use of collaboration features. While these methods do not provide true end-to-end protection, they're certainly better than nothing.