Is your collaboration platform compromising your security?

The rapid and large-scale shift to remote working across many industries has raised new questions around the security of the platforms supporting virtual collaboration and communication. With broader adoption came reports of abuse and misuse: uninvited guests ‘Zoom-bombing’, misleading privacy policies, and lax encryption have all been well-publicised, shining the spotlight on the security inadequacies of popular collaboration platforms.

After significant scrutiny, many of these vulnerabilities have since been addressed. But the number of organisations exposed has shown that when deploying a collaboration platform, security must be a key consideration.

Here’s some of the top questions you should be asking from the onset:

Does the platform use end-to-end encryption?

Once upon a time, encryption wasn’t always used for data in transit. Zoom, for example, learned a fast lesson when they restricted encryption services to paying customers only. Following widespread outcry, encryption was swiftly delivered to all platform users1.

Encryption is also used to protect data stored on platforms (“data at rest”), which is vital to prevent unauthorised third parties, threat actors and even the service provider from accessing sensitive business information. This is just as important as safeguarding data in transit, however not all vendors offer this type of encryption.

There is a more secure way: end-to-end encryption. Take the added layer of security in Cisco Webex Teams and Cisco Webex Meetings: as well as encryption at rest and in transit, customer data is encrypted prior to being sent.

This means that content is encrypted immediately and remains so until it reaches the intended recipient, with no decryption key access provided to intermediaries unless explicitly granted. Even if one of the other encryption approaches fails, malicious actors still can’t access customer data.

It’s crucial you understand where your protection starts and ends. While vendors will be quick to spruik the inclusion of encryption, you may need to dig a little deeper to understand exactly what that means.

Can the platform support single sign-on?

Cloud collaboration platforms requiring users to create and store their login credentials on the service itself are attractive targets for attackers. The fallout from database leaks are amplified when you consider that people often use the same or similar passwords across apps, and the possibility of compromise is high.

Bypassing a Software as a Service (SaaS) platform’s door for identity and using corporate identity methods means you can:

  • Integrate single sign-on (SSO) with a corporate identity solution like Active Directory (AD), reducing the risk of password exposure as employees no longer need to write down or save multiple passwords.
  • Wrap multi-factor authentication into the sign-in process, delivering one of the most effective controls an organisation can implement to prevent an adversary accessing sensitive information.

Will the user have granular control to determine role-based permissions?

No organisation wants to fall victim to ‘Zoom-bombing’ trolls who gain access to share unwelcome images and links with event guests, or worse still, compromise private discussions and data. It’s important to be able to grant certain users privileges for events and control the settings of each meeting. With granular settings, users can easily manage the behaviour of both users and the system before, during and after meetings. This is particularly important for events with external customer and supplier attendees.

For example, Webex Meetings allows hosts to coordinate and control an event enabling security decisions for specific sessions. You can determine exactly who can share their screen, who can unmute themselves, and who can interact with content provided, among many other security provisions.

Role-based access control is all about allowing the right people to do the right thing – a basic concept, and critical consideration for any collaboration platform.

How does the vendor protect user data?

Let’s put this though the lens of ‘shadow IT’, which is third-party IT systems not sanctioned by the organisation. If a suitable collaboration platform isn’t provided, users tend to get impatient and head to the web to find their own, immediate, solution. To access this newly downloaded software, they must provide an email address.

This is likely the same email address used for work, paired with one of their regularly used passwords (poor password hygiene is prevalent – one study found 21% of people use passwords that are over 10 years old, and 47% use passwords over 5 years old2). Collaboration platforms are popular with hackers, so if that platform happens to be breached, user credentials may subsequently be made available on the dark web.

It all comes back to good IT hygiene on both sides – the organisation and the vendor. The organisation must avoid shadow IT by providing the tools required by their teams. The vendor must provide a secure, safe platform and back it up with clear information explaining their security protocols.

There’s a lot of unsecure apps out there: alarmingly, a study of 33,000 apps revealed that less than 1% had the built-in security requirements for regular business use, and 39% were not suitable for business use at all3. It’s also important to be on alert for a less than stellar track road of breaches or heavily ad-supported platforms. They might be an attractive low-cost choice, but with increased risk of attacks, not so appealing in the long run.

Chat to a Data#3 collaboration specialist

With deep expertise across Cisco’s portfolio, Data#3’s collaboration specialists can help you tap into the business benefits of a better connected and productive team. If you’re trying to find the best fit for your organisation, compare the key functionality of Cisco Webex Teams and Webex Meetings in our infographic.

To learn more and experience the power and ease of Cisco Webex for yourself, register for a demonstration or enquire about a free trial.

1.Zoom (2020), End-to-End Encryption Update. [Online] Available here

2.Entrepreneur (2015), Password Statistics: The Bad, the Worse and the Ugly (Infographic). [Online] Available here.

3.Symantec. (June, 2019). 2019 Cloud Security Threat Report. [Online] Available here

Tags: Cisco, Cisco Webex, Cisco Webex Teams, Collaboration, Cybersecurity, Modern Workplace, Security



Why would you deploy SASE?
If Secure Access Software Edge (SASE) with Cisco Meraki is the destination, what does the journey to get there look like?

Firstly, let’s set the scene. The term SASE was first mentioned by Gartner Analysts in July 2019 and Gartner continues…

Customer Story: Teachers Mutual Bank Limited

Teachers Mutual Bank Limited earns time and focus through investment in a DaaS solution from Data#3…

More than just a chip: how Microsoft and Intel deliver flexible work experiences

Someone once said that innovation is taking two things that already exist and putting them together in a new way.

Data#3 named (HPE) Platinum Partner of the Year and Aruba GreenLake Partner of the Year
Data#3 enjoys double scoops at HPE/Aruba awards night

December 08, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…

Top Ten Tips: Microsoft Teams 2022

Microsoft Teams has quickly become an integral part of many peoples’ work lives around the world. Since 2019, Teams has…

Streamline operations and empower employees in the modern workplace

One thing we can all agree on, is that the nature of work has changed.  Employees expect…

Data#3 HP Services Award Partner of the Year 2022
Data#3 Takes Home HP Services Partner of the Year Award

November 24, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is pleased to announce that it has…

How to build better flexible work experiences with Surface and Intel
How to build better flexible work experiences with Surface and Intel

With over 70% of employees wanting flexible working arrangements to remain in place and 67% desiring more in-person work, hybrid-working…