End-to-End-Encrypted Team Communication & Collaboration Tools
This post is a collection of my notes about my search for secure collaboration and communication tools for smaller organizations, specifically vast limits. I will update it from time to time.
Bird’s nest in a stationery sign by Milan B under CC
What is This About?
In an ideal world, all our data and communications would be stored and transmitted end-to-end encrypted, i.e., in such a way that (cloud service) providers never see unencrypted data. Realistically, end-to-end encryption is only available for a subset of the services we use and need.
Requirements
Which features are we looking for? What functionality do we need?
- End-to-end encryption with keys managed by the customer
- UX: user experience and stability
- SaaS: application hosted and managed by the vendor
Text & Audio/Video Chat
Mattermost
- Company website
- No SaaS option, on-premises only
- Mobile app: the reviews on the Play Store and the App Store are not great
Netsfere
- Company website
- Cloud-based enterprise messaging service
- The free plan looks good already. The paid Enterprise plan adds AD synchronization via an agent to be installed on domain controllers.
Element (Formerly Riot)
- Company website
- Free and open-source software built on the Matrix backed by a well-funded organization
- Available for self-hosting or as SaaS
- Mobile app: good reviews on Google Play and the App Store
- Audio/video calls use WebRTC which is not end-to-end encrypted.
- Lack of admin controls.
Stackfield
- Company website
- Text chat and team collaboration as SaaS or on-premises solution
- Functionality includes task management, time tracking, and event scheduling
- Currently 1:1 calls only, no group calls with audio/video
Wickr
- Company website
- Zero-trust communications as SaaS (Wickr Pro) or on-premises solution (Wickr Enterprise)
- Supports SSO via OpenID Connect (requires Wickr Pro Gold plan; Google and Okta specifically listed as compatible; configuration is not documented)
Wire
- Company website
- Fast-growing startup focusing on secure communications for enterprises
- Usability of the encryption and security features seems to be good
- Mobile app: the reviews on the Play Store and the App Store are not great
File Storage, Sharing and Sync
LucidLink
- Company website
- Presents cloud storage to the OS as a virtual drive
- Adds a logical layer, works with most cloud storage providers (including Amazon, Azure, Google, Backblaze)
- Lack of admin controls
- The Windows client’s UX is so-so
pCloud Business
- Company website
- Swiss-based cloud storage that offers end-to-end-encrypted and non-encrypted folders in the same account
- The feature set seems to be mature
- No ACLs with encrypted folders, but team members can be invited with different permission levels (source): view, edit, manage rights
Sync.com for Business
- Company website
- End-to-end encrypted file storage and sharing for teams
- Inexpensive, good feature set
- Supports ACLs through team shared folders (no nesting or changed permissions on subfolders)
- Only one sync folder (directories outside the sync folder can be synced by creating symbolic links; this is not officially supported, though)
- Not everybody seems to be happy with the Android app
Tresorit
- Company website
- End-to-end encrypted alternative to the usual EFSS suspects
- Good UX, reliability and sync speed (personal experience over several years)
- What’s missing: ACLs (permissions) per folder
4 Comments
You should consider third-party encryption tools like NordLocker. Sure, it’s not SaaS as you have to install it on your machine to actually encrypt the files, but that doesn’t seem like a huge issue to me considering you get zero-knowledge encryption, an easy-to-understand interface and an affordable price. I mean working from home is a necessity right now, so I can’t really afford to be super picky about the software that I use to ensure security.
I am not opposed to encryption tools that work with existing cloud storage. In addition to NordLocker, there are also BoxCryptor and Cryptomator, which is even free & open-source. However, those products are for individual users, in this post I am looking at products for teams.
Relatively happy after moving from slack to rocket.chat. It can be selfhosted and I understand you can setup end-to-end encryption.
Happy to mention there’s now an all-in-one solution that uses end-to-end encryption for all types of teams’ data and offers communication (chat, video conferencing, audio/video messages) and file storage, sharing and sync; plus, it also features a task management tool and calendars. It would be great to get your feedback – please feel free to check PrivMX. It offers a flexible cloud-based model and an open-source version. In short, it uses Zero-Knowledge servers to secure teams’ data at all times.
https://privmx.com/