The remote workforce has exploded globally with more employees working from home than ever before. Indeed, on any given day, approximately 60% of workers are remote (Forbes: https://www.forbes.com/sites/johnkoetsier/2020/03/20/58-of-american-knowledge-workers-are-now-working-remotely/#57a4f2f53303). In order to maintain, if not, boost productivity, scalable and simple collaboration tools are needed. A myriad of cloud applications exist to support this increasing “collaborate-from-anywhere” need, including Slack, Workplace from Facebook, and Microsoft Teams.
The Merging of Personal and Work Apps
These applications and many others are effective and popular solutions for enabling users to work together via chat, voice, video, exchanging files, web-links, and more as businesses strive for productivity during times of disruption. Case in point, Microsoft just announced that some of its Office 365 options will be renamed to ‘Microsoft 365’ to better reflect the range of features and benefits in its subscriptions to help “meet the unique needs of individuals and businesses” and in an effort to emphasize its benefit to home workers.
However, the explosive use of these collaboration tools is increasing the dispersion of data in the cloud – beyond traditional data centers. As legacy remote access VPN solutions are unable to scale to meet the burst in current user demand, most remote workers are going direct-to-cloud / web to access these collaboration apps, therefore the distribution of corporate data is extensive and unprotected by on-premises security tools.
This ‘data dispersion’ is rapidly expanding within these cloud/SaaS applications and between other cloud applications such as OneDrive, Box, and Dropbox, increasing the risk of data exfiltration and exposure to threats, such as phishing and malware. Sensitive data moves laterally across cloud applications such as from Microsoft Teams to OneDrive or SharePoint. Netskope Threat Labs uncovered that 20% of users have sensitive data moving between cloud apps and, most importantly, that 37% of this sensitive data is involved in data loss prevention (DLP) violations.* Basically over one-third of data movement involves content that is sensitive and proprietary, such as PII, PHI or PCI information.
Organizations Need Visibility and Control
The only effective way to protect this growing volume of dispersed data from risk of exfiltration is through inline data and threat protection tools that offer deep visibility and control of users, devices, applications, instances, activity, and, most importantly, data – across the many cloud applications in use. This extends to having instance awareness for cloud apps, as one of the top threats in enterprises today is data exfiltration across personal and corporate instances of applications, often seen before employees depart to a new employer, or simply when employees may be attempting to edit or print a document while working at home.
Granular, contextual control – beyond simply ‘allow’ and ‘block’ – is essential to mitigate this data movement and protect the organization. This includes protecting data traversing a managed app like Microsoft Teams and an unmanaged app, such as Dropbox. This also includes protecting data being accessed not only from browsers, but also from native apps like Teams that are installed on Windows, Mac, and mobile devices.
Furthermore, use of managed devices – basically endpoints with anti-malware or DLP security capabilities built in – as well as unmanaged devices must also be considered and safely enabled. In this age of Bring Your Own Device (BYOD), plugging this security gap cannot be ignored. Tracking and securing data no matter where it is or goes, is essential for maintaining regulatory compliance as well as security best practices.