The COVID-19 pandemic has increased the demand for remote access work tools, which has also increased the number of Microsoft Teams users. This was the key motivation for eperi to create a product which is secure and guarantees a legally compliant use of data. 

It felt like it was one night from the decision to the completion of the MS Teams template. It was thanks to eperi’s Develop Your Own Template (DYOT) that was released a while ago. This blog post will address the technical highlights of the DYOT which helped to reduce effort and implementation time.

DYOT is an interface to communicate with the eperi Gateway for Cloud Apps. The basic principle is a SSL terminating proxy which encrypts the content of requests using handlers for individual endpoints. With DYOT it is very easy to get started and because of the clean structure that is based on many years of experience, it is even easier to get the actual work done without too much overhead. Some of the most important features are access to the platform’s encryption and tokenization services, that are battletested and refined to work for very different types of content: starting from simple text over file encryption on to support for email bodies.

MS Teams is a frontend integrator for several Microsoft 365 products. Primarily, it is used for instant messaging and VoIP but supports file sharing, wiki pages and has many more features. The clients communicate with the Microsoft 365 servers mainly via json content. Thus, to encrypt the traffic, it is necessary to parse the content, get the necessary fields, encrypt them, potentially index them to enable the search and write the encrypted content back into the request. On the way back to the client, responses have to be decrypted again so that authorized users can read the content.

DYOT offers many features that greatly reduce the effort to achieve data protection. One example is a utility that will do all of the steps mentioned above for you. It will only need the encryption type and the field names as inputs. A feature called generic decryption ensures that the data is decrypted on the way back from the server to the client automatically, and thus the programming effort is greatly reduced.

The search is typically one of the most challenging parts of implementing a template. Cloud applications only see encrypted data, so their search function does not work anymore and has to be re-implemented via DYOT. MS Teams was no exception, in fact, it required eperi to improve the DYOT. The basic concept is to store all relevant data for the search in an encrypted search index together with an item reference. While searching, the item references are retrieved from the search index and used to get the relevant items from the Microsoft 365 server to be returned to the searching users. This concept was not applicable for MS Teams because there was no appropriate reference to be used. But eperi found a way to overcome missing references and in the future, partners of eperi will be able to profit from that in form of a feature.

All in all, we perceive DYOT as a great framework for our partners and ourselves that is thoroughly designed and makes it possible to implement encryption at-rest, in-use and in-transit for all kinds of cloud applications without breaking existing functionality. It gives the possibility to implement encryption for existing products or to use it while creating entirely new cloud applications.

The best example is our most recent template for Microsoft Teams. We gained new insights of a different type of application and improved DYOT on the go. But to constantly improve our DYOT and create new great features that will help you secure your cloud application, we want to create a community around this product.

That is why we gladly invite everyone interested to be part of a community that will help us improve and make your life using our product easier. 

About the author:

Illya Strunskyy
Senior Developer
eperi GmbH