- Security TWENTY
- Women in Security Awards
Before cloud computing, organisations could rely on their company’s firewall to act as a strong, secure perimeter to protect against many application threats. However, with the rise in new cloud services, collaboration tools, and a distributed workforce, this approach to security is simply not enough, says Curtis Johnstone, Distinguished Engineer at software company Quest.
Employees are accessing files away from the traditional data centre, and with the rapid rise in remote and hybrid working due to COVID-19, we are seeing deployments like Microsoft Teams catching on like wildfire. Collaboration and file sharing is a must in today’s world, but it all amounts to a growing attack surface.
As organisations start to adopt more cloud offerings like Teams, OneDrive, Exchange and SharePoint, the way we secure against threats needs to evolve. Simply put, organisations need to shift their focus on securing their people, not the perimeter. Most users are now operating outside of a firewall, communicating and working on files remotely and on a hybrid basis. In addition, as workplaces continue to digitalise and implement more permanent work from home policies, applications like Microsoft Teams will be critical to productivity. Still, it is imperative to balance this and implement security to ensure that continuity is not compromised.
Is Microsoft Teams Inherently Secure?
Microsoft Teams is designed to be secure. Cloud applications are as secure as the underlying user identities, and Teams uses Microsoft Azure AD as the identity provider, with features such as multifactor authentication (MFA), account lockout settings, and support for Single-Sign-On across applications, providing a fortified starting point if configured with security on top of mind.
However, despite these features, the current threat landscape requires organisations to be even more proactive about the security of the application platform itself.
Cybercriminals are exploiting human weaknesses on every platform, and this includes Microsoft Teams, yet it is often overlooked. While the number of phishing attacks in Microsoft Teams is far less, there have been breaches with malicious links being posted in Teams messages in private chats and channel messages. Likewise, the potential exists for malicious files to be uploaded – making their way through Teams deployment and then onto end-user devices.
In light of this, let’s explore how to strengthen security on the platform.
By default, collaboration on Microsoft Teams extends beyond the application in two ways: external access and guest access.
Regarding external access, employees can collaborate over Teams with external domains, which is vital for conducting business. Businesses operating in highly regulated industries may be tempted to disable the feature to reduce the risk of external threats. However, there are ways to govern this feature without limiting collaboration. Access can be granted to trusted partners, vendors, customers, and other parties representing a threat to the business can be blocked.
Guest Access involves an external user outside of an organisation provisioning a guest identity in the organisation’s Azure AD, and having access to internal teams they have been invited to. In many cases this grants the external user full access to data and applications within that team. Frequently new data makes its way into the team after the external guest has been invited that was not intended to be exposed to that external user and represents a direct opportunity for a data breach. With proper governance and lifecycle management however, IT and team owners can determine which enterprise data should be accessed and what capabilities are available to them.
Securing File Sharing
A huge security benefit with Microsoft Teams is that it leverages all the built-in security of SharePoint and OneDrive to secure data stored on the platform. This allows users to share files easily and securely across different Microsoft channels. If there is no compelling reason to store data outside of Microsoft 365, IT teams should encourage employees to utilise SharePoint and OneDrive instead of third-party consumer storage providers like Google Drive, Box, and Dropbox.
However, as a growing share of the global workforce continues to embrace “work from anywhere” and Microsoft Teams is deployed and used by millions of users, it is important to secure the platform to maximise user collaboration and to ensure that continuity is not compromised. While Microsoft Teams natively offers some strong security features, simply relying on the platform, without understanding the risks or potential weak spots is going to leave organisations vulnerable.
Achieving this starts with understanding the application’s main functions, including chatting, meeting, calling, and collaborating. From this, organisations will be able to consider how to best protect and secure these business functions from threats. In addition, businesses should also leverage tools and technology that will allow them to monitor application configuration changes and activity, so they can understand what is changing in their environment. Setting a baseline, being alerted by any unusual activity or changes, and tweaking the baseline is an effective strategy to do this.
The good news is that Microsoft Teams is a huge win for businesses. It offers plenty of benefits when it comes to collaboration, but as with any tools, applications or technology that organisations implement it is critical to reassess the businesses security strategy and ensure it is constantly evolving to address any potential threats before they can be exploited.