Painful Conversations in the Cloud

Before the cloud became the new standard for enterprise collaboration, all communications travelled within the confines of your team’s internal applications. At the top, you gave administrative access to those you trusted most. Computer support technicians, specifically, had the power to both administer and review each and every one of the conversations conducted on these collaboration systems. The combination of these privileged credentials poked a tiny hole in the security of your company, but most of the time, the contents stayed sealed.

Think Edward Snowden. Snowden was hired as a contractor for the U.S. government, assigned to train top officials and military officers in Tokyo on how to defend their programs from Chinese hackers. As he rose to the top, his privileges grew, until he finally reached a position that granted him these dangerous privileged credentials. With access to hundred of thousands of top-secret documents, Snowden released some of the government’s best kept secrets to millions on the outside.

Was Snowden an extraordinary one-off situation? Not nearly. Jonathan Ly, computer support technician from Expedia, was convicted of engaging in insider trading, informed by confidential information he stole by accessing executives’ sensitive communications. The product teams who designed these systems took for granted the importance of segregation of duties, compromising the security of their clients as a result.

To segregate duties is to determine exactly which IT and top-level employees need access to whose conversations and for how long. Surely Ly could have managed Expedia’s IT without needing full view of executives’ personal emails. Snowden must have been capable of overseeing the NSA’s systems technology without being able to view so many thousands of its most sensitive files.

It’s hard to overstate the transformative effect Snowden had on both public and private attitudes toward technological privacy. Citizens and major companies are increasingly aware of how valuable and vulnerable communications are in light of security breach after security breach of influential companies and personal emails making front-page headlines time and time again.

Yet, most of us still conduct the majority of our business on the cloud, through Gmail, SMS/MMS, and the like. In the name of efficiency, we’ve only widened the hole that keeps our collaborations secure. Signing up for the cloud means giving privileged access, once meant for your most trusted partners, to whole teams of strangers working for your cloud-based provider to view all of your messaging and collaboration.

Compounding the threat of potentially disloyal employees is the threat of Big Brother providers, who are always susceptible to subpoenas.

If your provider can read your communications they can also be subpoenaed directly for them. If your provider can read your communications they can be hacked for them too – making many of today’s collaboration providers high ROI targets for would be hackers.

Since cloud-based collaboration tools became the new norm, total messaging volumes have ballooned. With 82 percent of employees texting for work, people are sharing more information more casually than ever before. For many organizations, nearly all conversations about the company’s more valuable secrets take place on the cloud: conversations about devops, IP, financials, M&A activity, you name it. With thousands of companies using these cloud-based services, these have become the highest ROI targets for hackers. Why hack one company at a time when you can hack multiple simultaneously in a bulk hack resulting in a mega leak?

So what is a CEO to do? Ban the cloud? Yeah, right. Employees have seen the promised land of the cloud and there’s no turning back. If you rescind established norms, you risk creating tension with your employees and incentivizing them to keep secret the communication platforms they’ve grown accustomed to using. They’re seeking out better user experiences and next generation capabilities.

In the process, they’re dragging shadow IT or unsanctioned apps into the enterprise, leaving organizations without control, review rights, and or even the knowledge of where and how they may be exposed.

So the question for the future of enterprise messaging is this: How do we meet the needs and desires of our employees while ensuring absolute security in cloud-based collaboration?

A 2007 survey of IT admins conducted by Cyber Ark Software in the UK found that “33% of admins admit to using their rights to access confidential data, salaries and emails.”
The Harvard Business Review reported that “In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders.”
Famous Breaches
  • 2014 Sony’s internal communications released in a hack attributed to North Korea
  • 2016 DNC’s internal communications released in a hack attributed to Gucifer 2.0 / Russia
  • 2015 Forbes Report on Slick, Hipchat, and Twitch breaches

Curious to see how ArmorText could help your organization?

ArmorText has been designed to meet the secure messaging & governance needs of multiple verticals. Our briefings have been tailored to address the unique drivers and needs of different industries and roles within an organization.

Case Studies

Jones Group International (JGI)

A Powerful Enterprise Messaging Solution for Global Concerns

DOWNLOAD
Levick

Secure Messaging and Crisis Management in the midst of an escalating international conflict

DOWNLOAD

Customer Feedback

“The threat of industrial espionage is real. Secure communications is an integral part of how we operate, and ArmorText is a key component of our overall business strategy.”

Luke Ritter

CEO, Fraser Optics

“ArmorText provides secure, immediate messaging no matter where in the world our team is deployed. Their tech support is unmatched, often responding immediately when questions are posed from eight time zones away.”

Greg Jones

Vice President, JGI

"The threat to proprietary information is very real and will only increase over time. ArmorText is simply the best product offering in the category."

Todd Bradley

Colonel (ret), United States Air Force

"The entire foundation of our organization is based on trust — the trust our donors, partners, and beneficiaries put in us. A breach of our communications and any privacy leaks would be devestating to them and to us."

Sarah Hillware

Founder & President, Girls Health Ed

Copyright 2018 ArmorText | All Rights Reserved