The latest social collaboration tools give organizations a powerful new medium for workplace information-sharing and cooperation. But they also carry a new form of risk.
These social collaboration tools — including such popular systems as Yammer, Workplace, Slack and Chatter — can help workers reduce email bloat by instead posting updates to colleagues much as they do with friends on Facebook, Twitter, Instagram and other public social media platforms. Unlike those public platforms, this new generation of social collaboration tools can be used privately, protected from the public’s gaze.
However, many of these social collaboration tools would benefit from enterprise-grade security that provides a fully granular view. Without that level of visibility, these tools can leave C-level executives in the dark. They don’t know who’s using these social collaboration tools. They don’t know what’s being shared. And they don’t know if and when their organizations’ social collaboration policies are being violated.
Also, because these services typically run in the cloud, organizations that use them also give up a great deal of control. Where are the cloud service provider’s data centers? How secure are they? Who else has access to them? Ironically, many social media providers are poor communicators, and getting answers to these and other important security questions can be difficult.
More conventional enterprise productivity suites, such as Microsoft’s Office 365 and Google’s G Suite, already include toolsets designed to protect corporate data. For example, Office 365 protects users’ security with features that include data encryption, in-region data hosting and data-loss prevention.
But to date, few companies are monitoring social media use. So how do you protect your employees, your organization and your customers?
The way ahead
What’s needed is a way to apply the types of security capabilities found in enterprise suites to the new social collaboration tools. In this way, an organization can protect its data — and its reputation — while also enforcing its social policy.
Fortunately, a solution is at hand: cloud access security broker (CASB) products. These intermediary cloud-governance tools help security administrators identify, assess and control cloud services in use by an organization. They can block social sharing that violates organizational policies and alert administrators to anomalies that may represent risks. That means your organization can use a social collaboration tool while also increasing visibility into the tool’s use, enabling identity-based policy enforcement and reducing organizational risk. More specifically, CASB tools can help boost cyber security by offering:
- Visibility into the organization’s use of cloud services
- Centralized management of cloud-based identities
- Policy assessment and management of disparate cloud services
- Identification of regulatory compliance shortcomings in cloud services
- Prevention of malware propagation in cloud services
CASB products can be run on-premises or in the cloud. Often, they will need to be integrated with existing security technologies to gain the full capabilities. That might mean integrating a CASB with your firewall, secure web gateway, data loss prevention (DLP), identity and access management (IAM), mobile device management, or security information and event management (SIEM) systems.
All that capability has made CASB one of the fastest-growing areas of the cyber security market. In a recent NSS Labs survey of U.S. enterprises, nearly 90 percent of respondents said they’ve deployed a product they considered to be a CASB, while most of the remainder said they plan to acquire one in the next 12 months.
Global sales of CASB products are expected to grow by about 18 percent a year through 2020, when they’ll hit $7.5 billion, predicts MarketsandMarkets. All that’s leading to consolidation, too, as smaller CASB suppliers get gobbled up by the likes of Cisco, Microsoft and Symantec.
Are you looking into social collaboration for the workplace, but worried about its new cyber security risks? For a more detailed exploration of this topic, see my recent DXC white paper, Safe Social Collaboration in the Enterprise.