AWS Podcast: Introducing AWS Wickr – Protecting Enterprise Communications

Listen to the original podcast here.

Simon Elisha: Hello everyone, and welcome back to the AWS Podcast! I’m Simon Elisha. I’m joined today by three very special guests to talk about a new service called AWS Wickr. First, I’m joined by Chris Lalonde, who is Wickr’s Director of Software Development. Good day, Chris.

Chris Lalonde: Good day, Simon. Thanks for having us.

Simon Elisha: Good to have you here. And we’ve got Vaibhav Agarwal, who is the Wickr Senior Product Manager. Good day, Vaibhav.

Vaibhav Agarwal: Hello Simon.

Simon Elisha: And we’re also joined by Laura Clark, who is Wickr’s Marketing Manager. Good day, Laura.

Laura Clark: Hello.

Simon Elisha: Now, you’re all here because we are talking about a brand new service. We’re talking about AWS Wickr, but as with all things in AWS, we start with the customer and work backwards.

So before we even talk about the service, let’s talk about what it is we’re trying to address. And you know, the world is an interesting place. It can be exciting, it can be challenging, it can be safe, it can be dangerous. Chris, let me start with you: What is the current threat landscape that Wickr is really looking at today?

Chris Lalonde: Yeah. Thanks Simon. I think I’ll take a step back for just a moment and talk about my experience, and why I joined Wickr. You know, I think that privacy is a fundamental human right, but the data protection and privacy environment has shifted significantly in recent years as organizations pursue digital transformation. When I joined Wickr, part of the reason I joined was to try and help be an advocate for privacy on the internet.

When I was growing up, you could have a conversation with someone. You had to have that conversation face-to-face. And when you’re having that face-to-face conversation, you know who you are sharing your opinions and your thoughts with, and the context of the conversation is all wrapped around that.

I’m that old a fella. But my kids today have grown up with an entirely different kind of context, right? They’ve grown up in a situation where a lot of their conversations are happening online. And, I think those online conversations have been accelerated, thanks to code. And I think that what’s happened now is all of those conversations have turned into data, and that data can often be monetized.

I think the same thing is true for businesses, especially in globalization. So as people have moved a lot of their conversations to online, what’s happened is those conversations have started to become effectively the property in some cases of corporations, of these services that are run.

And because those services are run by a third party, those corporations need to monetize those services and people’s conversations are now being exposed for that purpose. And that can have significant impact for a business, right? It can have a significant impact for a person, but it can also have a significant impact for a business.

And so I think the landscape has changed dramatically in the last five years even, right? As we’ve pushed all of this data out onto services as the ability for corporations to take data and run machine learning against it, to do data analysis, as that capability has matured, the risk of that data, those conversation being analyzed and monetized has increased dramatically, and exposed those conversations more than it’s ever been before in the history of mankind, is my personal opinion.

Simon Elisha: Yeah it is a challenging world and, messages can last forever now, potentially. It’s not, as you pointed out, the conversation you had when you were, you know, younger and sillier. And it just goes off to the ether.

Chris Lalonde: Yeah. I mean, think about it. There are petabytes of data being stored. Remember floppy disks, Simon? You know, like it’s a completely different world now and I think that that’s why privacy becomes more and more important for individuals, and also for corporations.

Simon Elisha: So, given that, let’s talk about AWS Wickr, which is a new service that we have. So what is it all about?

Chris Lalonde: Sure. AWS Wickr is an attempt to make cryptography easy for people to use. There’s been public key cryptography, you know, really advanced cryptography for a long time now, but it’s been very difficult to get in the hands of end users. And AWS Wickr is an attempt to take end-to-end encryption and put it into a collaboration platform so that customers don’t have to trust us. They can trust the math. And so AWS Wickr does all the things you’d expect of a collaboration service. It has messaging, calling, file sharing. We do integrations, you know, all those kind of good things.

But at the end of the day, we don’t have access to the customer’s data in any way, shape, or form. Why? Because it’s triple encrypted with 256-bit AES encryption. And so just mathematically, it’s unfeasible for us to get access to that data. And that’s really what it is at the end of the day.

I would also say, that what we’ve tried to do is also make something that’s not just easy for the users to use, but also for administrators to administer. And in that context, there’s an administration console inside of Wickr that allows administrators to do things like integrate with SSO, have fine user controls, retain data if they need to, right? All those kind of things are built into the system for our customers and for their customers.

Simon Elisha: And I think that’s been really interesting in that, you know, there are a lot of different approaches to this problem domain out there. And it’s been interesting to watch the, I guess, consumer-focused services kind of lead the way in many ways and, and have that uptake. But whilst they can potentially deliver that encrypted experience, they’re not gonna deliver what would fit into an organizational construct as well. And, Laura, help us maybe deconstruct that a little bit. Cause I think that there’s a nuance here that’s really important in terms of, you know, we want all the things encrypted and we want to have the privacy. However, if we’re communicating in a business context, there may be some, “except for…” or some, you know, “but we need to be able to…” that we have to think about.

Laura Clark: Yeah, exactly. So kind of as Chris alluded to, our secure collaboration is end-to-end encrypted, as he stated. So Wickr allows that safeguard collaboration, not just internally, but externally with partners or even stakeholders outside your organization. That’s a key benefit for our customers.

In addition, Wickr also allows, as Chris mentioned, the ability to retain information. This is big for customers who require data retention for compliance or legal hold, and even auditing purposes. So they have that assurance that their conversations are private. However, they also have the ability to retain those conversations for those legal reasons.

Simon Elisha: And, that’s a really interesting sort of cross-cutting need, which is, you know, we want to be encrypted and protected for everything, however, there may be legal reasons from an organizational standpoint that we need to maintain that information. And I think Chris, that’s that tension you were talking about, you know, privacy, but also fitting in and that even extends into automation as well. You know, you want encryption and also stuff you want to automate as well. So maybe, yeah, talk us through some of these little nuances.

Chris Lalonde: Yeah absolutely. If you think about collaboration platforms and consider the benefit to the end-user; you start thinking, “what does a collaboration platform do for me?”

Sure, it has messaging. Sure, it has file sharing, but what really, at the end of the day, benefits me? Like, what’s the data on it? Right? I’m either getting data from other people, right? Other employees or friends. I’m sharing funny jokes or memes, or I’m trying to do something with my work.

And one of the things we recognized fairly early on at AWS Wickr is that integrations are key for customer success, and the benefits of end-to-end encryption sort of just multiply the benefits of those integrations. So, you know, we have customers that do things like integrate what’s called chat ops into AWS Wickr.

So why is that useful? Well, because it’s end-to-end encrypted. If a user is in a room, you have a guarantee of the security of that conversation, but also the security of the commands and the history of the content in that room. And so now if you integrate, we have customers who integrate, for example, into AWS’ APIs.

And so you can do things like change firewall rule sets, change load balancer rules. You can do all these things in the context of a room and have all those privacy and security assurances that you would normally only be able to get if you’re using a VPN or a batching host or something. But it’s just in a chat room, right?

And so we have customers who are doing those kind of things. We also have customers who are using it for secure reporting. So if I’m an executive and I’m getting, you know, the monthly reports on revenue or something else that’s sensitive, how do people get that today? Well, a lot of that happens over email, and what that means is that data is not just on the server where it was created, but it’s also stored in email boxes, you know, some other servers all over the place or even on your phone, right? Because you’ve downloaded the email.

What we’ve got customers doing is generating reports on the server, connecting directly into Wickr, and delivering those to their executives. And that provides multiple benefits. One, it reduces the liability of that data, but also because Wickr has this capability of expiring content by default, that administrator can set an expiration time for the data. So you can just say, “Hey, this data’s going to disappear after 30 days.” And guess what, it disappears after 30 days. As an administrator, you don’t have to follow up and do anything for it. It just does it natively.

Simon Elisha: That’s really interesting. I think automation’s becoming such a fundamental part of what we do, but not having it as an afterthought is the important part to build that sort of end-to-end capability. And maybe, Vaibhav let me come to you because, you know, there are a lot of frustrations and challenges that organizations are trying to solve in this domain because if it was easy, it would’ve already been done. So what are some of the challenges you’re seeing them face?

Vaibhav Agarwal: Yep, that’s exactly right Simon.

And as with the hybrid work environment, employees can certainly gain several benefits, but it also increases their threat landscape, the risk of data breach and cyber attacks. So communications data, especially nowadays, is increasingly targeted and faces diverse and advancing threats. So customers certainly need the advanced tools to secure their sensitive communications.

The second key challenge is that employees in some organizations, including those at senior levels, communicate both internally and externally on different consumer-grade shadow IT messaging apps, probably due to the lack of a company-approved encrypted tool. And most of these communications are not maintained and preserved by the organization.

That’s why some of the leading investment banks in the U.S. were fined by U.S. regulators costing as much as $200 million for allowing their employees to use consumer messaging apps, which circumvent different federal record keeping laws.

Simon Elisha: It’s interesting too in that, you know, often people will do that, not because they wanna be malicious, but because the tools they have are not good enough or too hard to use or what have you.

You know, you want to prevent the bad things from happening. But if you provide a tool that makes it easy, that’s what people will end up using. So how does AWS Wickr help with these? What does it bring to the table to make it a bit easier?

Vaibhav Agarwal: To add to what Chris and Laura mentioned earlier on, AWS Wickr uses 256- bit advanced encryption standard for every feature.

Every message, call and file is encrypted with a new random key. And no one but intended recipients, not even AWS Wickr can decrypt them. With Wickr’s design, even in the event of a data breach, your communications remain highly secure and private. And to add to that, AWS Wickr also offers different administrative controls and helps organizations meet data retention requirements.

So with Wickr, information can easily be logged to a private customer controlled data store for any retention and auditing purposes. Wickr offers different flexible administrative controls as like the configuration of ephemeral messaging, defined security groups, single sign on and more to safeguard the sensitive information.

Simon Elisha: That’s really interesting. And, Laura, let’s talk about, I guess, some examples of how customers use Wickr. What’s one that you can share with us in terms of, I guess, showcasing how it helps.

Laura Clark: Yeah. So one that’s near and dear to our hearts, I know, is the work we’ve done with Freedom Shield Foundation, which is a nonprofit organization that rescues women and children from human trafficking.

So, with the Freedom Shield, they use Wickr to collaborate when it’s necessary to put operatives on the ground for rescue purposes. So AWS Wickr’s end-to-end encryption and versatility allows those team members to coordinate, communicate easily, even in mountainous areas. And Wickr is also used, I know from their team, from the US side, to enable easy and secure collaboration amongst their team members, but also amongst the organization’s board members.

Simon Elisha: Yeah, that ease of use becomes really important. And, I know, like I use Wickr myself for some of the projects I’m working on. And, I found it, you know, I don’t think about the encryption part, it’s just the using of it that feels nice and good. And then the assurance you have that the people you are communicating with are the people you think and you’re doing it securely is important.

Chris, maybe talk to us about another use case that is really interesting. 

Chris Lalonde: Sure. Wickr comes in sort of two flavors, is what I might say. So we have the SaaS version that allows you to get instantly get up and running, right? It’s very popular, but we also have an on-prem version.

Some of our customers have the highest level of security needs, and in those cases, they need to manage or run the infrastructure themselves. Managing and running that infrastructure allows them to get, what’s called ATO authority to operate so that they have the highest level of assurance when they’re sharing their data.

One of our customers is the Air Force Special Operations Command, and they run an on-prem version that they use that they manage. It’s run on AWS’ Gov Cloud. But they manage the infrastructure, manage the services. And they use that for all kinds of things.

So they do use things like, for troop recalls. So if there’s a storm and you need to have the troops come back to base, they use Wickr for those kind of things. They use Wickr for sharing sensitive data back and forth between troops. They use automations and bots, just like we talked about, to do some of the same things around sharing data and ensuring that the folks in the Air Force are secure when they’re having issues.

So it’s a really important mission that we are on. We are helping support folks that are actually at what’s called the tactical edge, the people out in the field. And making sure that they’re safe and they can get communications back to the home base when they need to.

And they also use it just for daily meetings too. It’s like a daily driver as well.

Simon Elisha: It sort of spans both, both those use cases, which is really interesting. Fantastic. Well, so, so many potential uses here. I’m sure folks would be really interested to get up and running with AWS Wickr.

Chris, thanks so much for coming on the show.

Chris Lalonde: Thank you, Simon. Really appreciate the time.

Simon Elisha: And Vaibhav, thanks for sharing your perspective on how this can help.

Vaibhav Agarwal: Yeah, thank you.

Simon Elisha: And Laura, of course, thanks for sharing some stories and some use cases that fit. It makes a lot of sense.

Laura Clark: Yeah. Thanks for having us.

Simon Elisha: And thanks everyone for listening. We do love to get your feedback. Awspodcast@amazon.com is the place to do it. And until next time, keep on building.

Get in Touch

Learn how Wickr can help you collaborate securely and seamlessly.

Contact Sales