Vaporstream Delivers Secure Mobile Messaging in High-Risk Industries
Posted by Katie Bochnowski (Strzempka)As employees demand mobile access to the resources they need wherever and whenever they want them, some unintentionally circumvent security programs and adopt unsanctioned apps and tools simply to get the job done.
That increases risk for organizationes and public-sector organizations, particularly those in highly regulated industries such as energy and utilities, financial services, healthcare, higher education and government. The use of insecure mobile apps is a problem recognized all too well by Avi Elkoni, chief technology officer and chief operating officer for Vaporstream. Chicago-based Vaporstream provides a secure communications app that it validates with NowSecure solutions and services.
Compliance Concerns
A few years ago, Elkoni suffered severe burns from a household accident and was taken to the hospital by ambulance. The burn surgeon was not available to evaluate him in the trauma room, so the traumatologist pulled out her iPhone, took photos and texted them to the surgeon who was located elsewhere in the building.
âI didnât say a word because all I wanted at that point was to get the best possible care,â Elkoni says. âBut the pictures of my burns could still be on that traumatologistâs iPhone or in the iCloud to this day. No regulations were respected in the least in that story.â
Katie Bochnowski of NowSecure and Avi Elkoni of Vaporstream discuss secure messaging at NowSecure Connect 2019.
The incident illustrates what happens when you say ânoâ too often and donât give people the right tools to do what they want to do, explains Elkoni. Vaporstream offers enterprise organizationes and public-sector organizations a mobile communication platform for confidential, leakproof and regulatory compliant conversations.
âWe have customers in regulated industries â people subject to HIPAA, those who work with financial information or in energy â and theyâve been dying for years to take information and share it with their mobile devices,â Elkoni says.
For years the cybersecurity or compliance departments have been telling employees âno.â In the best-case scenario, people obeyed the rules but worst case, they ignore them and bring their own apps to work. But now organizations can finally allow employees to do what they want and say âyes.â âThe secret is just the right amount of security to meet regulations and standards, then finally people can start using their devices in the way they want to use them,â says Elkoni.
For example, a Vaporstream customer in the energy industry previously circulated a form in response to immediate or urgent events. The information was generated in a web-based system, printed, and then faxed to internal and external stakeholders including vendors, service providers and local government. âWe are many, many years after. It wasnât the â80s but was the only secure way they had to transmit the form,â Elkoni says.
Working with Vaporstream, the company embarked on process engineering and regulatory reviews to replace the paper-based process. Today, the Vaporstream secure messaging app enables utility employees to transmit a PDF of the form using their mobile devices of choice.
Reassurance and Relief
Why do customers in regulated industries entrust Vaporstream to safeguard their most sensitive communications? In part, thatâs because the company obtains third-party security validation from NowSecure. âDonât just trust me that itâs secure, trust someone else,â Elkoni notes.
To that end, Vaporstream has worked with NowSecure for several years. The company engages our professional services team for mobile app penetration testing to validate its Android and iOS apps meet rigid security standards. Conducted annually and for major new releases as needed, the comprehensive test run by our NowSecure experts includes a battery of static, dynamic and behavioral analysis across numerous risk vectors (see the case study). In addition, the Vaporstream Quality Assurance team relies on the NowSecure automated mobile appsec testing platform on a daily basis to test the build and flag any vulnerabilities or privacy issues.
Recalling a time when cert pinning broke in an internal build of the Vaporstream mobile app, âIt was NowSecure software that discovered that cert pinning was gone,â Elkoni says. âWithout that, it would have been very, very difficult to find.â
Solutions such as the Vaporstream communications service and NowSecure mobile app security testing tool help organizations better comply with regulations and reduce risk.
As Elkoni points out, you canât completely destroy the problem of employees ignoring security rules. âThere will always be people who donât care or arenât disciplined.â By saying yes, use your device with this secure messaging app, youâll have significantly reduced your risk exposure.
Finally, he recommends following the mantra of âtrust but verify.â âAnything you can do to verify security claims will put you in a better place,â he advises. And for Vaporstream, that means working with NowSecure to certify and ensure on an ongoing basis the security of its flagship secure messaging app.