Share

Is your collaboration platform compromising your security?

The rapid and large-scale shift to remote working across many industries has raised new questions around the security of the platforms supporting virtual collaboration and communication. With broader adoption came reports of abuse and misuse: uninvited guests ‘Zoom-bombing’, misleading privacy policies, and lax encryption have all been well-publicised, shining the spotlight on the security inadequacies of popular collaboration platforms.

After significant scrutiny, many of these vulnerabilities have since been addressed. But the number of organisations exposed has shown that when deploying a collaboration platform, security must be a key consideration.

Here’s some of the top questions you should be asking from the onset:

Does the platform use end-to-end encryption?

Once upon a time, encryption wasn’t always used for data in transit. Zoom, for example, learned a fast lesson when they restricted encryption services to paying customers only. Following widespread outcry, encryption was swiftly delivered to all platform users1.

Encryption is also used to protect data stored on platforms (“data at rest”), which is vital to prevent unauthorised third parties, threat actors and even the service provider from accessing sensitive business information. This is just as important as safeguarding data in transit, however not all vendors offer this type of encryption.

There is a more secure way: end-to-end encryption. Take the added layer of security in Cisco Webex Teams and Cisco Webex Meetings: as well as encryption at rest and in transit, customer data is encrypted prior to being sent.

This means that content is encrypted immediately and remains so until it reaches the intended recipient, with no decryption key access provided to intermediaries unless explicitly granted. Even if one of the other encryption approaches fails, malicious actors still can’t access customer data.

It’s crucial you understand where your protection starts and ends. While vendors will be quick to spruik the inclusion of encryption, you may need to dig a little deeper to understand exactly what that means.

Can the platform support single sign-on?

Cloud collaboration platforms requiring users to create and store their login credentials on the service itself are attractive targets for attackers. The fallout from database leaks are amplified when you consider that people often use the same or similar passwords across apps, and the possibility of compromise is high.

Bypassing a Software as a Service (SaaS) platform’s door for identity and using corporate identity methods means you can:

  • Integrate single sign-on (SSO) with a corporate identity solution like Active Directory (AD), reducing the risk of password exposure as employees no longer need to write down or save multiple passwords.
  • Wrap multi-factor authentication into the sign-in process, delivering one of the most effective controls an organisation can implement to prevent an adversary accessing sensitive information.

Will the user have granular control to determine role-based permissions?

No organisation wants to fall victim to ‘Zoom-bombing’ trolls who gain access to share unwelcome images and links with event guests, or worse still, compromise private discussions and data. It’s important to be able to grant certain users privileges for events and control the settings of each meeting. With granular settings, users can easily manage the behaviour of both users and the system before, during and after meetings. This is particularly important for events with external customer and supplier attendees.

For example, Webex Meetings allows hosts to coordinate and control an event enabling security decisions for specific sessions. You can determine exactly who can share their screen, who can unmute themselves, and who can interact with content provided, among many other security provisions.

Role-based access control is all about allowing the right people to do the right thing – a basic concept, and critical consideration for any collaboration platform.

How does the vendor protect user data?

Let’s put this though the lens of ‘shadow IT’, which is third-party IT systems not sanctioned by the organisation. If a suitable collaboration platform isn’t provided, users tend to get impatient and head to the web to find their own, immediate, solution. To access this newly downloaded software, they must provide an email address.

This is likely the same email address used for work, paired with one of their regularly used passwords (poor password hygiene is prevalent – one study found 21% of people use passwords that are over 10 years old, and 47% use passwords over 5 years old2). Collaboration platforms are popular with hackers, so if that platform happens to be breached, user credentials may subsequently be made available on the dark web.

It all comes back to good IT hygiene on both sides – the organisation and the vendor. The organisation must avoid shadow IT by providing the tools required by their teams. The vendor must provide a secure, safe platform and back it up with clear information explaining their security protocols.

There’s a lot of unsecure apps out there: alarmingly, a study of 33,000 apps revealed that less than 1% had the built-in security requirements for regular business use, and 39% were not suitable for business use at all3. It’s also important to be on alert for a less than stellar track road of breaches or heavily ad-supported platforms. They might be an attractive low-cost choice, but with increased risk of attacks, not so appealing in the long run.

Chat to a Data#3 collaboration specialist

With deep expertise across Cisco’s portfolio, Data#3’s collaboration specialists can help you tap into the business benefits of a better connected and productive team. If you’re trying to find the best fit for your organisation, compare the key functionality of Cisco Webex Teams and Webex Meetings in our infographic.

To learn more and experience the power and ease of Cisco Webex for yourself, register for a demonstration or enquire about a free trial.

1.Zoom (2020), End-to-End Encryption Update. [Online] Available here

2.Entrepreneur (2015), Password Statistics: The Bad, the Worse and the Ugly (Infographic). [Online] Available here.

3.Symantec. (June, 2019). 2019 Cloud Security Threat Report. [Online] Available here

Tags: Cisco, Cisco Webex, Cisco Webex Teams, Collaboration, Cybersecurity, Modern Workplace, Security

Featured

Subscribe to our blog

Related

Case Study - Uniting Vic.Tas
Customer Story: Uniting Vic.Tas

Uniting Vic.Tas Gains 24/7 Performance with Citrix on Azure Managed Service from Data#3 Objective Uniting’s mission is to provide care…

Are you maximising your Microsoft Teams investment?
Are you maximising your Microsoft Teams investment?

With so many of us continuing to work remotely, using collaboration tools has almost become second nature for connectivity…

How to choose the right surface device: a guide for the enterprise
How to choose the right surface device: a guide for the enterprise

The Surface family has recently undergone a makeover that goes more than skin deep. Less about looks, the upgrades…

Don’t risk it: It’s time to rethink your data governance and security in Teams
Don’t risk it: It’s time to rethink your data governance and security in Teams

As we approach the end of a year that’s been like no other, now is the perfect opportunity to reflect…

How to pick the right Surface devices for your school’s fleet
How to pick the right Surface devices for your school’s fleet

We spend a lot of time thinking about where education is heading, what challenges the future may bring and how…

Customer Story: Banksia Montessori School

Banksia Montessori School Powers Collaboration with Microsoft 365 Mail Migration Objective Staff at the Banksia Montessori School had a very…

Adobe DC Blog
7 ways that Adobe extends the value of your Microsoft investment

Freddie Mercury and Queen. Wine and cheese. Burgers and fries. Some things are simply better together. Now, you can add…

Unboxing the Surface Laptop Go
Unboxing the Surface Laptop Go

Surface Laptop Go is the lightest and more affordable Surface Laptop released. With 13 hours of battery life, a…