Back to Blog

4 Top Data Security Concerns of Rolling Out Microsoft Teams

by | Jan 21, 2020

4 Top Data Security Concerns of Rolling Out Microsoft Teams
Are you worried about rolling out Microsoft Teams? Are you concerned that users may accidentally share the wrong information with Team members? With the 2019 Data Breach Investigation Report finding 34 percent of breaches were caused by internal actors i.e. employees, your concern is justified. In industries like Healthcare and Information that number is even higher accounting for 59 and 44 percent of breaches respectively. Understandably, rolling out yet another collaboration tool where data can be accidentally shared with the wrong party or parties, misused or even stolen for personal gain can be daunting. We’ve identified the top 4 data security concerns of rolling out Microsoft Teams and how to empower users to collaborate freely without risking sensitive data.

4 Top Data Security Concerns of Rolling out Microsoft Teams

While Microsoft Teams adoption is exploding with 500,000 organizational users, 13 million active daily users, and 19 million weekly active users, highly regulated organizations are often hesitant to deploy Teams or limit deployment of Teams due to information security concerns. Financial services, life sciences, pharmaceuticals and government organizations often express concerns over confidential information protection and/or sharing within Teams. These concerns are echoed by departments that handle sensitive information including customer data, human resources, legal, intellectual property (IP), R&D, financials, M&A, etc.
Here’s the top 4 concerns we hear from customers looking to ensure their sensitive information remains secure when using Microsoft Teams for collaboration.

1. Information Barriers (Ethical Walls)

There are times when users within an organization cannot exchange certain types of information with colleagues due to legal or reglatory requirements. Regulations within the financial services industry, mergers and acquisition activity and legal work all experience scenarios of this type. For example, the SEC prohibits any security transaction that is carried out by a person who has seen or has access to non-public information. The last thing any financial services company wants during a Teams roll-out is to inadvertently facilitate an insider breach that leads to an insider trade.While there is an ‘in-box’ solution in Microsoft Teams for setting up Information Barriers, it is very binary – groups of users are completely prevented from sharing or communicating with other groups. The concern with this all or nothing approach is that the latter is prone to accidental insider breaches and the former will very likely result in Shadow IT. Completely cutting off communication will force people to look for alternative tools, even if it is just to facilitate innocent interactions, resulting in increased compliance risk.

2. Preventing Sprawl and Breaking Data (or Information) Policies

By design, it’s very easy for a user to create a new Team, add members and start collaborating. The ease of use has helped to drive Microsoft Team’s viral adoption. However, just as we saw with SharePoint, organizations are concerned about wasting resources and other implications due to sprawl. Teams being created and then abandoned after a short period of time, duplicate Teams being created resulting again in an abandoned repository once users gravitate towards one Team over the duplicate. As well as wasting resources the redundant Teams create a scenario where the lack of oversight and life cycle management can result in valuable or sensitive information being at risk due to incorrect or outdated sharing settings that break information protection.

3. Ensuring Secure Collaboration

With all the new data protection polices from California Consumer Privacy Act (CCPA) to GDPR, now more than ever, organizations must ensure that collaboration content including chat and files in Microsoft Teams are being shared in accordance with information handling policies. Organizations need to also ensure that information such as company confidential files are not accidentally shared with external guests or other unauthorized Teams users. While Microsoft Teams offers Private Channels, it is a “location based” approach which has several limitations as there is no technical enforcement of information protection beyond permissions access to the channel. Private Channels do nothing to address customer concerns about files or chat messaged being accidentally posted in the wrong Team or channel. As Microsoft Teams adoption and use grows the accidental sharing risk increases as users may lose sight of Team membership and not realize that they are exposing confidential information.

4. Empowering Collaboration Content (Teams) Owners

The highly requested Private Channels capability in Microsoft Teams showed that Team Owners need to have more control over the granularity of protection that they apply within their Teams. Team owners are better positioned to know the specific sharing requirements, as they know their collaboration content the best. At the same time there must be balance between Team Owners and IT to ensure that corporate-wide policies are being properly enforced. Typically information protection policies and application access controls are defined and applied at the tenant level. While this works for enforcing organization-wide policies, it often leaves a security gap in Microsoft Teams. The dynamic nature of the collaboration process requires Team Owners to be equipped with the right tools to ensure that any information security gaps within Teams are appropriately plugged. Without this capability the concerns about Information Barriers, Secure Collaboration and Sprawl will remain and impact the success of any Microsoft Teams roll out.

Empower Users to Collaborate Freely Without Risking Sensitive Data

A data-centric approach is best suited to ensuring that there is no accidental sharing of confidential or sensitive content in Microsoft Teams while also providing the ability to provide granular control within a Team or Channel without the need to create a separate silo (i.e. a Private Channel) to carry out tasks.
NC Protect offers a better way to secure your sensitive information by enhancing key Microsoft Information Protection (MIP) capabilities to provide fine-grained, data-centric security. The solution prevents accidental oversharing, misuse and theft of chat and file content in Microsoft Teams by enhancing out-of-the-box security with:

  • Conditional access and usage rights to prevent accidental sharing within Teams
  • Default application of organizational information protection rules upon a Team’s creation
  • Unique, additional information protection capabilities such as user-specific watermarks and secure read-only access through a zero-footprint file viewer

If you’re worried about or struggling to secure your Microsoft Teams collaboration contact us to learn more about how NC Protect offers greater protection and control over ALL your Teams and Office 365 content.

Share This