22 Oct A new hot topic for Cybersecurity: how to build secure digital workplaces?
As COVID crisis has boosted homeworking, many executives are now relying on remote work tools. Conferencing is one; it goes with chat and file-sharing functionalities. On the other end of the chain, thousands of files and messages are exchanged every day.
All this is extremely helpful, but hackers are on the warpath! Videoconferences are known to have been spied on. The transfer of files can be a weak point. Adding security to a non-secure tool can be deceptive. It is much preferable to use a digital workplace system which has been designed to be secure from day one.
Happily enough, some European companies are providing such tools. The European Champions Alliance is proud to present WATCHA and CRYPTSHARE. WATCHA is a French company providing a secure conferencing tool. CRYPTSHARE is a German company that has developed a system to easily send files and messages without exposing them.
We have reached out to Xavier Lecomte, CEO and founder of WATCHA, and Dominik Lehr, CEO of CRYPTSHARE. The exchanges can be read below.
By Dominique Tessier, Host of ECA Cybersecurity Focus group
Interview with Xavier Lecomte, CEO & Founder of WATCHA
“Secure Digital workplace” or “Collaborative trustable space” is in the mood as so many persons now work in remote positions. It generally means a combination of all or some of the tools: Chat – audio/videoconference – a secure shared space to store, access and modify documents in a collaborative way. Do you agree with this definition? Would you consider this is the trade of your company? If your company provides a set of these tools but not all of them, could elaborate on the reasons for your positioning?
With the WATCHA app, we aim at providing the complete set of features for team collaboration whether at home, on a journey, or at your desk. We consider this as a major advantage for our customers: you do not have to switch between several applications, manage different access rights or invitations for your chat, documents, and conferencing. You set up a room once with your colleagues and then you have access to the whole set of features. Just like you will do in an open space where you can speak, show documents and collaborate.
The necessity of such a set of tools has been epitomized during Covid crisis. As homeworking and remote working, in general, are slated to persist, how do you see this market?
Obviously, we expect that the Covid crisis will have long term consequences and speed up homeworking. The major drawback is that you will have fewer opportunities to meet your colleagues at the coffee machine. These informal conversations are mandatory to foster team cohesion and information spread. Non secured workplace cannot replace that, since you can legitimately fear that your conversation may be spied on by your managers or IT teams. With a secured digital workplace like Watcha, you can set up a “coffee room” and fearlessly speak. We act as a trusted third party for the benefit of team cohesion, on top of providing the highest standard to protect your company’s data.
Some of you insist on the necessity of seamless integration of the different components of the service, and on the interest of having a unique Man-Machine Interface. What is your feeling?
About half of remote workers find it difficult to use professional applications to collaborate. The only right answer to this is to provide the simplest user interface and the right amounts of features. Propelled by competitors, app-editors tend to add more and more features, this result in messy interfaces and people disinvolvement.
Are there key technologies which you deem necessary to master, to differentiate from competition on this market?
In our opinion, editors must focus on security by design and implement end-to-end encryption whenever possible. Editors shall also rely on open source standards: code is supported by large communities and can be easily audited to identify weaknesses or backdoors.
US actors, such as Zoom or Microsoft with Teams, say they cover all those functions. What would you say differentiate your product from theirs? What would you say to a European company to drive it to buy from you?
Do not be naïve, intelligence agencies spend most of their budget on economic espionage, before terrorism. Cloud act clearly enforces US editors to collaborate.
Your company is still young, with a track record focused on its national landscape. How do you envision your extension abroad?
We face up the same problems within all European countries. Thus, our solutions must be global, and sovereignty must be considered at the European scale. Technology helps us to easily translate our application for the whole economic zone.
More generally, which are the roadblocks for a company like yours to challenge the US suppliers? How could Europe help your company grow and become a champion, in the context of our rules of open competition?
The equivalent of a Small buy Act may be a solution. Additionally, many actors urge companies to privilege EU editors for sovereignty, this must be transposed into law.”
After having discussed with Xavier Lecomte, we have interviewed the German company CRYPTSHARE. Its positioning is different from WATCHA in France. Still, it is closer to that of another French company; SHADLINE. Whereas WATCHA especially addresses the issue of securing videoconferences, which includes securing the exchange of files between participants, CRYPTSHARE is a secure digital transfer service for messages and files of all types and sizes.
In the following interview, Dominik Lehr shared his insights and his perspective on the value of data, what enterprises can do to protect their most important assets from hackers, and what advantages a European alternative to „take-my-data“ business models may offer.
Interview with Dominik Lehr, CEO CRYPTSHARE
“Cryptshare as a company has been in the business for twenty years – what is at the center of what you do?
At Cryptshare, we firmly believe that digital communication is immensely valuable for enterprises, particularly when it is available to anyone at any time, in a simple and secure tool. To make this a reality, we developed our communication solution, Cryptshare. It ensures data is protected at all points of risk on its journey from sender to recipient, meaning from the time it leaves the relative safety of the firewall until it reaches its intended destination. In transit, data is most at risk because this is precisely when it is most vulnerable to third-party attacks.
The volume of digital communication has increased significantly over the years, as have hacking attacks. 2020 has been a unique year for the business world – what stands out the most for you, how have companies been impacted?
In my opinion, it is the fact that the ability of enterprises to exchange digital information, in a simple and secure way, really is more important now than it has ever been before. For business, the ongoing pandemic has accelerated existing developments: Up until early 2020, working digitally and using home office options had already proven to be very successful for companies as they increased efficiency in work processes and helped to cut costs. With lockdown restrictions, they have played a key role in keeping companies operational and helping them survive. At this point, it has become clear that working digitally and working remotely are here to stay. Enterprises must therefore enable all their employees to exchange data securely not only with each other but also externally. Cryptshare takes care of this need and solves problems that IT managers and employees regularly face: How can messages and files be transferred to – and retrieved from – company servers without running the risk of compromising the corporate IT system and without exposing them to a middleman?
As a software manufacturer, how do you ensure that enterprises, and more precisely their employees, can successfully apply your communication solution in their daily work?
This is a key challenge! Most communication solutions do not stand the test of users because they are too cumbersome and complicated. This point cannot be stressed enough: Even the best technical solutions are doomed to fail if users don’t accept and apply them in their daily work. Experience shows that even the smallest hurdles can be too high, and users will find a way to circumvent solutions they are unwilling to work with. Such workarounds create shadow IT and expose enterprises to IT threats that can have costly consequences.
This is precisely why usability has always been one of our main focuses. Cryptshare does not require any technical preconditions on the recipients’ side. It is bidirectional, meaning our customers can exchange messages and files with anyone; all their communication partners need is internet access and a web browser. Of course, we know that employees prefer to stay within their familiar work environment, so we created integrations for Outlook and Notes.
What about automation when it comes to exchanging data? Going forward, this is certainly an area with many use cases. Does Cryptshare offer enterprises ways to secure automated processes as well?
Yes, it does. With our Cryptshare API, customers can integrate secure digital communication even deeper into their systems. It not only enables exchanges between individuals using regular email but also facilitates communication for machine-to-machine and application-to-application use cases – challenges that every enterprise is facing or will face in the future.
For enterprises, moving towards digital work and being able to securely share data with others is crucial. The biggest players regarding collaboration platforms, cloud service providers, etc. are in the United States. How can European vendors successfully compete?
Over the past years, we have seen a global trend to move everything into the cloud, a business that still is very much dominated by the big US players. As the avant-garde in this domain, they were able to shape the entire business model as they saw fit. The resulting dominance in the market has created a dependency for European enterprises which has come more and more to the surface. This has made it very hard for European vendors to establish themselves in the market and gain traction. On top of that, institutions such as the Advocacy Centre support American business interests with the backing of the US government. This obviously constitutes an enormous advantage for US competitors. However, I believe things are going to change in a big way. The recent ruling of the ECJ (European Court of Justice), striking down the EU-US Privacy Shield, has shown once again how problematic data transfers to third parties and cloud service providers really are and that they may result in substantial penalty fees for European enterprises. US legislation such as the Cloud Act has made it clear that European standards for data protection and privacy will not be applied to any data that is in the hands of US enterprises. This has been a wake-up call, and European companies must act now! In my opinion, they need to pursue European alternatives in data-driven business. If they do, I see real potential.
What benefits do you see in pursuing and promoting European alternatives?
I think there is a growing awareness among management and boardrooms for how valuable their business data really is. Also, I get the sense that recently the blind trust they used to have in third-party providers ‘doing the right thing’ has significantly eroded. For enterprises, all this is not only about legal compliance to avoid penalty fees for data protection violations, it is about being in charge of their data. By compliance with GDPR, European counterparts to the dominant US service providers would go a long way towards that goal. Giving enterprises back control of their data is a concept we strongly believe in and we have pursued this from the very start. Enterprises are in the process of creating secure digital workspaces, and we are happy to help them in their journey by enabling secure digital exchanges.”
In the German market, Cryptshare has been very successful with an average growth rate of 40% per year and a team of about 80 employees. However, the ability to compete on a fair basis with non-European suppliers is partly hindered by the scale of this market. Therefore, Cryptshare stresses the need for a better unified European cybersecurity market, including for instance some common recognition of national certifications attributed to a product.