AGAT

CONTACT US
CONTACT US

Tag: Unified Communications

Categories
blog

INFORMATION BARRIERS AND EXTERNAL MEETINGS 

BLOG SPHERESHIELD

EMPOWERING AT MAXIMUM YOUR EXTERNAL MEETINGS WITH SPHERESHIELD

Interfaz de usuario gráfica, Aplicación Descripción generada automáticamente

TABLE OF CONTENT

1. Most common information risks during external meetings.

2. Information Barriers and complying with regulations (FINRA, MiFID II, HIPAA).

3. How do Information Barriers work on Microsoft Teams?

4. Capabilities and Limitations of the Information Barrier in Microsoft Teams.

5. How do you address risks when communicating externally?

In this article, we’ll talk a bit about how our Information Barriers can help your company during external meetings to avoid information leaks.

Most of the network security challenges are nothing new. What is new, however, is that the reality that the users, systems, and information teams are trying to protect is, in many ways, no longer under their control. Users are calling the shots, and network teams don’t see it happening. This type of situation, which most organizations are experiencing, is riddled with risk.

Experiencing a breach, or receiving a fine for non-compliance, can be a huge blow to the upstanding reputation your brand has worked hard to build. Both customers and industry peers will have doubts about doing business with your organization for years to come, and at AGAT we would like to help you avoid that.

Most common information risks during external meetings

  • Leaks of information: The first risk is a leak of information avoiding traditional network security technologies, such as firewalls and intrusion prevention systems, through files shared, video and audio interactions, or even chats.
  • Password sharing: Users share passwords among websites and other users especially when personal devices are involved.
  • Software: Software that is installed on computers, tablets, and phones may violate an organization’s security standards and put sensitive information, VPN connections, and more at risk.
  • Personal devices: Laptops, tablets, phones, and other devices may not be encrypted and, therefore, could expose corporate assets and network connections.
  • Screen Sharing: When sharing the screen, other users can see your screen and watch your activity in real-time which can unintentionally show private information on the screen like passwords, projects names or client names, and other sensitive data that you would like to avoid sharing.
  • Vulnerable backups: Another risk is the data that isn’t backed up or is being backed up to vulnerable or unsupported media, such as USB hard drives and consumer-based cloud services.
  • Phishing attacks: In addition to the above risks, teams also increasingly face phishing threats and related attacks, including smishing and vishing.

Combine these issues with all the distractions of working from home, and enterprises have a formidable security challenge on their hands.

Information Barriers and complying with regulations (FINRA, MiFID II, HIPAA).

Is critical for businesses to understand how they can establish the information barriers in communication platforms so they can prevent data loss and comply with regulations. Negligence can be reduced with the right policies to proactively restrict and monitor employee activities for unethical or risky behaviors. This makes it important to comply with legal and commercial rules that are constantly changing and becoming more complex.


Blurred-businessman finger touch padlock protect icon,and virtual screen interface,protecting data personal and network information,cyber security technology with data protection privacy concept

Regulations such as Europe’s MiFID or the USA’s FINRA state that financial services organizations must have an “Ethical Wall” in place to restrict communications between people with conflicts of interest. 

HIPAA compliance is more important than ever, and the Ethical Wall exists to protect the privacy of individual health information, while at the same time allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. 

Although it started as a common practice in the financial services sector, the concept of Ethical Walls also exists in other areas such as call centers, journalism, law, insurance, and computer science.

How do Information Barriers work on Microsoft Teams?

As you might be aware, not every Information Barrier solution for Teams, Webex, and Slack out there can work in Real-Time, and what is more, many DLP’s fail to prevent your employees from sharing sensitive information with external companies.

Microsoft’s Information Barriers policies don’t work for federated users: If you allow federation with external organizations, the users of those organizations will be able to communicate without any restrictions. This means if users of your organization join a chat or meeting organized by external federated users, then Information Barriers policies also won’t restrict communication between users of your organization.

AGAT’s Ethical Wall and DLP are the only solutions in the market that offer Real-Time Information Barriers for Teams, Webex, and Slack.

What is more, AGAT’s Ethical Wall offers flexible control over which internal groups can communicate with specific external domains. This means that you can federate with a domain partially, and only allow communication between specific groups. In short, our Ethical Wall offers the following features:

  • Granular control is offered based on groups, domains, and users and applied dynamically based on the context of the communication
  • Policies can also be applied to flexibly control the types of communication such as direct messages, file sharing, screen sharing, audio, and video
  • Policies can be applied to chat, channels, and meetings depending on participant type (employee, external, or guest)
  • What is more, it works in real-time to comply with some of the strictest regulations such as FINRA, MiFID II, and HIPAA.

Capabilities and Limitations of the Information Barrier in Microsoft Teams.

Microsoft Information Barriers works by blocking files, and messages and adding team members using customizable filters such as department, alias, and email address. Many custom filters can be set to manage the policies.

As for Information Barriers and limitations, these are the general aspects:

  • Policies can only be set using PowerShell. No UI. It can be very difficult for a compliance officer to use.
  • No control of communication with the external domain during meetings.
  • No control over external users and guests.
  • No auditing of blocked operations that can assist in training. 
  • No notification for compliance admin.
  • No granular control of specific operations such as screen sharing.
  • Policies can be set only to either block files or messages. There is no control over functionalities such as audio, video, and screen sharing.
  • If previous address book policies are present, they must be deleted before configuring.
  • Policies can take several hours to apply after configuration.

As for users that want to know how to overcome these limitations and gain extra functionality from the Information Barriers, we recommend checking out SphereShield Ethical Wall for Microsoft Teams.

SphereShield Ethical Wall for Teams is a solution that provides organizations with the ability to control information flow in Teams using granular policy controls, including restricting the communication type (audio, video, or chat messages) between specific groups of users, as well as restricting communication with external contacts. In addition, the solution offers extensive auditing and reporting capabilities to give compliance officers complete visibility into Teams communication.

How do you address risks when communicating externally?

When it comes to phishing, malware, and data leakage, Microsoft Teams is no exception. When you’re not actively using Teams or are away from your computer, Teams will send an email notification containing a link to the missed message. Threat actors can exploit these Teams features to launch phishing attacks using malicious code.

The guest access functionality in Teams could also lead to data leaks and unauthorized access. For instance, sharing files with external users or guests through channels even when it is no longer required, or continuing to provide access to Teams even after the meeting has ended, could result in data leakage or the visibility of confidential files.

Microsoft also allows third-party apps to integrate with Teams to enhance the platform’s experience, which expands the attack surface. However, these apps could also be potential entry points for unauthorized access.


Side view of beautiful positive man dressed casual sitting at dining table in kitchen and having video call over laptop with his girlfriend. on table next to laptop are glass of water and coffee.

AGAT offers a Real-Time DLP and Ethical Wall solution that will back up your information, and support audio, chat, and video during meetings using OCR to avoid data leaks even orally. Also, our DLP can limit certain file types (eg: .exe .zip) from being shared while communicating with internal and external users. Our Ethical Wall covers both, internal and external communication, so policies can be created allowing one internal team to talk to outsourced employees while blocking all the other teams.

What is more, it works in real-time to comply with some of the strictest regulations, such as FINRA, MiFID II, and HIPAA.

Contact us today to see how SphereShield can help in security, compliance, and governance on your Unified Communications platform (MS Teams, Webex, Zoom, Slack, and Skype for Business).

Categories
blog Ethical Wall Microsoft Teams

Are Microsoft E5 and E3 Licenses worth the money?

image 1 1

In this article, we will talk about the best ways to address important security and compliance issues with SaaS products, and review some solutions available within plans like Microsoft E5 or E3.

Table of contents

  1. The paradox of reducing cost while maintaining high compliance and security standards
  2. The range of solutions within Microsoft licenses E3 and E5
  3. Is the Microsoft E5 license really worth the money?
  4. Alternatives to a Microsoft E5 License
  5. AGAT’s SphereShield for compliance
This image has an empty alt attribute; its file name is image3.png

1- The paradox of reducing costs while maintaining high compliance and security standards

It’s 2022 and the global scenario is one of economic uncertainty. Companies are starting to pull back on developments while others look for ways into reducing operational costs before starting to lay off employees.

While the global stagflation keeps on developing, many chiefs of compliance, security, and technology officers are facing the same question: How is it possible to reduce the overall SAAS spending while not sacrificing any security or compliance requirements?

On one hand, it’s impossible to get rid of essential paid services such as corporate emails, servers, cybersecurity, collaboration software, and the like. But on the other hand, there is a tremendous risk associated with the idea of replacing functioning solutions developed by well-known vendors with home-made not-so-effective patches.

2- The range of solutions within Microsoft licenses E3 and E5  

Microsoft 365 is the market leader in SaaS, offering a complete suite of business productivity tools for easier communication and collaboration. We know that Microsoft 365 includes Windows OS and the whole Office product line in its subscription, also allowing the use of diverse cloud-based services for business environments, such as hosted Exchange Server, Skype for Business, MS Teams and SharePoint, among others.

With a good price/value ratio, the E3 license is one of the most popular options between small to mid-sized organizations. But Microsoft E3 offers only limited solutions around identity and access management, threat protection and information protection, and it lacks compliance solutions.

Then there’s Microsoft E5, a more than significant step-up from Microsoft 365 E3 that includes important security features such as, Identity Management, Cloud App security, Auto Labeling for sensitive content, etc., as well as it can address some compliance requirements. But this plan also includes other functionalities like Power BI and Teams Phone that add up to the price unnecessarily for companies if they won’t use them.

This image has an empty alt attribute; its file name is image2-1024x390.png

3- Is the Microsoft E5 license really worth the money?

The difference between the features provided by E3 and E5 is clearly reflected in the monthly subscriptions price jump of $21. Taking a look at their published prices, if a company with 500 employees decides to contract E3 it would incur an annual cost of 216,000.00 USD, and that price ascends to 342,000.00 for the Microsoft E5 plan.

But the bottom line is, getting access to the newest compliance and data governance technology developments by Microsoft demands high-end licensesThe Microsoft 365 Enterprise packages E3 and E5 are aimed at organizations that need more information protection and compliance capabilities.

Microsoft E3 and E5 licenses prices list

Microsoft also offers separate plans for security and compliance that can be added to an E3 license. There’s the Microsoft 365 E5 Security add-on (formerly Identity & Threat Protection) priced at $12/user/month, and the Microsoft 365 E5 Compliance add-on, also priced at $12/user/month, both requiring annual commitments.

It’s not necessary to dive into the details of the solutions provided by each of those add-ons knowing that, by adding the two of them to an E3 plan, the total price ends up paired to E5. So if your organization is interested in both the security and the compliance solutions by Microsoft it’s still preferable to purchase the complete E5 bundle.

I know what you’re thinking, is it possible to purchase the E5 security and compliance add-ons for a cheaper license than E3? No, Microsoft makes these packages available only for E3-level subscriptions. Smaller companies with plans like Business Premium (limited to 300 hundred users) don’t get the option of incorporating Microsoft’s wider compliance and security features.

For the case of Office 365 (the subscriptions without Windows and EMS) the conclusion remains the same, an Office 365 E5 license will give you a better bundle than adding security and compliance separately to Office 365 E3.

4- Alternatives to a Microsoft E5 License

Ultimately, decision makers should know that it’s not impossible to drop down and optimize SaaS software licensing if certain features aren’t essential for their organization’s particular needs. More so, many users choose to turn to third party providers for alternatives to some of Microsoft’s native capabilities.

It’s also important to address that organizations with specific needs, like the ones in tightly regulated sectors or those subject to data protection legislation need to secure their environments with the right technology to manage and protect sensitive data, and even though the E5 license offers a good complete set of security and risk mitigation features it’s not necessarily the only way, or the most effective, to address your compliance needs.

In past articles, we have taken a look into the limitations that the native capabilities of products such as Microsoft Teams have when it comes to compliance. You may find that important functionalities, for example the ones regarding Information Barriers, are very limited with a Microsoft E5 license and not available in E3.

5- AGAT’s SphereShield for compliance

With costs that represent only 10% of a Microsoft E5 license, AGAT’s SphereShield offers a complete compliance set of solutions that can be integrated to Microsoft Teams, expanding some crucial functionalities.

This image has an empty alt attribute; its file name is image4-1024x446.png

Among its most important characteristics there’s the inclusion of an advanced information barriers solution: SphereShield’s Ethical Wall, that allows extra control over guest user capabilities, granular control over specific operations, incident auditing for compliance awareness, and more.

We have addressed before how Microsoft’s DLP solution is only near-real time, and the risks involved in that kind of reactive approach. AGAT’s SphereShield DLP engine offers real-time inspection of content and context-aware policies for data loss prevention, identifying and blocking sensitive data before it reaches the end user.

AGAT has also developed features that extend Microsoft Teams’ governance capabilities for better control over user permissions and preventing information leakage. SphereShield also offers eDiscoveryadvanced search capabilities that can be implemented online or on-site.

Finally, the whole range of compliance solutions developed by AGAT can be licensed separately, allowing companies to further tailor their subscription plans to meet their exact needs.

We encourage you to contact us to get a free trial of AGAT’s SphereShield

Categories
blog Channel Management

Microsoft Teams Channel Management FAQs

image 4 1

SphereShield offers Channel Management solutions to enhance visibility and control over Microsoft Teams. Hundreds of customers use it daily for adapting their Channels to the evolving environment. As companies change and projects are finished or sidelined, users face a cluttered Teams structure with excess inactive Channels affecting productivity. Let’s take a look at some of the key functionalities provided and how to employ them: 

bjBKCCoPkaPIjsGn9khVx 7sM9JCBw s6Dfm7HrIulSbWrFvRTXBd1QCwHW73E DcaAs0RZ KYgnrCXkl7pdutCaD WVSWSZi0jrXjsOTjTjEPvujDjSyL8Moh1trUB74B3XQV63m8BCpAslsAQ

Table of contents:

  1. How do I convert a public channel into a private channel?
  2. How do I rename Channels in Teams and SharePoint?
  3. How often is a new Channel / Teams detected and updated in the Channel management list?
  4. How do I limit administrative access to teams?
  5. The compliance admin wasn’t added to private channels, what should I do?
  6. How do I add admins to the SphereShield Portal?
  7. Why can’t I see the export option?
  8. Can I Enable/Disable the Compliance admin for periods in which I am not using SphereShield Channel Management?
  9. When I move a channel, what happens to the chat?
  10. Can I move or copy a channel archived in Microsoft Teams Admin center?
  11. What limitations do Private Channels have?
  12. How do you set prices for Channel Management?

1- How do I convert a public channel into a private channel?

To convert a public channel to a private channel, you can follow these steps:

1- Create a new private channel

2- Merge the desired public channel into this new private channel. 

Your content is now in a private channel.

2- How do I rename Channels in Teams and SharePoint?

Although we do not offer a one click solution for this, it can be achieved as follows:

1- Create a new Channel with the desired  name

2- Merge the old-named Channel into the new one.

Now your files in SharePoint and in Teams will be in a channel/folder with a new name. 

3- How often is a new Channel / Teams detected and updated in the Channel management list?

The teams and channels list is configured to run an update check and refresh every 60 seconds for European based customers and every 10 minutes for  American based customers. How long the process takes depends on how many teams, channels and users are in the tenant and can vary between 3 to 10 minutes. After adding a new channel, refresh the page (from the refresh button of the browser) to see if it has been updated in the portal. 

4- How do I limit administrative access to Teams?

To limit admin access to Teams follow these steps:

1- Under settings go to “Site Security”

wp0G3G4UHa2dBGM qkOU7EtFIR6uP0OIPfTbebCOWGf1fojdjrvAW 0CpuWRygskIQjIghZHW3qLmx7O4fMImYv4oL0XEzjGWyFpWYKRlO

2- Change the setting  “Users can only see Teams they have permissions on” to yes.

fV1g 29T r0v6DIbMtWNSVBxrmyuSiYyFIe5XGQjv ntUyqEgcTvsC8j

3- Click the “Add” button to add users as Admins. Please be sure to also add the compliance administrator you configured in the initial configuration of the portal as an “Admin with settings access”.

kL07NgnU1yxeKV1qvrMHH5DkPMUatE XDUHdUx tbo6fpOKb7SZgqO5UrpEFkEaMGpE9jEcEkjScaFhXyYhIrTT

4- Start typing the names of the users you wish to configure and select them from the drop down menu. You’ll need to configure at least one admin with settings access and one without. This will lock out other users from accessing the portal.

DQqvWHhtS4 aGrKZDsskNgDwzVF0rv4pBrDXUTfI6fwMcoi wLGvCjEJQJvGzNoNkCdvxV2OCLemIS vvOJY5tufZcmoM6vE5PBOT0D5W7fWcnNkCpYlaJAGu4 ICwHRlTbuD WMDZ9l27LLDntYqb4

After the configuration is complete, only the compliance admin will have access to all the teams on the tenant. 

As long as you perform actions with the other users configured as admins, they will only have access to their own teams.

5- The compliance admin wasn’t added to private channels, what should I do?

The compliance admin can’t be added automatically to private teams and channels so if you’d like to use it to manage them you’ll have to add it manually to each one. However, you can also manage private channels with their existing owners (if you haven’t restricted their access to the SphereShield portal).

If, for example, you copy a private channel using one of its existing owners then the compliance admin will be added as an owner in the newly copied channel (but still not in the original).

6- How do I add admins to the SphereShield Portal?

On the menu to the left, go to Settings and then Site Security. Scroll down and click the “add” button in order to add users as admins. Please note that you must add at least one user as an admin with settings access and one without, in order for other users to be locked out of the site. The compliance admin you created during the initial configuration of the site must also be added to the list as an admin with settings access.

vqKqGcqAJTJNQ6GfIA9BjmLxjzvryhFdG6kPE63w4FMD91bzJn3 1KW6 KfSAMaisc2Xtyl9yZ8NaPdphu2qNr3lu8aIMqFVkTGSk2YMJYfCmLXYbK0SBsBdt21n8qPgIwF7DjlP3RW59w4YjpLV2zM

7- Why can’t I see the export option?

The export option is only available to users who have been configured as “admins with settings access”.

8- Can I Enable/Disable the Compliance admin for periods in which I am not using SphereShield Channel Management?

Yes, you can disable the user. However, you need to know what kind of password policy the company has. It is EXTREMELY important to know whether the policy is set to “never expire”  or if it expires after a certain amount of time, months for example. If it’s set to never expire, then you can disable/enable the admin periods as much as you want. If it’s not, you should consult support, and remember to enable the admin before the expiration happens.

9- When I move a channel, what happens to the chat?

Moving a channel will move the chat inside it to the new destination place. The chat itself will be moved, and it will be sent by the compliance admin with a timestamp stating when it was moved. The original message body will have the original sender name and timestamp. Please note: reactions to chats won’t get moved.

KpycfQibZ7FzieQlTM5Wf8BjmXHRkPXdiVwrd 7uGV6LBS DQ6y5aLrI0EVUuTGHQ5Bx4gaACVRK8eeuM RDDZlVjP36Eu6KT FQhqA0LxMu3CiwtF55 Pf0tNu5m87VacYg4Wvu WKKs5CO5zBQBXY

10- Can I move or copy a channel archived in Microsoft Teams Admin center?

Yes, you can. But if the team of the channel that you are trying to move/copy/merge is archived in Microsoft Teams Admin center, you will receive the following pop up error message :

BvaS17 9riPDtAALn5CdCcigvN5im5IWQiEJ4Hyer4Qs1RgJsEsdfH5cTzU85fbOZgazDdhPoOX3uf90a9WjmW1YVTfOX58dMVeiNSZquz5oz9tr5JMmSsEidR4k5zn88uhl6Eg0AgBnjEXVWZIOvF8

To be able to complete the operation you need to unarchive that team and then try again.

tdPTjqi429ixKx7Is9OhG9R6TQMJL5Ea1 1rPjBsotqHWU3JCS

11- What limitations do Private Channels have?

When a private channel is either the source channel or the destination, Wiki and OneNote will not be copied. The original channel will be kept so the content will not get lost. A message about that will be a part of auditing. If there is no wiki in these channels, the behavior is like in public channels.

12- What is the price of Channel Management? 

The price is based on the amount of users per month, plus a fixed charge for server usage.

SphereShield Channel Management functionalities were developed with the needs of the end-user in mind. Our ultimate goal is to help you get the most out of Microsoft Teams, one of the top collaboration platforms out there, and extend some of its features to improve functionality, boost usability and productivity.

Contact us today and one of our sales representatives will soon be in touch with you.

Get a free trial

Sign-up for a free trial and demo with an AGAT expert

    Select your service

    For support please login to our support portal

    Get in touch

    Har-Hotzvim Hi-Tech Park, Jerusalem, Israel

    +972-2-579-9123

    info@agatsoftware.com

    Facebook Twitter Youtube Linkedin

    Compliance

    Ethical Wall

    Real Time DLP

    Archive & eDiscovery

    Recording AI Compliance Analysis

    Productivity

    AI Meeting Assistant

    Channel Management

    AI Sentiment Analysis

    Privacy Policy

    Terms and Conditions

    Resources​

    Company overview

    Partners

    Careers

    Blog

    Contact

    © 2013-2023 AGAT ALL RIGHTS RESERVED