As workers collaborate virtually, most organizations now depend on digital communication tools beyond email. However helpful to employees, these new collaboration tools provide attackers with opportunities to engage with humans to evade automated controls, extending phishing, business email compromise, credential theft and other social engineering attacks beyond email.
New security strategies are needed to extend email security across all enterprise communication channels.
We love our email, but…
Email was once the sole foundation of digital communications. Today, email communication is only one of many tools used to facilitate virtual collaboration among employees. Messaging and collaboration platforms, video conferencing, project and task management tools, and virtual whiteboarding have become commonplace mechanisms enabling today's work-from-anywhere models. Most of these mechanisms are consumed as a service, resulting in massive amounts of sensitive data and conversations flowing through standardized third-party cloud service offerings.
Accelerated by the move to remote work, 54% of organizations use internet-based technologies -- such as online meeting, shared document collaboration and video conferencing tools -- to collaborate with colleagues on a daily basis, according to the "2019 Digital Work Survey" report from Enterprise Strategy Group (ESG). Despite the growth and consumption of this model, few security teams have implemented integrated security strategies capable of protecting data and conversations in this new multichannel communication environment, forcing security and IT teams to manually configure and maintain policy across multiple siloed SaaS applications.
Meanwhile, attackers are acutely aware of the opportunity this creates, opening multiple paths to evade automated or misconfigured controls. Social engineering attacks that use multiple communication channels can challenge even the most sophisticated security analytics platforms -- even with the use of basic phishing techniques -- opening the door for successful credential theft, compromised digital business communications, sensitive data theft and more.
Securing communication channels requires tight integration
Advanced attacks use multiple attack vectors, requiring individual, core security controls to work together to detect and prevent these attacks. This extends beyond traditional security operations tools -- such as SIEM, security orchestration, automation and response, endpoint detection and response and extended detection and response -- to primary attack vectors, including network, cloud, endpoint, email, collaboration and identity controls.
As IT and security teams focus on risk-driven security strategies, implementing consistent policies and priorities across all enterprise communication channels become critical to strengthening security posture. More education is needed to motivate security architects to embrace this higher-level perspective.
The convergence of email and collaboration platform security
Organizations use a wide array of communication and collaboration tools: Asana, Basecamp, Citrix Podio, Flock, Flowdock by Broadcom, Google Hangouts, Google Workspace, GoTo Meeting, LogMeIn, Microsoft 365, Monday.com (formerly Dapulse), ProofHub, Redbooth, Ryver, Slack, Trello, Webex by Cisco, Wimi and Zoom, to name a few. As such, security architects need new ways to configure and deploy consistent policies capable of monitoring and controlling access to sensitive data and conversations.
Email security vendors have been growing their products to address security concerns within adjacent areas that affect or are affected by email impersonation, and it's now time to elevate their strategies to broadly apply to multiple communication and collaboration channels. For many longtime email security products, this means rearchitecting their options to separate policy, analytics and automated remediation mechanisms from core controls -- extrapolating "communication events" from the actual mechanisms used to carry out these events.
How will email security providers respond?
Email security has been a core security control pretty much since the advent of email. The move to cloud-delivered email caused many to rethink security strategies, but more is needed. As longtime email security providers -- such as Cisco, Fortinet, Mimecast, Proofpoint, Sophos, Symantec by Broadcom, Trellix (formerly McAfee) and Trend Micro -- expand their offerings in support of multichannel communications, younger upstarts born in the cloud-delivered email generation -- including Abnormal Security, Armorblox, Avanan (a Check Point Company), Inky Technology, Ironscales and Tessian -- must expand their offerings beyond cloud-delivered email options to include a broader spectrum of communication channels. Of course, Microsoft and Google have a growing opportunity to open up beyond their native platform security offerings.
New research is coming
I'll be digging deeper into how security architects and leaders are thinking about the future of multichannel collaboration and communications security in my upcoming research study. If you are interested in learning what I discover, follow me on Twitter or LinkedIn, or reach out directly to ESG.
ESG is a division of TechTarget.