Skip to main content
Cloud

Cloud Collaboration – Is it safe enough?

According to the Verizon’s Annual Data Breach Report, 25% of corporate breaches come from insiders. Though this figure seems rediculously high, is it really?

Considering the level of information now available across organizations, vertically and horizontally, can companies really expect total integrity across the depth and breadth of their enterprises? 

This is largely due to cloud collaboration tools such as Slack, Dropbox, and Google Drive which have enabled a new level of sharing that global executives are becoming increasingly uncomfortable with.

What’s the cybersecurity issue here? 

Well, just about everything. 

The problem with these cloud sharing platforms is they are really easy to use, but the teams using them aren’t keeping cyber security in mind. 

Slack 

Recently in the CNBC headlines for being the chatter box of multiple companies’ secrets, Slack is currently valued at over $7 billion. 

It is used by over 10 million people daily and has successfully moved company-wide interactions from the desktop to the cellphone. 

Slack has increased work productivity and the channels within the Slack App can focus chats on various topics – appropriate to the relevant department. The issue here is that the people creating the slack channels aren’t activating the correct security measures. 

This becomes an issue when employees leave the company, finish their contract or otherwise. Considering that many employees move across industries, potentially giving competitors access to company secrets is a cause for a serious rethink on app security protocol.

Slack has commented that they provide features for administrators to control access to channels they manage:

  • Private channels which are only accessible to employees who are specifically invited. 
  • Revoking access when an employee leaves or is reassigned.
  • A new feature called ‘enterprise key management’, lets administrators see exactly who’s sharing what in the app, and can block specific users from accessing certain channels during certain times of day.
  • Third-party e-discovery tools like Bloomberg Vault, Global Relay and more which allow customers to have searchable access to all data on the thread the data. This helps companies with regulatory requirements to keep track of information being disclosed.  

Slack has pointed out that they acknowledge they did not intentionally build an app that would prevent certain employees from accessing information without authorization. Many aren’t happy with this response.  Electronic Frontiers Foundation Senior Staff Attorney, Nate Cardozo commented to Gizmodo, that Slack could have been built with end-to-end encryption. This would prevent the access to private conversations without authorization, such as the God-mode mishap with the Uber App that cost them tens of millions in fines. 

Furthermore,these features are great tools to control what happens on the App. Sadly, because these channels are usually created without the knowledge of the IT department, the security protocols so readily available, are rarely heard of. 

Those using the Slack App may not be aware of the security risks that currently exist. This is where training must come in from the companies themselves, whether it be Slack, OneDrive, Google Drive, or any other cloud collaboration tool. Teams need to be informed on appropriate conversation and what must be reserved for a more secured method of communication. Additionally, training on user access to documents in a drive is critical to maintain confidentiality of sensitive documents.