The last several weeks have highlighted the growing importance of proactively addressing the security of team collaboration applications.
According to Metrigy’s Workplace Collaboration: 2021-22 global study of 476 organizations, almost 68% have deployed team apps and more than 57% of participants view team apps as a hub for work; integrating data and applications into contextual workspaces. Compared to email, team applications provide significant and measurable improvements in productivity and responsiveness. It’s no wonder then that almost 54% of companies are now using, or planning to use, team collaboration apps to support business-to-business and business-to-consumer collaboration.
Unfortunately, the last several weeks have seen a number of high-profile team collaboration security concerns. As noted by collaboration security vendor Safeguard Cyber in a recent blog post, hackers compromised EA Games’ Slack instance via a combination of a stolen cookie and a social engineering attack to reset a password. Slack isn’t alone as a potential vector of attack as security researchers at the security firm Tenable discovered a potential zero-day vulnerability in Microsoft Teams that could have allowed an attacker to compromise user accounts. These types of software vulnerabilities aren’t new, vendors routinely issue patches for discovered and reported security flaws, but they do underscore the need for those responsible for collaboration security to ensure that they are taking a proactive approach to vulnerability awareness and patch management.
Unfortunately, our data shows that most companies do not yet have a proactive workplace collaboration security plan. Among our study participants, just 41% have such a plan today, though an additional 22% are developing one. Even among those with a plan, we find two challenges that can lead to a higher level of risk:
- Most security plans are still voice-centric and perimeter-based
- CISO/CSO shops may not adequately understand potential risk
Among those with a workplace collaboration security plan, the biggest component of that plan is perimeter-based security such as the use of firewalls and application-layer gateways (ALGs) to protect internal applications and data from external attack. With the typical network perimeter increasingly dissolving as employees access apps from a variety of devices at home, and as apps are used for collaboration outside of the firewall, the old “crustacean” model of network security using a hard exterior shell to protect a soft mushy interior is no longer acceptable. Instead, companies must move toward implementing a Zero Trust security model that treats all users and devices as untrusted, and then once authenticated, only allows access to permissible services. Zero Trust models may even extend to application service providers through the use of end-to-end encryption, meaning that application providers have no ability to see customer data unless specifically granted permission by the customer.
We also find that in just over 50% of companies, the CISO/CSO team owns responsibility for collaboration security. However, in those organizations with the highest measured success (in terms of increased revenue, cost savings, or productivity improvements), collaboration teams are more likely to own security of collaboration apps. This implies that CISO/CSO teams may lack expertise and understanding of the risk that collaboration applications present if not properly security. Obviously the more high-profile attacks, like that against EA, should change this dynamic, but it’s imperative that CISO/CSO teams bring collaboration application expertise into their domains.
Finally, companies should consider investing in collaboration security tools to standardize on policy enforcement across multiple apps, and to proactively enable protection against phishing and other social engineering attacks. Tools from vendors including SafeGuard Cyber, Theta Lake, and Unify Square, provide the ability to ensure consistent policy configuration and compliance. In addition, companies should take advantage of advanced security capabilities offered by collaboration providers to protect against data loss such as Cisco’s Cloudlock and security capabilities offered by Google and Microsoft for their collaboration suites. Consider utilizing enterprise key management to gain control over your encryption keys, and using end-to-end encryption where necessary for the highest level of application security.
The EA breach is not likely to be the last attack leveraging team collaboration apps. A proactive security approach, based on Zero Trust, specifically applied to collaboration applications, and implemented and managed through security policy and enforcement controls is your best route to preventing an attack.
