The remote workforce has exploded globally with more employees working from home than ever before. Indeed, on any given day, approximately 60% of workers are remote (Forbes: https://www.forbes.com/sites/johnkoetsier/2020/03/20/58-of-american-knowledge-workers-are-now-working-remotely/#57a4f2f53303).  In order to maintain, if not, boost productivity, scalable and simple collaboration tools are needed.  A myriad of cloud applications exist to support this increasing “collaborate-from-anywhere” need, including Slack, Workplace from Facebook, and Microsoft Teams. 

The Merging of Personal and Work Apps

These applications and many others are effective and popular solutions for enabling users to work together via chat, voice, video, exchanging files, web-links, and more as businesses strive for productivity during times of disruption. Case in point, Microsoft just announced that some of its Office 365 options will be renamed to ‘Microsoft 365’ to better reflect the range of features and benefits in its subscriptions to help “meet the unique needs of individuals and businesses” and in an effort to emphasize its benefit to home workers.

However, the explosive use of these collaboration tools is increasing the dispersion of data in the cloud – beyond traditional data centers. As legacy remote access VPN solutions are unable to scale to meet the burst in current user demand, most remote workers are going direct-to-cloud / web to access these collaboration apps, therefore the distribution of corporate data is extensive and unprotected by on-premises security tools. 

This ‘data dispersion’ is rapidly expanding within these cloud/SaaS applications and between other cloud applications such as OneDrive, Box, and Dropbox, increasing the risk of data exfiltration and exposure to threats, such as phishing and malware.  Sensitive data moves laterally across cloud applications such as from Microsoft Teams to OneDrive or SharePoint. Netskope Threat Labs uncovered that 20% of users have sensitive data moving between cloud apps and, most importantly, that 37% of this sensitive data is involved in data loss prevention (DLP) violations.* Basically over one-third of data movement involves content that is sensitive and proprietary, such as PII, PHI or PCI information.

Organizations Need Visibility and Control

The only effective way to protect this growing volume of dispersed data from risk of exfiltration is through inline data and threat protection tools that offer deep visibility and control of users, devices, applications, instances, activity, and, most importantly, data – across the many cloud applications in use. This extends to having instance awareness for cloud apps, as one of the top threats in enterprises today is data exfiltration across personal and corporate instances of applications, often seen before employees depart to a new employer, or simply when employees may be attempting to edit or print a document while working at home.

Granular, contextual control – beyond simply ‘allow’ and ‘block’ – is essential to mitigate this data movement and protect the organization. This includes protecting data traversing a managed app like Microsoft Teams and an unmanaged app, such as Dropbox. This also includes protecting data being accessed not only from browsers, but also from native apps like Teams that are installed on Windows, Mac, and mobile devices. 

Furthermore, use of managed devices – basically endpoints with anti-malware or DLP security capabilities built in – as well as unmanaged devices must also be considered and safely enabled. In this age of Bring Your Own Device (BYOD), plugging this security gap cannot be ignored. Tracking and securing data no matter where it is or goes, is essential for maintaining regulatory compliance as well as security best practices. 

Additionally, while data protection for collaboration apps is imperative, it’s also wise to address the broader topic of utilizing a secure, scalable cloud architecture to enable this functionality. As most organizations struggle with the limited scale and growing complexity of VPN access for their remote workers, a simpler solution is available for securing access to private applications – whether in public clouds or in the data center. A zero trust network access (ZTNA) solution allows organizations to move towards a more secure, cloud-first, remote access architecture that provides an alternative to backhauling (or hairpinning) remote users through the corporate network to access applications in public cloud environments, resulting in a more positive (and speedy) user experience.

As you evolve your organization’s remote workforce model and adopt, if not, expand, your use of content collaboration tools like Microsoft Teams, review and reassess your security strategy.  Consider the following questions:

• What is best for safely enabling your expanding remote workforce? 
• What options are best for securing your sensitive data when using collaboration tools?

Netskope offers a scalable, context-aware, cloud-smart solution that seamlessly protects your workforce no matter where they are for cloud and web traffic. Whether using Slack, G Suite or Microsoft Teams and other applications in the Office 365 suite, Netskope provides comprehensive data and threat protection of your remote users with zero trust network access while helping you reduce risk and maintain compliance. For more information, check out how we Secure Remote Workers and enable secure collaboration for Microsoft Teams.