It’s no secret that the cloud has rapidly reshaped the modern enterprise, as evidenced by the industry’s strong year-over-year growth this decade. The public cloud services market is set to grow to $331.2 Billion by 2022, according to Gartner.
This astounding growth has introduced new security challenges for companies that have elected to use cloud services (either with or without their IT department’s knowledge). Popular software as a service products, like Slack, pose a unique challenge given their wide organizational scope and ease of adoption. Multiple SaaS products can quickly balloon in usage within any part of the enterprise, exhausting the attention and resources of security teams when these apps are implemented haphazardly. Without strong governance, in many cases, end users — who may number by the hundreds or thousands — determine how SaaS platforms are implemented. This means their decisions impact which endpoints and networks are used to access these services, what data is shared when using applications, and how secure their individual user accounts are. None of this even touches on the risks that SaaS platform outages or breaches pose to the enterprise.
This assessment probably isn’t news for enterprises with mature security programs that have long adopted Slack and other popular SaaS solutions. But given the growth set to come to the cloud services industry, we can expect some organizations to face growing pains as they adopt SaaS applications for the first time next year or as they attempt to rein in the data sprawl of SaaS platforms already on their networks. Listed in order of increasing actionability, these are the four key Slack security risks (and more broadly SaaS security risks) that we expect to be part of the cloud app threat landscape:
1. State actors and other hackers may target Slack and other SaaS applications.
Earlier this year Slack, in its Securities and Exchange Commission S-1 filing, was transparent about the vulnerabilities it faces as a company. Specifically listed among these was the threat of attacks from organized crime and nation-state actors, as well as traditional cybersecurity threats from rogue, unaffiliated hackers. Slack’s filing also included a reminder about a data breach the company experienced in March 2015, which exposed usernames, email addresses, encrypted passwords, and phone numbers stored by the company.
Such threats are outside your company’s control but are nonetheless essential to mapping the threat landscape of cloud applications. Your assessment of slack security risks and other SaaS security risks requires taking this into account, given that no platform can guarantee that it’ll never be breached. As such, your organization should have security policies as well as disaster recovery and business continuity plans in place should a worst case scenario emerge from a cloud service data breach.
2. Insider threats complicate the SaaS threat landscape.
Insider threats are a persistent part of the threat landscape for most businesses, regardless of the platforms they use. Verizon’s 2019 Data Breach Investigations Report found that 34% of security incidents involved internal actors, with some industries, like education and health care, at higher risk for such attacks. This risk has only been exacerbated by the cloud with a report by Cybersecurity Insiders finding that more than half of organizations express difficulty detecting insider threats following migrations to the cloud. What’s more is that insider threats, like many attacks, are increasingly becoming expensive. Accenture found that the average annual cost of these attacks went up nearly 15% between 2017 and 2018 to about $1.6 million.
All of this makes the need to prevent insider threats more dire. The good news is that much of the work essential to insider threat mitigation can begin before an incident occurs. Having clear data governance policies that allow your company to classify data and implement controls around where this data is stored and accessed is half of the battle. For SaaS applications like Slack, this will require higher data visibility, which tools like Nightfall’s data loss prevention platform can provide. We go into more detail about our platform here.
3. Lax secrets management results in bad practices like sharing passwords on Slack.
In tandem with insider threats, inadequate secrets management poses a serious problem for organizations, with 80% of hacking-related data breaches leveraging weak and compromised passwords. While credential mismanagement is mostly viewed as a problem common among end users with no special privileges, a Centrify survey from earlier in the year indicates that 74% of data breaches start with privileged credential abuse. Both trends have substantial implications for the efficacy of a variety of solutions. For example, employee security training can improve password hygiene and threat awareness around phishing and other types of pretexting attacks, both of which contribute to hacking-related data breaches. Additionally, the implementation of password vaults, multifactor authentication (MFA), and proper account provisioning will go far in hardening the accounts of end users and privileged users alike. For increased security, you might also choose to monitor cloud applications for exposed credentials and other secrets using data visibility tools like Nightfall. With the proper controls in place, you can discourage practices like the sharing of sensitive account information in apps like Slack.
4. Poor data governance means poor visibility into your security risks and organizational compliance.
Robust data governance frameworks are essential to combating many of the security threats on this list. By design, a well-constructed data architecture helps organizations track data on their systems, as well as implement permissions and controls around this data. Failure to properly develop data governance can leave information security teams at the mercy of shadow IT and data sprawl, which simply compound the potential security risks of SaaS applications.
Poor governance also impacts the reach and effectiveness of compliance programs. Even in cases where you adopt cloud applications that are compliant with your industry’s regulations, you’ll most likely need some understanding of your data architecture to implement the right controls. For instance, consider that while Slack Enterprise Grid is HIPAA compliant, Slack notes that you’ll need tools and controls, like the ones Nightfall offers, that provide visibility into how members use Slack on your network.
Data discovery as the key to mitigating SaaS & Slack security risks
Getting a good handle on your data, especially without having any existing policies in place is easier said than done. It’s worth noting, though, that constructing and implementing governance is an organizational effort and not just the responsibility of one person or security group.
If you need to make a case for better data governance within your organization or are simply looking for a starting point for better data governance, initializing the process of data discovery is a great place to begin. Data discovery allows you to make sense of data across a disparate number of sources and gain visibility into what types of data you have on your systems as well as where it’s created, processed, used, and stored. These insights will be invaluable to tailoring a data governance framework, as well as specific secrets management and security solutions to your organization’s needs.
Conducting discovery across a variety of cloud applications, however, can be difficult and time consuming, which is why we’ve built the Nightfall DLP platform. Using service APIs the Nightfall platform can integrate with a variety of cloud apps such as Slack to automatically discover, classify, and protect data. Our DLP platform provides the tools you’ll need to conduct data discovery and build workflows that will help you enforce key aspects of your data governance policies.
Learn more about Nightfall for Slack here, or schedule a demo below