The Downsides of Air-gapped Environments and Open Systems - A Better Solution

Working in an air-gapped environment isn’t for the gregarious. Since these environments are isolated from the public internet, workers may sit shoulder-to-shoulder, but the disconnection discourages collaboration. That said, these colleagues may fulfill their daily step counts by running the sneakernet — walking to and from each others’ computers with USB drives — the only way to transfer files.

So, pity the poor employees forced to deal with such sensitive materials that it necessitates working in air-gapped environments.

But at least the sensitive data is safe, right? Maybe not.

The feeling of invincibility often results in blindness to risks.

U.S. and Israeli governments created the legendary Stuxnet worm in 2005 to derail or delay the Iranian program to develop nuclear weapons. Stuxnet was designed for delivery via a removable USB drive. The Natanz facility where Iranian uranium enrichment was taking place was air-gapped, with its systems disconnected from the internet. Stuxnet was designed to spread quickly and indiscriminately from machine to machine on an internal network. The worm was hugely successful and is thought to have set the Iranian nuclear program back two years.

The point of the Stuxnet story is that even disconnected and isolated systems have vulnerabilities. The need to physically copy files from removable media introduced a weakness in the air-gap process that is generally unnecessary in connected systems.

Swinging the pendulum – and playing with fire

Governments and enterprises that don’t require air-gapped systems can choose friendlier environments that support more collaborative work. Instead of investing in infrastructure and licensing software, some entities use commercial communications platforms like WhatsApp.

Commercial solutions have two primary benefits. First, there’s no learning curve since many employees use these tools in their private lives. Younger employees often use WhatsApp as fluidly as they can eat and drink. Second, the application’s built-in end-to-end encryption ensures bad actors cannot read sensitive communications.

While the ease and price point of commercial solutions are appealing, they have some significant drawbacks:

1. Meta’s (Facebook – owner of WhatsApp) data collection practices with WhatsApp enable them to access metadata, such as who one is messaging and when.
2. Depending on the user’s device, message notifications are sent through Apple's or Google’s notification services. Although these services may be unable to divulge the contents of messages, the message metadata — recipients, senders, call participants, message times, message volumes — are easily compiled. In these commercial cloud-based systems, users don’t own their metadata, but it is potentially accessible to others.
3. The openness of commercial systems enables outsiders to join groups and create groups. An administrator can’t control who communicates with whom. Users may inadvertently share sensitive information with people who shouldn’t see it.

KoolSpan TrustCall – The best of both worlds

KoolSpan’s customers want the best of both worlds. They demand high security but also need to work collaboratively. Furthermore, KoolSpan’s customers demand intuitive and attractive products with ease-of-use features they’re accustomed to in their private lives.

This is how KoolSpan threads the needle between the highest security levels and extreme usability in its TrustCall communications product:

1. Maintains a flexible deployment, enabling customers to control the entire product from front to back. Customers may deploy the TrustCall back-end behind their firewalls. This way, no one besides the customer may access their metadata – not even KoolSpan.
2. Builds for privacy. TrustCall requires no cloud services and doesn’t require Apple’s or Google’s web notification services. Therefore, TrustCall may be installed behind a firewall without opening ports to the outside. This enables users within the network to freely communicate with one another without risking infiltration or exfiltration.
3. Provides a full-featured administrative console, placing great power in administrators’ hands. Administrators control the users allowed into the system, the grouping of employee communication channels, and device registrations. Furthermore, administrators have a robust reporting interface that provides usage statistics.
4. Offers a first-class user experience. TrustCall is immediately understandable to WhatsApp users and users of other commercial communications products.

A product can’t be all things to all users. This is why KoolSpan targets a small but essential subset of the market. KoolSpan sells to customers in the government/enterprise space who require high security and high usability.

TrustCall covers all the bases for customers within KoolSpan’s business domain.