Secure Messaging in Classified Environments
Wire has built a world-class secure messenger on edge-based encryption technology that helps your business communication & collaboration be secure. Your business is constantly under attack from various malicious parties and the layers of security deployed in your IT infrastructure are both complex and costly. Imagine a world where you spend less on your infrastructure and your workers have the same flexibility as their day-to-day personal messenger.
We at wire understand this natively; we have created a highly secure, private messenger for those complex situations organizations battle each day. We help protect your business, its employees, and whoever communicates via Wire be secure and stay secure. With Secure Messenger, you and your colleagues can share messages, share files, and call each other as you would with any other communication tool. Wire Secure Messenger is 100% secure and users love the simplicity of the messenger. No VPN, No time wasted in any technical setup; it’s as simple as picking your phone up to send a message.
End-to-End Encryption (E2EE)
Malicious attackers intercept messages flowing through your network and either steal the information shared or forge the message to the recipient.
Messaging – with Wire, to send an encrypted message, the sending client needs to have a cryptographic session with every client it wants to send a message. Wire on the endpoint will encrypt the message for every recipient and send that to the server. Then the server checks every client (of every user) who is a participant in the conversation as part of the message. If a client is missing, the server will reject the request and inform the sender of missing clients. The sender can then fetch prekeys for the missing clients and prepare the remaining messages before resending the entire batch. Conversely, when a client receives an encrypted message from another client with whom no prior cryptographic session exists, it initializes a new cryptographic session from the encrypted message. To rule out man-in-the-middle attacks, users need to compare identity key fingerprints out-of-band.
Calling – Wire uses state-of-the-art encryption for enabling smooth calls that can scale to tens of users. Call media exchanges between endpoints in an SRTP-encrypted media session. The SRTP encryption algorithm, keys, and parameters are negotiated through a DTLS handshake to initiate a call. The clients’ authenticity gets verified during the handshake by sending the expected fingerprints over the existing authenticated Proteus session. Wire clients use Insertable Streams to end-to-end encrypt the content of media packets. Conference calling uses AES-GCM-256 to encrypt the payload. For key derivation, HKDF-SHA512 gets used.
Safe by Default (Security features are always on)
Administrators install security hardware and set a security policy for users to be on VPN and add measures to safeguard communications passing through the internal network behind a firewall. These attacks are one of many types of attacks, and organizations are protecting themselves with added security layers. These security measures typically cost extra money and time. From a user perspective, they have to take a few steps before writing a message to their teammate. This delay in executing a primary function causes users not to follow the steps outlined, or users are frustrated with the experience. This further decreases productivity and/or generates additional costs in training all users of an organization.
Wire is secure by default. Users do not have to install other software to establish a secured line of communication. Like any other application that gets utilized on a user’s device, they just need to open the Wire application and send a message or call someone. It’s that simple.
Zero Trust Architecture
Organizations today are under constant attack and threat from the modern environment’s ever-growing complexity. With a remote workforce and users on the move within corporate firewalls, how do organizations guarantee security for all their users without compromising user experience?
At Wire, we have embraced the Zero Trust architecture, and we are proud to build every piece of functionality with those principles in mind. Assuming “everything behind the corporate firewall is safe” is no longer the status quo. ‘Zero Trust’ assumes a breach, and verifies each request as though it originates from an open network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.” Every device/user access request is fully authenticated, authorized, and encrypted before granting access.
Open Source and Secure
When integrating communication and collaboration workflows, how do organizations trust a third party software provider/tool/product?
Wire implemented a security by design approach, with security and privacy as core values. Wire is 100% open source with its source code available on GitHub, independently audited, and ISO, CCPA, GDPR, SOX-compliant. Wire has undergone many security audits, and we are proud to say that there are no known backdoors in our code that put any organization at risk.
Mobile and Remote Workforce
In the current remote world, it’s hard to keep the same security level on all devices. The workforce is moving more aggressively towards tablets and mobile phones compared to desktops.
Empower your employees to work more securely anywhere and on any device of their choice. Wire supports many platforms, including Android, iOS for tablets and mobile phones. Each user on every device gets authenticated and authorized regardless of the network they are accessing through their device.
Let’s assume two employees are talking to each other via Wire Secure Messaging and someone malicious is trying to access those messages.
Wire encrypts every message sent/received, and the key used for encryption is only between the sending and receiving parties, i.e., Wire does not store the key nor the message in decrypted form. Wire does not stop there; it also uses a different key to encrypt every message. This security measure guarantees that any malicious party involved does not get access to the encrypted messages.
Each organization creates organic groups to chat with each other, and this can either be based on a project or organization structure. These chats are both safe and unsafe simultaneously; when group chats allow guests and external members, the group chat becomes dangerous, and group chats within internal members are secure.
Wire encrypts every message in a group chat with or without guest and external members. However, group administrators can disable external and guest access with a click of a button. Unauthorized members who were removed from the group automatically lose their access to the group chat.
Multi-Device Encryption and Recovery
Many people in an organization use multiple devices to access their messages, including desktop and mobile devices. Between messages sent in the past with previously authorized devices and new messages received from newly approved devices, should the messages across these devices be treated differently? There is an assumption of trustworthiness for freshly added devices that got authenticated and authorized.
Each and every message in Wire has a unique key. When a new device gets added for an authorized user, it does not automatically receive the entire history of messages previously sent (as each message is fully encrypted end-to-end). A user has to take a backup from an existing device with account history and then load that back up into the new device. Upon loading the records, the new device gets access to the key for older messages. Wire supports eight devices to be used for a user account.
Most often, messages sent via email and other messaging systems cannot be canceled or retrieved if sent by mistake or sent without authorization. And organizations sending and receiving time-sensitive information can forget to train users to either delete or trash such shared information. So, how do message senders protect themselves from abuse of sharing to others?
Wire allows users to send temporary messages, and these messages disappear after a couple of seconds and up to 4 weeks, based on sender preferences. Users who want a sense of secure transmissions can choose to send self-deleting messages. When you read a message in a 1:1 or group chat, the message self-destructs for that particular user even when using multiple devices.
Every file shared or uploaded is at risk of a hack or misuse. Secret files are shared as part of any worker’s day-to-day workflow and with ever-growing files shared daily, can organizations protect themselves against malicious attackers and misuse of corporate information?
Wire ensures that each file has the same level of security as messages and every uploaded file gets Wire’s E2EE protection. Authorized members of the file can open the file or save the file to their devices.