With innovative workplace technology such as Microsoft Teams and SharePoint platforms, end users have never been more empowered to share information, documents and resources freely. However, collaboration can often come at the expense of information security. The sharing of information so freely, inside and outside of an organization, can make organizations nervous – and so it should.
Security has implications for organizations of every size, with research showing internal breaches as a significant information security threat. A large percentage of breaches resulting from external threats also leverage elements from inside the organization to gain access to sensitive data through malware or social engineering. For a company of any size, a data breach can impact a company’s brand, have steep financial penalties and negatively impact their ability to operate. So how do we embrace new collaboration tools like Microsoft Teams without opening ourselves up to the risk of data security breaches through corporate espionage or even basic mistakes?
Microsoft Teams and other New Collaboration Tools
First, let me state that I am a huge fan of Microsoft Teams – just ask any of my Nucleus Cyber colleagues. The ability to collaborate on documents, chat or call with single or multiple parties all within a single user interface is far easier than resorting to email or sharing via a basic cloud file repository. And I’m not the only one who feels that way. Teams is Microsoft’s fastest growing business application, and they’re committed to making it the most popular collaboration tool around. Over 329,000 organizations are using Teams, including 87 of the Fortune 100.
Likewise, what Microsoft has done with SharePoint’s Modern Sites from a user experience perspective is to be commended. SharePoint is in a position to fulfill the promise of a collaboration platform that users actually enjoy using. While both of these new collaboration experiences from Microsoft make it easier than ever before to share information and collaborate with people both from within and outside your organization, some of the underlying building blocks supporting them do come with a bit of an information security health warning.
The Hidden Cost of Easily Sharing Information
Remember that a major component underpinning a Microsoft Team is a SharePoint site collection. While this has undoubtedly made it easy to provide many of the collaboration features within Teams there is a drawback. Leveraging a site collection enables a logical boundary for many elements related to how the Team functions including playing a key role in how access to files and other content is granted.
However, if we look back at the history of SharePoint it doesn’t take too long to come across the term SharePoint Sprawl and the push toward needing easier administration and better governance for SharePoint. One of the key guilty parties in this struggle – users creating too many sites and site collections. To combat this both Microsoft and its’ partners devised tools and best practices to overcome the challenge of sprawling, freely created sites and order, to a degree, was restored.
Sound familiar? Freely created spaces to share and collaborate? Has Microsoft just undone years of work ensuring that our organizations collaboration platform was properly administered and governed and are our most precious data assets now at increased risk? From a certain perspective yes, they have. But this was driven by Microsoft’s realization that a different approach was needed to satisfy users and enable modern collaboration. Which presents an entirely new challenge for organizations – balancing IT Security and Information Security with free and open collaboration.
Balancing Security and Collaboration
The shared challenge among IT leaders and security specialists worldwide is – “How do I enable a collaborative digital workplace, while also ensuring we have the security protections in place to protect our IP and sensitive information?
While I am in no way advocating for abandoning governance plans (and neither is Microsoft if you read their documentation for Teams) we do need to look at the options that we now have at our disposal in our governance and information security toolbox. We no longer have to rely on static permissions, rigid taxonomy or solely the AD security groups or SharePoint groups to determine access. Microsoft’s AD groups, SharePoint Groups and newer Office 365 Groups present multiple options for designing access but achieving the level of granularity and contextual access that organizations need is an administration headache. Worse, the permissions complexity that can result is a huge information security risk if wrongly configured.
Luckily, we now have solutions like those from Nucleus Cyber that give the option to use multiple attributes of both the file and the user in question to determine if they get access and what they can do with the file when they do. For example, perhaps only the editor can view this particular document, or perhaps it can’t be emailed or accessed on public wi-fi. We no longer must make the binary choice of having access or not having access. The same is true for sharing externally. I remember almost every SharePoint Admin asking if external sharing for OneDrive could be turned off. Now we can choose the type of content within a Team or SharePoint site that we will allow an external user to see or what they can do with it when they do.
Putting the Pieces Together
Today, the team here at Nucleus Cyber and LiveTiles announced a strategic partnership to address the collaboration risks associated with modern workplace technology. We’re teaming up with LiveTiles to deliver intelligent transformation in the workplace that is secure, where users are free to be as dynamic as they need to be with the protection businesses require.
One of the things that really excites me about the partnership is that LiveTiles also recently acquired Hyperfish technology, which is designed to intelligently gather employee data. This gives Nucleus Cyber a great set of user attributes that come in very handy for our rules engine to determine a document’s appropriate access rights and use in a way that is seamless to the end user.
Together with LiveTiles we are enabling a new Intelligent Secure Workplace that is built on the Microsoft collaboration platform. You can now have granular control over your organization’s IP and information without restricting the collaboration freedom that your users demand or risking the high cost of being too open with your sensitive data. Contact us to learn more.