By Ofer Klein, CEO and co-founder, Reco
Recent research found that 96% of business leaders believe that effective communication is key to a productive remote or hybrid work. And Slack claims that using collaboration tools can increase your productivity by 30%. All of these tools offer vast benefits – it’s easy to see why they’re so appealing to businesses. They make collaboration faster and easier – which is a leading goal for almost any organization.
However, they also introduce new security and compliance risks. Organizations must find a balance between speed, productivity and security when it comes to collaboration. Doing nothing isn’t an option. The hack of Uber’s Slack channel is just one recent example that underscores the importance of collaboration security.
However, legacy security tools, such as DLP, were built to control and, in some cases, prevent communication. That won’t suffice for today’s modern business. You can’t stop business communication and still collaborate effectively. Fortunately, there are new approaches to collaboration security that mean you don’t have to choose. Dynamically classifying sensitive information across collaboration tools and understanding what actions are justified, are key to effective collaboration security.
Understanding the security needs of collaboration tools
The commonality with collaboration tools is that they run on data – you’re sharing information, documents and data – some of which is sensitive and subject to certain compliance regulations.
These platforms were built to allow users to share information seamlessly, putting collaboration first. Users share documents with each other without thinking about how sensitive the information in some of those documents might be. There’s a risk that an unauthorized party could get in and access these documents and that information. It’s easy to share information through collaboration tools in an unsafe manner – for instance, with a link open publically or data still shared with a third party that you don’t work with anymore.
Last summer, hackers breached Electronic Arts (EA), a digital interactive entertainment company, using collaboration technology as a gateway to gain access and passwords. Insider activity is also a concern, as we saw in the case of the Google executive charged with stealing trade secrets.
In fact, 82% of data breaches involved a human element, according to Verizon’s 2022 Data Breach Investigations Report. The latest data security breaches highlight both the insecurity of collaboration tools and the human element behind these incidents. Compounding this situation further is the fact that most organizations are still grappling with a significant security skills gap; they’re understaffed and the staff they do have is often undertrained.
Staying secure while promoting seamless collaboration
For some older, more legacy companies, it’s tempting to avoid such risk by restricting or even blocking the use of these collaboration tools – but they do so at the cost of limiting business. They might be a little more secure, but they’re creating friction, hampering communication and slowing the company down. In today’s competitive landscape, slower isn’t an option. It’s also not a panacea; employees will find ways to share information needed to do their jobs, whether it’s sanctioned or not. The best option is to find a way to allow data sharing in a secure way.
Organizations today are using an average of 80 IT-sanctioned SaaS apps – and that number is growing. That doesn’t count all the SaaS apps employees may be using on their own without getting IT’s blessing (shadow IT). Securing each and every one isn’t feasible; you have to focus on securing the collaboration channels where data is being moved back and forth, such as GDrive, OneDrive, or Slack.
This is a challenge. These tools are still very new; for many companies, adoption was as recent as the start of the pandemic. They’re still adjusting – and so are the bad guys, although they’re quickly discovering the potential opportunities these tools pose for them.
Context is key
The same old security tools used for the old way of working won’t suffice because this new way of working is far more distributed. Manually classifying the data and applying static policies is also unwieldy; you wind up with a lot of noise and a high rate of false positives.
Here’s an example: As opposed to an old system that might send an immediate alert that an employee has sent sensitive information and immediately block it, with newer collaboration security tools, you can gain additional context. Now you know the employee is a patent attorney who sent a patent to his colleague, a contractor also working on other patents and working in the same patents Slack channel – an activity that is justified.
Static rules, such as in the legacy data security tools, create a lot of noise and false positives. The only way to solve this problem of collaboration security is to have contextual understanding of the “why” behind every action. Without that, you can’t effectively solve the problem.
Then, because it’s impossible to do this manually, you need a dynamically updated set of rules that will ensure very low noise and accurate detection of risky data access and leakage. There are now tools available that use AI to automatically map the sensitive information in your collaboration challenges and apply business context to every action in every channel. By understanding the connection between platforms and individuals, a justification can be assigned to an action before alerting to it. This significantly reduces the noise, limits false alerts and allows security teams to more accurately detect risky activities. With these types of solutions, IT and security teams gain visibility and control over the data being shared within collaboration channels before any damage is done.
Collaboration in context
Adoption of collaboration tools increased dramatically when the pandemic pushed countless companies to enable remote work options. However, in many situations, this was done without prioritizing security. Now companies are trying to determine how to have the best of both – real-time collaboration but with full visibility, control and security. Contextual visibility and dynamic rules will help organizations use collaboration tools to their fullest extent while increasing their security posture.
About the Author
Ofer Klein, Co-Founder and CEO at Reco. Ofer is a former Israeli pilot, a serial entrepreneur with a vast experience in building and growing GTM teams in SaaS companies in the US. Enthusiastic about leading solutions for the distributed workforce.
Ofer Klein can be reached online at (https://www.linkedin.com/in/ofer-klein-a0689449/ and at our company website https://reco.ai/
Source: www.cyberdefensemagazine.com