To the average consumer, one of the scariest things a third-party software vendor can say is, "Trust us, it's secure." The argument could be made that, throughout 2020, third-party vendors lost some of that trust. That's probably putting it mildly. Companies like Marriot, General Electric, and SpaceX all learned the hard way that allowing too much access to third-party software companies can expose even the most secure networks to breaches. That's not even mentioning the Solarwinds hack, where vast swathes of U.S. government agencies saw their data compromised because of the software.
Enterprises can't blindly trust that third parties are secure. However, these third parties are necessary to business, as most companies depend on services from various vendors to conduct their operations. The question becomes, then, what steps can a company take to provide some redundant security so a breach at a vendor doesn't result in millions of dollars of damages?
While this is a complex question, it's worth noting that using end-to-end encryption (E2EE) is still one of the best ways to secure data. With vast amounts of data traversing unsecured networks every second — especially with the advent of remote work and decentralized connectivity — companies can't depend on their in-house firewalls and network security plans to keep their data safe. End-to-end encryption provides a company with a way to accomplish that task.
E2EE — It's Not Just VPNs
To many, VPNs are outdated. Encryption these days, though, is rapidly moving beyond the VPN; VPNs aren't necessarily even true end-to-end encryption. They encrypt traffic from a device to the VPN server, but once it leaves the VPN server you're using, that information might not be encrypted on its way to its destination.
True E2EE is really only possible in a self-contained app, like WhatsApp or Facebook Messages. It's popped up in recent years both because it's one of the best ways for people to make sure their communications are truly private, and it's the source of ongoing conflict between private companies and world governments.
While these battles are beyond the scope of this article, it speaks to the effectiveness of E2EE overall. If even the U.S. Government can't crack Facebook Messenger's encryption, customers can be reasonably sure it's safe from hackers as well. Instead of a VPN, which only creates a secure tunnel through which data flows to the VPN server, E2EE encrypts a message and only decrypts it when it reaches the intended recipient.
Effective, But Limited
As effective as it is for securing data in motion and ensuring integrity once it arrives, end-to-end encryption does have its limitations. Most importantly, it stops being effective once a message has been decrypted and is stored, either locally or in the cloud. It's ineffective at securing data at rest, in other words, because that's not what it's meant for.
It's also limited to individual apps or programs that actually use it. There isn't any way to send an encrypted message from Facebook to iMessage, for example, since each program has its own network infrastructure. In order to use it, both parties would need to be using the same messaging service. It's also only really applicable in messaging. Other protocols, like HTTPS, create secure connections between a person and their online bank, for instance.
While E2EE has its limitations, it's still the best option for creating a truly secure way to transmit data from one device to another, and ensuring that third-party software implements end-to-end encryption can help keep data secure even if there's a breach. Using this technology can provide the best level of privacy and integrity when using unsecured Internet connections.