Here’s the harsh truth — collaboration software lacks security and compliance guardrails. Companies have been wrestling with a slew of risks because of the broader adoption of these tools. Amid the coronavirus crisis, it has become more difficult for organizations to identify where they’re at most risk. Every collaborative application includes messaging app, and the introduction of video and voice has opened a new playground for threats and data loss. With remote workforces Opens a new window tapping project collaboration tools for work, C-level executives need to rethink basic security hygiene and work quickly to manage risk-reduction in the current environment.
Popular project management tools such as Trello, Asana, G-SuiteOpens a new window , Monday, Basecamp, Wrike, and Zoho Projects, among others, have become the new work hub in the COVID-19 era. Findings from research firm Nemertes Opens a new window indicate that more than half of the 600+ organizations studied in 2019 had deployed team apps, and by the end of 2021, that number is projected to rise to almost 67%. Collaboration apps Opens a new window have led the shift away from in-person meetings. Evan Golden, experienced consultant and trainer sharedOpens a new window collaboration wasn’t perceived to be effective without face-to-face meetings. But as organizations continue to scale, IT and non-IT sectors are tapping cloud collaboration apps to get work done. “With remote teams and less meetings, there is an even more evident need for reporting of current data from a common system of record. If teams are going to have less face time, then they need to easily find the answers to their questions,†he shared. While the benefits are manifold, enterprise workspace collaboration apps are also soft targets for cybercriminals. And we’re beginning to see the security concerns with cloud based collaboration software across the board.
If you look beyond Zoom’s troubling headlines, (the $35.8 billion company now faces a class-action lawsuit over its poor security and privacy track record), Inti de CeukelaireOpens a new window , ethical hacker and Head of Hackers at intigritiOpens a new window reported roughly 15% corresponding Atlassian instances were open to the public. He tweeted,Opens a new window “There has been a sudden, measured increase of internal service desks quickly reconfigured/publicly exposed due to Covid-19 measures. People will always make mistakes, but the environment defines how easily these mistakes are made.†First reported by The RegisterOpens a new window , Atlassian quickly respondedOpens a new window with best practices guidelines around Jira Service Desk, the popular ticketing software, and how to set portal permissions last week.
With homes becoming workspaces, IT decision makers and senior executives are suddenly faced with a new environment that entails reviewing digital workspace security, evaluating new threat chains, securing hybrid business applications and project management software without limiting access and collaboration to ensure business continuity. As per a CNBC flash surveyOpens a new window , 36% of executives said that cyber threats have risen substantially, and an uptick in phishing scams can impact enterprise data. Additionally, as COVID-19 kicks collaboration apps into mass action, enterprise users need to contend with cloud vulnerability issues.
Learn More: From The Whiteboard to Jira Board Opens a new window
IT leaders face critical questions in the face of a pandemic:
- How can security teams identify threats and tackle risks in this uncertain environment?
- Is there a need for compliance and governance policies around project collaboration software?
- How can an organization prioritize and identify areas of risk in collaboration apps?
Toolbox caught up with IT experts and senior business leaders who are on the frontlines to discuss challenges and best practices to build security, compliance, and policy frameworks for project management apps and what should be the way forward, post COVID-19.
Learn More: 4 IT Management Tools to Prepare for Coronavirus Disruption Opens a new window
1. Identity Management Checklist for Remote Workforce
RyanOpens a new window BennerOpens a new window , VP AnexinetOpens a new window shared best practices about access controls and identity management with Toolbox. Benner says a “thoughtful process needs to be established to ensure all necessary components are covered.†As a large population connects remotely, organizations need to instantly recognize their employees as well as the devices they are using, he notes. This involves active directory, two-factor authentication, and Privileged Access Management. Another critical point includes reviewing current security posture and compliance regulations such as the NIST standard that needs to be followed.
2. Endpoint Device Management
The stay-at-home workforce logging in remotely from untrusted networks has opened new intrusion vectors. For example, there’s potential risk from home routers, personal devices like smartphones and IoT devices such as cameras that could be infected with malware. Some of the concerns surrounding access over unsecured Wi-Fi networks can be checked with VPN and multi-factor authentication.
Benner Opens a new window dishes advice on how to secure endpoints while providing access to tools when they’re not on the corporate network. Endpoints should have the same level of protection and policy application as in the office, he notes. Some of the technologies for endpoint device management include Mobile Device Management (MDM), Endpoint Security, and cloud-based security and filtering technologies.
Learn More: 10 Collaboration Tools With the Best Security Features Opens a new window
3. Placing Governance Controls on Project Collaboration Apps
For companies that weren’t using any type of file-sharing or digital workspace tools, the coronavirus prompted a shift to cloud apps. But with communications jumping channels, how can organizations go about defining the responsible use of the software. By and large, project collaboration apps fall out of bounds of the compliance and governance areas. With new collaboration tools and features emerging, companies need to think through the policy side as well before deployment and understand they need to remain compliant with various standards and regulations.
4. Evaluating Risks in Project Collaboration Apps
Risk cuts across different tools — so how can an organization go about prioritizing and identifying areas of highest risk. Industry analysts Robert Cruz and Brian Hall share a good starting point is examining the native capabilities of each collaborative network that includes metadata, API access, event data. Another critical advice they offer is tweaking governance policies Opens a new window to understand higher risk areas and leverage AI surveillance to understand the networks. While the benefits are manifold, enterprise workspace collaboration apps are also soft targets for cybercriminals. Additionally, a lack of policies around governance makes it a communications compliance risk, deems Smarsh, one of the leading providers of web archiving services. That’s why to avoid risk from the get-go, especially in the post-COVID-19 phase, organizations should establish clear guidelines on usage and governance of project collaboration apps.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!