Sign up for our newsletter
Technology / Cybersecurity

Pushfor: The Instant messaging app for the GDPR era?

Business is evolving fast, and work is now conducted using personal mobile devices constantly. Critical business information is being cast out into the cyber ether via platforms such as a messaging app not meant for business, meaning that information can be leaked or apprehended by malicious actors.

General Data Protection Regulation (GDPR) is applying pressure on the data security of businesses, and it will be poised to slam those that do not meet the mark with massive fines.

John Safa, CTO and founder, Pushfor

The date for the arrival of GDPR is set as the 25th of May 2018, a point in time striking pangs of fear and anxiety into business executives. The regulation comes on behalf of the European Parliament, the European Council and the European Commission and is intended to unify and bolster data protection within the EU.

This regulation is not a directive, and it will be put into action without national governments having a say first. The messaging app Pushfor could be the answer to many of the problems GDPR is seeking to tackle, as it intends to hold sensitive data in an air tight environment while it can still be used.

White papers from our partners

The handling of data through the use of messaging apps is certain to be on the radar of GDPR, and will be an area of carelessness that will not be dealt with lightly. This issue has become so prevalent within financial services that Deutsche Bank made an announcement in recent months banning the use of messaging apps following publicity surrounding WhatsApp vulnerabilities.

Pushfor is one company vying to fill that gap left by WhatsApp. The company offers a messaging app that has been designed as a platform for business, with its core characteristics built around security. Rather than sending a typical message containing content, Pushfor grants the option of ‘pushing’ content to a contact, meaning the sender retains full control of the content as it remains on the original server.

       READ MORE: GDPR and Brexit: How Leaving the EU Affects UK Data Privacy

The recipient is unable to screenshot or forward the content and any attempt to do so will result in the revoking of access to the material. Other restrictions can also be applied to keep sensitive data from being lifted by a recipient.

“If you look at the world today, we send emails. If I send you a file today it is rendered on your device, typically with the application that created it,” John Safa, Pushfor founder and CTO told CBR

“What we do is we do something different, if I push you a file it goes to our servers in the cloud, and it gets converted into a vectorised format that then can be viewed on any device, regardless of the authoring software that is on there. The benefit is that I am controlling the view – what I am doing is basically saying where you can view it, how long you can view it, giving a lot more control.”

The messaging app is intended to arm the user with a string of other protective attributes, such as the option to blur the screen, meaning that the full body of the document you have pushed to the recipient is not visible unless they hold a cursor or their finger over the area that they wish to view.

It would be foolish, however, to think that Pushfor is just another messaging app, albeit one built with security in mind.

“What we do is we allow you to host a server as well. With some of the organisations we deal with, they host a service, so it’s like a hybrid cloud model. The benefit of that is you can armour it as much as you want, so you can put up a firewall for example. With one of the big four, they actually host a service themselves and we just maintain the code. We don’t have access to any of the data whatsoever.”

This element could give an added level of confidence to an organisation, as they are not entirely outsourcing a service. Instead they are retaining a guard duty in a certain capacity, allowing them to ensure their data is still within their possession. The ability for the organisation to apply its own array of security measures is a chance to personalise and bolster security to the desired level.

According to Mr Safa, Pushfor has already saved a household name from a potentially devastating leak. Naming no names but alluding to one of the big four, Mr Safa said:  “They were involved in one of the major mergers of Northern Europe, and they had 2000 partners that were sharing over 2.6GB of content. 2000 people had to share content and that information did not leak out, although three people screenshotted it and had their access revoked. So they did that merger without that information leaking to the press.”

Pushfor is designed to shift to fit the organisation that is using the service, working on the basis of meeting the requirements of the user. With simple uptake, this form of messaging service could be desirable to quickly neutralise a degree of the human risk involved in data breaches and leaks.

Mr Safa said: “When I first came up with the idea it was just to solve the problem, an investor once said to me a business is a vitamin or an aspirin, so there is a lot of pain that you are trying to solve, and the pain we are trying to solve is that I just want to get this from A to B, the benefits there are that it can’t leak.”
This article is from the CBROnline archive: some formatting and images may not be present.