Organizations twitchy about letting staff use social networks have a new cloud-based message and file encryption system to consider.
Wave Systems Corp.’s Scrambls service, released in May for consumers, now has an enterprise version which the company says allows employees to securely send files by email, post Tweets or blogs and use cloud services like Dropbox without endangering enterprise security.
“Here’s an opportunity to have private communications but have all the benefits of the broader social media environment,” said Wave CEO Steven Sprague.
Like the free consumer version, Scrambls is a browser plug-in for Firefox, Chrome and Safari that has to be on both the sender and receiver’s PC. Users open it through an email or Facebook identity. It then encrypts and scrambles text in Web applications. Users create lists of those allowed to read a Scrambls message. Anyone not on the list can’t read the message.
Messages and files go straight to the recipient. Wave Systems only controls the encryption keys.
There’s a Scrambls for Windows application for encrypting files and directories either sent through the cloud or on a USB flash drive. Like the cloud service, only those on the permission list can decrypt the data.
There’s also a software development kit allowing Scrambls technology to be embedded in applications by developers or systems integrators as a Web service.
Wave has created Scrambls iPhone and Android apps for Twitter.
To get the attention of enterprises, Wave is now offering a paid service giving IT administrators the ability to mange Scrambls users’ accounts through corporate email directory domains. Rules can be invoked such as an expiration date for a file or a password needed to view a message.
The enterprise service is priced at between US$10 and US$12 a person a year, with volume discounts available.
To ensure people don’t impersonate a corporate official online, Sprague said organizations have to sign up manually for the enterprise version.
One problem is that there is no plug-in for Internet Explorer. Sprague said that’s being worked on.
Another is that Scrambls makes no promise that its encryption is unbreakable. It also says that because the transformations are applied on the client, outside of any secure execution environment (like most commercial security solutions), the keys are vulnerable to a local attack. It adds that SSL is used to ensure client to server communications.
"I can see this as a tool enterprises may want to have in their toolkit because its easy for users," said Heidi Shey, a Forrester Research security analyst. However, she added, it's not a complete security messaging solution.
As a first step, she said, organizations should classify data on their servers so staff know what needs to be encrypted.
As for social media, she notes that most organizations who allow staff to use Twitter, Facebook and other services for work-related efforts are sending public information for marketing and are less likely to post private material.
Still, last month Forrester released a report urging companies need to ensure they identify, measure, track, and treat the risks in staff using social media. This means developing a formal risk management process to ensure the company does its best to avoid a social media catastrophe that could severely damage the company, the report said.
Companies it identified as selling systems with granular controls that, for example, can prevent the posting of profanity include EdgeWave's iPrism, Erado, Kronovia, Smarsh and Social IQ Networks. Platforms that manage social media for individual staff through a central portal and have workflow and governance processes includ Actiance, Hearsay Social, SocialVolt and Socialware