CISOs know that even the best cybersecurity technology won’t work if it feels counterintuitive to the people it must protect. When I meet with our product designers and software engineers, I share my belief that the best type of security in communications is a cloak of invisibility.
Fortunately, design-driven thinking is baked into our company culture. Yet, it wasn’t that long ago that this form of user-centric thinking wasn’t something you could take for granted. I’ve known many tech leaders who fell in love with technology solutions and then failed to understand how people interacted with them.
Consider the requirements of a person making a video call from their hotel room, office, or anywhere in-between. They have to trust the solution because there’s very little they can do on their own to authenticate or secure data. We must enable ironclad protection, and it must be human-proof because everyone is prone to make mistakes.
We can’t always see how people use our technology in the work-from-anywhere era, yet we know security must keep up with the simplicity demanded by (remote) workers. Let’s look at how RingCentral balances trust, security, and simplicity and why we believe trust requires perpetual innovation.
Zeroing in on trust
Pre-pandemic security might have been good enough for everyone in an office environment, but this doesn’t match our post-pandemic way of working. The new way of working has accelerated the adoption of strategies such as Zero Trust. Companies adopting a Zero Trust philosophy require that all devices accessing the company’s network be part of the company’s trust ecosystem, which includes possessing a known MAC access, valid certificates, up-to-date and patched, having anti-virus installed, and so on. It also allows the flexibility of company-provided and bring-your-own-device strategies for the work-from-anywhere workforce.
Within this Zero Trust ecosystem, many companies further limit access to applications on the Corporate network — rendering it insufficient for accessing all applications. Users obtain access to applications based on their roles. An internal portal provides single-sign access to all authorized applications, securely channeling communications as required. This process allows all users to access their trusted applications through a single click, with back-end single-sign-on.
That’s an example of how we have human-proofed access to our networks and applications for our users in the post-pandemic environment. How do we provide the same or analogous protection and human-proofing for collaborative communications?
We believe that collaborative tools also need to fit into this Zero Trust mentality and strategy. We want our customers to trust that we have the right security features in place to secure their communications. The key for users is to make their access to collaborative communications seamless. Administrators ensure that the communications path and the systems along that path are configured and managed to standards that meet or exceed the administrator’s in-house standards.
Valuing E2EE
How do we get there? We are starting to roll out new solutions for end-to-end encryption based on new technologies and protocols such as end-to-end encryption using the Message Layer Security (MLS) protocol. With MLS-enabled E2EE, both users and administrators get peace of mind. Users know that the only parties that may participate in their communications are those explicitly invited. Administrators understand that these communications are performance and scalable (so users won’t circumvent them). The content itself is subject to robust protection that does not allow it to be eavesdropped on at any point (by any systems) in the communication path.
True end-to-end encryption is potent and will be transformative in terms of securing private conversations and business communications. Implementing E2EE, including robust key management and identity verification, is not easy, but it’s where we need to go to truly embrace security in a work-from-anywhere world.
End-to-end encryption (E2EE) will quickly become the standard for large organizations to protect their ideas, intellectual property, customer data, and personal privacy. And if it is truly easy to use from any platform, there is no reason why it can’t become a default for small-to-midsize business users as well. You never know when your employees will start talking about futures or strategy, or when your patients or clients will discuss sensitive issues. Our collective peace of mind demands that nobody can intercept this information other than the actual participants.
With E2EE for Video, we enable our customers to engage in a zero-trust relationship with any infrastructure, from any endpoint, for any user, while maintaining complete business continuity. That’s how we’re going to use encryption technology to change the world.
Without trust, hybrid work will lose its pandemic-induced momentum, which will disappoint many workers. At this point, losing work-from-anywhere would serve as a business disruption because it has become the new — and often much-liked — normal. We understand the importance of getting this right. If security is not so simple, so elegant, and so usable that it’s invisible to users, then we’ve done it wrong.
You can hear more on this topic in my discussion with Ray Wang below.
