Comparison of ArmorText and Enterprise Collaboration platforms highlighting Enterprise Controls Without E2EE

Vulnerabilities in Enterprise Collaboration

Enterprise collaboration tools like Microsoft Teams and Slack are made to be convenient and easy to administer for low stakes, day-to-day enterprise communications.

But what makes them easy and convenient is also what makes them vulnerable in high-stakes scenarios like a cyber attack as the plain-text contents of messages and files are available to anyone with the right username and password.

Read on to find a deep dive of how and when Enterprise Collaboration Apps will leave you high and dry.

The right credentials, in the wrong hands

Hackers often target admin credentials. Why? Traditional enterprise software grants a select group of administrators extensive data access. While this setup simplifies management, it also means your IT admins can access emails and messages within your collaboration tools.

If hackers obtain these credentials, they can too. With this access, hackers can infiltrate the communications channels of your most critical teams in order to hamstring your remediation efforts.

Masked hooded hacker sitting in front of a pile of cash with a hologram projection of a login prompt and file folders in the cloud
Furious man in a suit trying to raise a chained arm

Zero-Trust for thee, no restrictions for me

For all the talk that enterprise vendors give of why you should be using zero-trust models to control for insider threats, rarely do they apply that advice to themselves.

It’s quite typical for hundreds of employees in third-party software vendors to have full access to your underlying data and messages for things like customer support and R&D. This dramatically increases your threat surface area and makes controlling for insider threats almost impossible.

It can’t just be “in the cloud”

Data residency is a huge concern globally with many countries having strict residency and data sovereignty requirements that are at odds with how the largest enterprise collaboration tools store your data.

Because enterprise software vendors typically have full access to your data, they become obligated to comply with the data access laws of the country they operate in. Often their Terms of Service indicate various internal and external parties can and sometimes do process, scan, or read customer data on their servers, including foreign nationals.

Woman looking down at her tablet in front of a holographic projection of a transparent world map

And, the challenges don't end there.

Enterprise collaboration tools face multiple security and governance challenges that are hard to address for more sensitive use cases.

Encryption-In-Transit/At-Rest Is Not E2EE
Enterprise collaboration tools rely on two security methods: encryption-in-transit, which ends at the network boundary, and encryption-at-rest for stored data. However, between these stages and when accessing past communications, your communications are vulnerable.

In simpler terms:

  • Admins of collaboration apps can access information without encryption.
  • If hackers get these admin credentials, they can also see unencrypted information.
  • There’s added risk if the cloud service providers get compromised.
Enterprise Key Management (EKM) Is Not E2EE

Enterprise key management can bring extra infrastructure, admin time, and costs. However, it doesn’t necessarily boost security.

  • Even with EKM, Microsoft and Slack access client communications in plain-text due to ongoing access to signed keys.
  • This access continues until a breach or misuse is discovered and you revoke their access.
  • That’s like locking the barn door after the horse has already escaped.
Unreliable Audit Trails When Collaborating With Others
When two organizations with different retention policies communicate in shared channels, inconsistencies can emerge, creating gaps in audit trails. For instance:
  • Organization A keeps records for one year, while Organization B retains them for three years.
  • After a year, Organization B‘s records will begin to have gaps.
  • As time passes, it will become increasingly unclear as to what Organization A said that led to Organization B’s responses.

Don’t Let Enterprise Collaboration Tools leave you high and dry.

Learn more about what makes ArmorText Secure Out of Band Collaboration™ different.