Search Icon White

As Users Flock to Encrypted Messaging Services, Standards Stand By


As many people continue to work from home, employees are still looking for ways to stay connected to one another. The time when we will be able to pop over to the next cubicle to chat may still seem too far away, but luckily, there are many messaging apps handy for a quick interaction.

According to a study by NetSfere and 451 Research, employees already rely heavily on their smartphones and messaging for work. 64% of employees use their smartphones and messaging apps multiple times per day for work-related purposes. Privacy and security are increasing concerns amid the rise of messaging apps. For many industries and sectors, this could mean passing along sensitive data through these channels, so the need to keep  messages private and secure is growing.

An article by sheds light on security concerns, noting "…the rise of BYOD (Bring Your Own Device) and smartphone adoption coupled with employee use of consumer-grade messaging apps that lack the physical and technical safeguards necessary for enterprise communication is exposing companies to security risks."

Technology is now involved in many new aspects of our lives they weren’t before, with innovations that allow you to pay with your phone or even unlock your car. In the wrong hands, these technologies can reveal our personal and financial data as well lock us out of our own lives.

A number of standards support safety and encryptionkeeping data safe. INCITS/ISO/IEC 18033 is a seven-part standard series, with some in development, which covers different types of encryption algorithms.

As an example, INCITS/ISO/IEC 18033-2:2006 (R2018), Information Technology - Security Techniques - Encryption Algorithms - Part 2: Asymmetric Ciphers, specifies encryption systems, also known as ciphers, for the purpose of data confidentiality. The American National Standard (ANS) was prepared by Joint Technical Committee ISO/IEC JTC 1, Information Technology, Subcommittee (SC) 27, Information security, cybersecurity and privacy protection. The U.S. plays a leading role in JTC 1, with ANSI serving as Secretariat. The InterNational Committee for Information Technology Standards (INCITS), an ANSI member and accredited standards developer, administers the U.S. Technical Advisory Group (TAG) to ISO/IEC JTC 1.

Another ANS, INCITS/ISO/IEC 19772:2009 (R2019), Information Technology - Security Techniques - Authenticated Encryption, also developed by ISO/JTC 1 SC 27, specifies six methods for authenticated encryption, which are defined ways of processing a data string with the following security objectives: data confidentiality, data integrity, and data origin authentication.

The international standard, INCITS/ISO/IEC 29100:2011 (R2017), Information Technology - Security Techniques - Privacy Framework, specifies a common privacy terminology, defines the actors and their roles in processing personally identifiable information (PII), describes privacy safeguarding considerations, and provides references to known privacy principles for information technology. This standard is applicable to persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII. This is another standard developed by ISO/IEC JTC 1 SC 27. ANSI is the U.S. member body to ISO, and the IEC, via the U.S. National Committee.

Concerns about privacy is understandable, especially as technology develops a rapid pace and as its presence continues to increase in our lives. Encryption is here to stay and so are the standards that make encryption possible.

Read a related article:

With Cyber Attacks on the Rise, The Cyber Industry Faces a New Challenge: Finding Talent


Jana Zabinski

Senior Director, Communications & Public Relations


[email protected]

Beth Goodbaum

Journalist/Communications Specialist


[email protected]