How Workstream Collaboration Platforms Affect the Cybersecurity World
In spite of all of their obvious productivity-enhancing and communications advantages, workstream collaboration platforms like Slack and Microsoft Teams have begun to pose a unique set of problems which land somewhere between the InfoSec (information security) team and the IT team. Traditionally, InfoSec teams evaluate and vet new software that gets deployed by IT teams, with the approval of that software representing a formal handoff from security to IT. But workstream collaboration creates a trojan horse of security concerns that continue to plague enterprises in perpetuity unless action is taken. New third-party apps are constantly added to the collaboration platform app stores, team members add other end-users (including guest users from outside the corporate domain) to different teams and channels, formal and informal conversations occur, file sharing (and storage) is rampant…. The bottom line is that there are a host of risks associated with these regularly recurring components of platforms like Microsoft Teams, Slack, and Workplace from Facebook.
So how do InfoSec teams ensure proper collaboration security measures are put in place?
Securing the Perimeter – A Traditional School of Thought
InfoSec teams have always focused on the notion of securing the perimeter of an organization. This meant preventing malicious attacks, putting policies in place to protect from phishing emails, training end-users, having a secure network, etc. If a person couldn’t cross the moat to get into the castle (the company), then the company successfully mitigated risk from the outside. In today’s collaboration-centric world, it’s becoming more and more apparent that this “old school” approach is no longer enough.
According to a recent IBM study, cybersecurity breaches have resulted in the loss or theft of over 11.7 billion records in the past three years. Beyond the dataleakage, it also comes at a serious price tag of $3.92 million on average. And while malicious breaches are a serious threat, inadvertent breaches from human error and system glitches account for nearly half of the data breaches. It’s not sufficient for InfoSec teams to ensure their organizations are safe from the outside. Instead, they should approach collaboration security with the mindset that there may already be bad actors (intentional or unintentional) within the castle.
Going Beyond Protecting the Moat
So how do information security teams go beyond protecting the organization with a wide moat? First, the InfoSec team should ask what safeguards and checks can be put into place to make sure their various digital workspaces aren’t left wide open to people who may not belong inside. Proper consideration for governance and policy will be key – without it, communication and collaboration may start innocently, but then exponentially more wild and untamed as platforms like Slack perpetuate in the organization. Collaboration security issues become a higher-risk situation than it should because people are working together and sharing topic-based content with an everchanging membership on an ongoing basis. Serious thought should be put into who owns each piece of the workspace – who is responsible?
Keeping with the castle analogy, InfoSec teams need to ensure that bad actors (or bad knights and maidens) cannot easily (and predictably) move from room to room. If they find their way into a side door, what’s in place to prevent them from moving freely about the castle?
To answer this, companies need to evaluate how they are using workstream collaboration platforms. Usage will change over time, which means that this evaluation should be repeated at regular intervals. Every organization uses workstream collaboration platforms differently, requiring InfoSec teams to work with IT teams to set up policies, training, and regularly monitor these workspaces.
Ramping Up Cybersecurity Efforts Inside the Organization
Realistically, the InfoSec world is facing massive disruption as CIO’s and CISO’s who are used to managing their own corporate networks are embracing the strategy of moving multiple services into the cloud, while at the same time dealing with IT and security budget cuts. Service providers like Microsoft or Amazon encourage you to buy a service, minimizing the need for a large headcount. But this also means IT directly owns and monitors a smaller surface area of the front door to your castle, along with possessing a smaller war chest for other initiatives.
To make matters even more frustrating, SLAs are getting passed to cloud providers. These once resided in the hands of the IT department, but cloud providers are not consistently providing reports on how well service levels are being maintained. Cloud providers own communications regarding poorly performing or inactive services. However that communication can often lag the outage…and in some cases communications may simply be lost altogether. In addition, while SLA’s may exist for a cloud service overall, a separate security-centric SLA may not exist for the service and/or may be “blended” into the overall SLA in such a way as to make the security-oriented focus of the SLA much less meaningful or reliable.
So while service providers are providing broader services that protect the front door, there are many other ways for bad actors to cause security breaches. While the service providers are alleviating basic concerns, the nitty-gritty that is unique to every industry (every business, really), falls on the InfoSec and IT teams. That’s no small task.
So how can companies thoroughly protect their digital workspaces? Practically, traditional and manual means are not enough. In the new collaboration-first world, there needs to be software intelligence overlaid to observe and detect on the multiplicity of digital transactions and to surface where risky behavior may be occurring. Collaboration security tools like PowerSuite that feature baked-in AI/ML technology can provide constant monitoring and regular security checks to protect businesses and help bridge the gap between the traditional InfoSec world and the increasingly modern and collaborative digital workplace.