Why Business Context Justification Enables Safer Collaboration
As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Tal Shapira, Ph.D., of Reco elaborates why business context justification matters when securing collaboration tools.
Organizations have become increasingly reliant on online interaction for both their internal and external comms. Employees are now used to – and depend on – communicating with colleagues and customers via a range of communication tools, whether it’s email, Google Drive or Jira, or platforms like Slack. In fact, Slack, one of the leading technology solutions for asynchronous messaging and chat, has more than ten million daily active users.
However, the recent Uber breach – which involved the use of Slack– amply demonstrates the fact that these collaboration tools require a security strategy just as any other part of the business does. That strategy is more involved than what enterprises might expect. Let’s explore the need for, difficulties, and best practices behind collaboration security.
A Contextual Approach to Security
When looking to secure collaboration platforms, to do so efficiently and effectively, it’s important to go further than just detecting malware or anomalies. Bringing in the justification, or the “why,” behind activity allows organizations to correctly flag unusual activity in the context of how verified users normally behave on these platforms. This is what’s known as business context justification.
When it comes to collaboration, it is helpful to calculate the risk based on the business impact and the probability of exposure. You would multiply the level of business impact by the probability of data exposure to find the risk level of an unjustified event. Business impact is a measurement of the potential harm a security incident could do to a company or its customers. Any asset that the business context justification process believes can affect one of these business impacts—which can be financial, reputational or operational—is marked as classified and mapped as sensitive. In particular, you could split the probability of exposure into two categories: posture – such as the file being accessible by anyone in the world – and business context justification – whether the user has a legitimate business reason to access the file.
Business context justification ensures awareness of the reason for every action. It creates a contextual justification by mapping the relationships between specific personnel, which is then applied to evaluate any future interactions. With this, organizations can keep track of changes within the business, identify legitimate activities the minute they happen, and instantaneously alert for any actions that the algorithm deems illegitimate. The first step is mapping what’s considered good behavior from the justified/approved employers/vendors working in each area. This justification also minimizes alert fatigue by providing accurate alerts for what is considered suspicious activity within the context of the business and its regular activities.
Why Traditional Security Models Fail Here
Many of these tools are encrypted, and there are few means of managing the information flowing through them. Conventional methods of securing collaboration tools are objectionable due to the time it takes to set them up and the fact that they frequently stop the flow of work. As a result, security teams no longer have any control over information flows, creating a security nightmare.
In addition, given how quickly new data is produced, standard data security models frequently fail because they require someone to categorize each and every piece of data to safeguard it. This process is time-consuming and never-ending. And with traditional security models, anomaly detection immediately classifies any novel or unfamiliar action as an unauthorized action and prevents it from being carried out. This is extremely unpopular and inefficient, as it stops action that might make sense within the context of the business and henceforth creates inefficiency by preventing the business from flowing. In the modern world, static rules cannot be applied to a remote/hybrid organization. Businesses continuously change as they add new deals, personnel or partners. Traditional models with their unchanging rules fall behind because it takes time and effort for people to make changes.
Automating Context for Safer Collaboration
In order to achieve true collaboration security, organizations’ security strategy must consider the business context and data flows rather than relying on the content of that collaboration. In addition, this technology must be able to adapt on an ongoing basis as the business changes, grows or adds new applications to accurately contextualize actions taken within collaboration tools. Businesses benefit from contextualized information because it’s algorithm-driven and automatic; it doesn’t reduce productivity because it doesn’t halt workflows while a human checks on a possible anomaly. Business context justification reduces false-positive alerts and lets people go about their workday while strengthening security.