Corporations have been quick to adopt collaboration/communications applications – specifically Slack and Teams – which were further accelerated by the shift to hybrid and remote workforces due to the pandemic. If your company is using these SaaS solutions, be aware that there are security concerns that are not easily addressed with the native security features these applications provide. You’ll face significant challenges trying to shut down access to corporate files and data that may be inadvertently shared through Slack or Teams. Here’s a closer look at the issue and a possible solution:
The sudden rise and hidden dangers of Slack and Teams
Most likely your company, like so many others, needed to find new ways to communicate and collaborate with internal and external partners when Covid-19 scattered workers from their offices to their homes. Benefiting greatly from this shift were Slack (42% growth in paying customers from one year to the next) and Microsoft’s Teams (from 32 million to 145 million daily active users in a year).
Companies found themselves sharing files and data via these SaaS applications with not only internal employees, but with consultants, external agencies, freelance workers, suppliers and whomever else they needed to partner with to get the work done. New channels were added, as well, to funnel information to specific parties – all with minimal-to-no oversight by security and IT teams.
Of course, there’s good reason to encourage collaboration; it’s a mainstay of doing business now. But the problem is that too many businesses fail to see the risks they run when relying heavily on SaaS applications such as Slack and Teams.
The avenues to sensitive data opened by collaboration applications
SaaS data exposure risks arise from seemingly benign activities:
Guarding against such SaaS data access risks
While both Slack and Teams have security features built in to protect the applications, themselves, from external threats, they are not well-equipped to straighten out the dangers posed by the common sharing actions just described. No native tools exist to help the IT or security team determine the answers to a variety of practical questions:
Teams does offer some ability to address these issues through native security features. But as we discussed in our blog about the unrealistic manual effort needed to secure multiple SaaS applications, your team likely will still have to find a way to control data access provided by any number of other SaaS apps besides those produced by Microsoft.
And even so, it takes significant effort to shut down access because there’s very little automation for the actions required. In short, the IT/security teams would need to review each channel and user manually to determine what needs to be closed. More perniciously, sharing provided through a user will remain in Slack or Teams, even when the user has been deleted.
An automated solution through DoControl’s centralized platform
With DoControl, all the manual work that would be required to shut off unwanted or outdated access gained through Slack and Teams can be automated. You can quickly determine which channels no longer should be open, which files and data access points remaining after a user has left should be shut down, and what other vulnerabilities you’re facing. And even better, all can be addressed with automated processes that will save considerable time and effort and help keep your company safe.
To learn more about how DoControl can save you time and costs in shutting down unwanted access in not just Slack and Teams but all major SaaS applications, get in touch with us.
This stat comes from the industry report we published earlier this year: The Immense Risk of Unmanaged SaaS Data Access. It’s a great read. We recommend you check it out.
Just as is with the cloud, securing SaaS is a shared responsibility. Providers are responsible for ensuring the security of their platforms, but there is an onus on the organization consuming the service to protect themselves from data overexposure and exfiltration, as well as cyber breaches and attacks.
In this blog we are going to focus on three of the most widely adopted SaaS applications, based on revenue and growth, as well as just general popularity. We will highlight the pitfalls and security gaps (note: these apps are not inherently insecure!), and how DoControl can help deliver a single, unified strategy to SaaS application security and reduce the risk of both data exfiltration and cyberattacks.