Set flexible communication policies, block interaction between restricted users with total granularity for communication types. (chat, file sharing, screen sharing etc.)
Choose your service:
Real Time DLP
Real-Time inspection of content. Block sensitive data before it reaches the cloud and destination user. Review conversation context with eDiscovery.
Choose your service:
Archive & eDiscovery
Archive your data safely in the cloud or on site and search for any communication by several parameters such as user, date, channel or text.
Choose your service:
Recording AI Compliance Analysis
Record meetings, search them and analyze them using video and audio transcript. Apply DLP policies.
Set flexible communication policies, block interaction between restricted users with total granularity for communication types. (chat, file sharing, screen sharing etc.)
Choose your service:
Ethical Wall
Set flexible communication policies, block interaction between restricted users with total granularity for communication types. (chat, file sharing, screen sharing etc.)
Choose your service:
Real Time DLP
Real-Time inspection of content. Block sensitive data before it reaches the cloud and destination user. Review conversation context with eDiscovery.
Choose your service:
Archive & eDiscovery
Archive your data safely in the cloud or on site and search for any communication by several parameters such as user, date, channel or text.
Choose your service:
Recording AI Compliance Analysis
Record meetings, search them and analyze them using video and audio transcript. Apply DLP policies.
Choose your service:
Recording AI Compliance Analysis
Record meetings, search them and analyze them using video and audio transcript. Apply DLP policies.
Choose your service:
Recording AI Compliance Analysis
Record meetings, search them and analyze them using video and audio transcript. Apply DLP policies.
Set flexible communication policies, block interaction between restricted users with total granularity for communication types. (chat, file sharing, screen sharing etc.)
Set flexible communication policies, block interaction between restricted users with total granularity for communication types. (chat, file sharing, screen sharing etc.)
AGI helps improve collaboration by detecting meeting and chat insights to automatically generate items such as tasks, meeting notes, summaries, and minutes.
Today’s workforce is more distributed than ever. The ways that employees collaborate with each other and with customers and partners continue to increase. According to Metrigy, just 20% of companies now require employees to work within a traditional office. With the Hybrid Workplace, IT leaders responsible for securing data and applications are required to have a proactive plan that addresses security, governance, and compliance policies across all collaboration applications.
As users continue to rely on collaboration tools, and the increase in unmanaged device usage, data loss or leakage becomes a big concern for many organizations who need to prevent important information from being shared maliciously or accidentally, while users are collaborating via Meetings or Messaging. In most cases, users don’t even realize that they are sending sensitive information in their files or messages, so it is critical to have the right safeguards in place to keep your users and data safe and secure.
What is real-time DLP and when is it needed?
As businesses expand their ways of internal and external communication, having a true real-time data loss prevention (DLP) solution becomes even more pressing. A real-time DLP solution is crucial to effectively manage and protect your confidential information. This solution ensures that your sensitive data intercepted and filtered before it reaches the recipient.
Until now, the only option in the market has been near-real-time DLP. Near-real-time DLP is a reactive approach that deals with sensitive information after being seen and exposed to other collaborators. For example, if an employee would send a file or message containing sensitive data, that data would reach the destination user and only then be deleted. This often leaves a compliance gap allowing the other side to view and save the content sent.
For companies concerned with protecting their sensitive data at any instant, near-real-time DLP is not a sufficient approach. This risk of data proliferating in uncontrolled ways would be high specially in highly controlled industries. No one wants their sensitive data in the wrong hands even for a few seconds.
Webex and AGAT Software now offers real-time DLP for files and messages
I’m excited to share that Webex in partnership with AGAT Software now offers real-time DLP for both files and messages, enabling companies to now benefit from a real-time DLP solution for Webex. Webex’s new API allows files to be scanned before they are received by other collaborators. The API allows Webex partners to perform inspections as set in their DLP policies and decide whether the file should be allowed or blocked. Webex also allows partners to proxy the traffic to scan messages in real-time.
Data Loss Prevention policies are set to detect sensitive information in everyday Webex communications. The objective of such a solution is to block sensitive data at source, such as financial data (credit card numbers), intellectual property (inventions) and personal information (PII) from being sent in a Webex space to unauthorized internal or external users, whether by accident or on purpose.
In addition to scanning communication for sensitive information, there are also a range of other file related controls. You can block file uploads based on parameters such as file type and file size. You can also block file sharing between specific groups, users, or domains to comply with your organization’s compliance needs and regulations. This video shows how real-time DLP works as or when implemented by AGAT with their flagship SphereShield product.
With real-time DLP, both messages and files are blocked in real-time, and the destination user does not receive the sensitive data even for a second. Both the users and IT admin also receive notifications and incidents are audited in the admin portal.
Real-time DLP is the solution for companies that want to truly address their compliance and security needs without compromise.
Contact us today to see how AGAT Software can help with protecting your sensitive data from being released to unauthorized internal and external users.
How Ethical Wall can be used to control external meeting communications in Microsoft Teams
One of the issues that businesses are now facing is blocking sensitive corporate information from being released and complying with regulations in business policies while internal users join a meeting hosted externally with people from outside their organization.
How can SphereShield Ethical Wall help You gain control of external meetings?
Companies can prevent people with access to high risk information files from sharing any of these files through MS Teams Channels/Chat or the file tab of a channel, using the SphereShield Ethical Wall. Restriction of file sharing can be to external users or to both external and internal users who are not part of the specific department.
Other Ethical Wall policies include:
Allowing audio and video but at the same time blocking chat, file sharing and screen sharing.
Allowing only specific users/groups to communicate externally.
As per the demo video, we can see that Bob (internal user) and Reuvain (external user) are in a meeting. However, when Bob tries to send a chat message to Reuvain, a pop-up notification appears at the bottom corner of the screen stating that the communication was blocked due to company policy. The user will get this message every time they violate one of the Ethical Wall policy rules. Going back to the portal, in the activity auditing section the admin will be able to see all the blocked activities, why they were blocked and the users involved in the process.
While in a business meeting with external users, companies want to be in control of every message sent and all communication attempts in order to prevent important information from being leaked. Here comes the role of SphereShield’s Ethical Wall in blocking any messaging and file sharing activities based on the policies set by the company.
Contact Us today to see how SphereShield can help in security, compliance and governance on your Unified Communications platform (MS Teams, Webex, Zoom, Slack & Skype for Business).
In this 3 part series, we will be going over 10 security threats to Microsoft Teams.
Introduction: The Growth of Microsoft Teams
Microsoft has recently released statistics about Teams users, and they have revealed remarkable growth. It has grown to 75 million users from about 20 million over a 12-month span (from late winter of 2019 to early spring 2020). Users include guest participants – in fact, there was an average of 200 million participants meeting in just one day in the month of April. 66% of Microsoft Teams users share files through the app. The amount of companies that have integrated independent apps with Microsoft Teams has also tripled.
Because
growth has continued unabated, risk and security groups must recognize
Microsoft Teams as the go-to collaboration tool, as well as a data conduit that
goes outside of and within organizations. They must make sure that the
security of Microsoft Teams is prioritized. More often than not, it is quicker
and easier for users to collaborate through the use of Microsoft Teams with
existing defense systems in play. Policies applicable to the sharing of files
by way of email, cloud storage, and USB sticks must be enforced.
Users won’t accept Microsoft Teams’ features being switched off altogether or hobbled in any way. The following series will address the biggest security threats practitioners should plan for. It will provide ideas to optimize the value that Microsoft Teams offers while keeping data secure.
One
big concern involves the amount of guests that can be added to Microsoft Teams.
Also of concern are the amount of independent apps that can be incorporated
into Microsoft Teams’ channels, since both could contribute to data loss.
There
are just over 2900 guests, on average, that are added every month to Microsoft
Teams by administrators and owners. As such, IT security staff must have the
ability to control and monitor their access. For context, completely open
access can be likened to opening up corporate meeting rooms, but without any
visitors signing into a guestbook. 29,000 visitors equates to a new visitor
joining every time 10 minutes has passed, all day long. It isn’t very hard to
add guests to Microsoft Teams, then share information with them that is
sensitive. Users may forget that visitors are part of the group. Therefore,
security will require a couple of controls – managing immediate guest
additions, and being able to review prior visitor access.
Microsoft
Teams usage can serve as a conduit of sorts to systems not part of the
Microsoft ecosystem – ones that could serve as a potential data loss outlet. A
user’s ability to integrate third-party apps can be described as a “Shadow IT”
variation. It includes the very same security threats that other “Shadow IT”
forms come with.
Security
groups must be able to review third-party apps through the use of several
security attributes for the sake of blocking them – including ones that don’t
conform to specific corporate standards.
First Threat: Guest Users
Once
a guest is added, they’ll be able to see sensitive/internal content.
Microsoft Teams allows you to add outside users (a.k.a. guests) to channels so that files and chat messages can be shared. After access is given, guests will be able to have meetings online, create shifts and tasks for users, make phone calls, have live meetings, and use integrated apps with both external and internal collaborators. Several companies have been using Microsoft Teams to engage with customers – especially ones with customer service responsibilities. Any administrator or chat or owner has the ability to add members to channels. Based on settings, that may include outside guests. Multiple administrators can be part of a team channel, which is quite common whenever channels have a lot of members (particularly across different time zones). Whenever guests get added, they’ll either have the ability to see prior chat histories (which include files), or be limited to viewing recent content.
Microsoft
allows administrators to disable or enable “guest access” as part of Teams’
security capabilities. By default, this feature is not automatically enabled
for guests.
The
problem with implementation of a complete enterprise setting revolves around
the fact that some groups will be closed to guests, while others are completely
open to them. Further, tenant administrators that want different settings must make
the applicable changes for their respective team. Many organizations are
interested in using all of the capabilities that come with Microsoft Teams. As
such, they generally allow guests to have the same access administrators do.
Flexibility
is truly needed here. Being able to establish internal exclusive teams – ones
that are limited to authorized external parties and public teams – is key. By
modifying blocklist or allowed list domains, better security will be
implemented, giving employees the flexibility they need to collaborate with various
authorized guests on Microsoft Teams.
You
can do the following in order to optimize security:
Remove and detect guest users if
unauthorized domains try to join team channels.
Remove and detect guest users that join
groups only intended for internal discussions.
Regulate messages that are posted on
channels, as well as chat discussions involving guest users originating from
specific domains.
Regulate files posted on chat
discussions and channels that involve guest users originating from specific
domains.
Regulate files and messages
historically posted in channels that have guest users originating from specific
domains.
Report guest users and channels so
that team members can be managed accordingly.
Several actions must be available
based on the policy trigger’s severity, whether that entails quarantining, tombstoning,
or removing files; sending alerts to IT administrators and channel owners; and
making sure that logs get chronicled for upcoming investigations, if necessary.
Having
the ability to remove or monitor sensitive messages and content, as well as
granting permission to trust the domains, lets guests access Microsoft Teams
without compromising the security of data.
You
can create new groups whenever you want. Members might not be sure what attributes
they have, so some kind of security policy should be established beforehand.
For better control of Guests in Microsoft Teams, we recommend using SphereShield Ethical Wall for Microsoft Teams. It lets the company decide which specific permissions Guests have (messages, calls, video, files) and allows to set granular rules regarding communication.
Second Threat: Access from Untrusted Locations or Unmanaged Devices
Microsoft
Teams may be accessed by devices that are unmanaged, which could lead to a loss
of data.
Standard
Microsoft Teams access involves the usual name/password duo, and multifactor
authentication is an option. Valid users will be able to log in on just about
any type of device. Users who have access from unmanaged devices are able to
download files that are shared on a Microsoft Teams channel. Those files will
either be lost or forwarded if said users are cyberattack victims.
Being
able to establish policies for specific unmanaged devices allows you to protect
Microsoft Teams’ content. You’ll also be able to do the following:
Lock unmanaged device access.
Block downloads but allow access.
Block files from being uploaded (just
in case unmanaged devices are malware-infected) but allow access.
Add specific DLP (data loss
prevention) policies for various unmanaged devices.
Step up redirection authentication (a
redirect to a different authentication mechanism).
Block any unmanaged device from
accessing the native Microsoft Teams client.
Proxy an unmanaged device with access
that is browser-based (for extra controls).
Force DRM (digital rights management)
registration prior to access.
Accessibility
from certain devices in locations that aren’t trusted could result in data
loss.
One
big risk indicator is data location. Based on how sensitive the data is, IT
administrators should consider defining locations as either trusted or on
trusted. They should either disallow or allow access, or establish security
policies depending on the location.
Block
and allow IP location/address lists might contain corporate offices or entire
countries. Certain policies would prove to be quite useful, including the
following:
Blocking access from certain blocklists.
Permitting access from either IP geography or range, but still block downloads.
Set up redirection authentication (a redirect to a different authentication mechanism).
Proxy certain devices from either IP geography or range with access that is browser-based (for extra controls).
Add certain DLP policies for devices based on IP geography/range.
Blocking devices from either IP geography or range so they cannot access the native Microsoft Teams client.
Make DRM registration mandatory before access.
For better access control AGAT Software offers 2 solutions SphereShield Conditional Access for Microsoft Teams provides companies using Microsoft Teams the option to prohibit users from accessing organizational Microsoft Teams from unmanaged and non-compliant devices.
SphereShield integrates seamlessly with leading UEM services MobileIron, McAfee, Symantec, BlackBerry, AirWatch, Forcepoint, Citrix, Maas360 and Microsoft Itune.
SphereShield Risk Engine for Microsoft Teams monitors all successful or failed connections to an O365 tenant and displays a live map of connections. Define Geo location rules to control access to your data.
Third Threat: Screen Sharing and Confidential Information
Confidential
information can be inadvertently leaked through screen sharing.
The
screen sharing feature on Microsoft Teams is quite powerful and convenient for
meetings. Users have the option to share individual application files on a full
screen. They can also jointly share their whiteboards. This feature is
accessible to guests and internal users.
However,
if a user were to overshare sensitive data, problems will ensue. Emails, new
groups, and incoming messages might be shown on a presenter’s screen, which is
then shown to various attendees. If a full screen is shared, there might be
another application that reveals confidential data. Even if they are running in
the background, communication apps are capable of revealing things they
shouldn’t.
IT
administrators are encouraged to think about configuring the Microsoft Teams
app. The screen sharing feature should be disabled so that only application
sharing is allowed. That way, alerts will not be shown on other member’s
screens during a meeting. There are several options for guests and users when
it comes to sharing implementation. However, this takes away a feature that
users enjoy – one that is widely used. If a certain speaker wanted to display
numerous applications, then they’ll need to do so through each individual app
while the meeting is taking place.
You
can either allow or disable screen sharing for guest users. When doing so,
though, you need to determine if this will actually be a potential risk for
you. How would the company be affected if a staff member sees confidential
information disclosed by an outside party?
Users
also have the ability to share their whiteboards. Data loss isn’t as likely
with this feature, and administrators will need to determine a suitable
organization policy.
Instead of an administrator attempting to guess possible eventualities, it would be more prudent to emphasize employee training, as far as Microsoft Teams usage is concerned. Explanations and examples should be included that go over the pros and cons of these feature sets. That way, users can choose when messaging apps should be closed, when individual files should be shared, and when a full screen is okay to share.