Encryption Isn’t Just About Confidentiality, But Integrity
People typically think about encryption as the best way to ensure that communications are confidential. But there’s another use that’s equally important and often overlooked - protecting data at rest, which includes the integrity of records where they are stored.
When you communicate, you create a record of who was a party to the conversation, what was said, and when. Message histories are often considered crucial evidence in regulatory investigations and can establish innocence as well as complicity in wrongdoing.
Archiving the content of messaging histories is a critical step, but it’s equally important to ensure that content hasn’t ever been altered. Encryption technology can provide the means to prevent evidence tampering, which is considered a serious crime.
The end-to-end encryption employed by Symphony provides a solution to both of these concerns; we not only protect messages from cyber-attack while in the cloud, but also ensure the integrity of those records. We maintain encrypted copies of all communications for however long our clients need, and our interfaces do not allow message contents to be overwritten or changed once a user presses the return key.
Symphony enterprise customers control their keys, ensuring their records can’t be decrypted or modified by anyone else – including hackers, or even Symphony. Our customers typically maintain their keys using specialized tamper-proof hardware security modules controlled within their own technology infrastructure. These devices ensure a high degree of protection and only a limited number of people have physical access to them.
This combination of controls provides an important protection against message content tampering. Customers can’t modify communication records once they are sent via Symphony. Symphony can’t change message records either, because we don’t have the necessary encryption keys. And all of this is accomplished while providing strong end-to-end security.
Contrast this with legacy message systems that do not have strong end-to-end encryption features. Not only are communications records subject to hacking or the risk of compromise by a provider, but in an investigation it may be difficult to forensically prove that a communication record retrieved from the provider hasn’t been altered. Symphony solves this problem.
A robust system of maintaining encrypted records protects the content from tampering. Lone actors lose their ability to cover their tracks by altering records, helping to maintain the integrity of financial institutions overall. That’s great news not just for compliance professionals, but for everyone.
To learn more about Symphony’s security and compliance features, please visit: https://www.symphony.com/product/security/ or reach out to your Symphony contact.