Securing Collaboration

The Talmud, the 2 million word-long book of Jewish law, contains a number of discussions of whether it is possible to commit two or more sins in a single act. For example, if you eat non-kosher food on a fasting day, you’ve carried out two forbidden acts by taking just one bite. We have a similar issue in the modern world of cyber security.

It is possible, it seems, to violate multiple laws and security policies by clicking just one button. Consider what happens when a healthcare professional in the EU sends an unencrypted email containing patient medical data to a recipient in the US. One message, but at least two security and compliance transgressions.

This is conundrum of secure collaboration. You want your people to be able to communicate and collaborate easily no matter where they are. Employees move around a lot, whether it’s simply commuting or working at home on certain days or running around the globe on business. Projects must go on. Team members need to exchange information to get things done.

Aaron Turner, CEO of Hotshot

A variety of tools make this possible. These include collaboration and communication apps like Skype and Slack as well as traditional forms of communication like email. There’s a big problem with most of these solutions, however. They tend to leave data vulnerable to hacking. Data gets left on servers. Devices can get compromised. In some locations, the government has access to encryption keys, the better to spy on citizens and foreigners.

Even with security safeguards in place, roaming employees might easily run afoul of data sovereignty laws like GDPR. Or, if they work in healthcare, they might inadvertently violate HIPAA by messaging about a patient’s health problems. If nothing else, employees might transgress corporate data protection policies through the use of everyday collaboration tools and email.

Hotshot has taken on the job of resolving this conundrum. The company has developed a team messaging tool that addresses many of the most challenging security and compliance issues that arise in collaboration. The Hotshot app, which is available in native form for iOS, Android, Windows and Mac, is based on a proprietary secure message channel.

The app’s users control both encryption and data use policy. The central Hotshot infrastructure serves as what CEO Aaron Turner calls a “dumb switchboard.” The end user owns the encryption keys. Hotshot does not have access to them. “There is no central data store to hack,” Turner explains. “The user has the keys.” Hotshot does maintain and audit log of communications, but the central server has no personally identifying information on it.

Hotshot’s policy management interface

Hotshot also provides a policy control interface. Administrators can establish data retention policies for the app. This way, users can collaborate without concern about inadvertently violating policies. Similarly, the app allows admins to establish geographic boundaries for users. For example, users can be prohibited from receiving messages in certain countries to avoid violating GDPR rules.

The app and its broader system appear to make it possible to enjoy a high level of security in a flexible, collaborative environment. It’s likely the industry will see more innovations like this in the near future as organizations struggle to enable remote work and collaboration with third parties while not running afoul of the law or exposing themselves to damaging security incidents.


Photo: Image of a page of The Talmud, Credit: Chajm Flickr via Compfight cc