Building A Secure Integrated Collaboration Platform

By Allen Drennan, Principal & Co-Founder, Cordoniq

Integrated collaboration platforms improve and enhance the experiences of hybrid and remote employees. Robust and comprehensive platforms are crucial to remote work environment success.

When collaboration tools can be accessed through a flexible platform, organizations achieve more well-being for their employees while productivity increases.  With a well-integrated collaboration platform, teams can access the tools they need without having to toggle between multiple screens or applications.

But there are greater risks and vulnerabilities with the use of multiple communication and collaboration tools and apps. Remote work creates its own security challenges because of expanded attack surfaces and endpoints. Meanwhile, cyber threats are escalating continually, affecting businesses of all sizes. Secure collaboration tools are a must as threats grow. Industries that are being specifically targeted by malicious actors, such as banking, finance and healthcare, require even more secure collaboration tools and platforms.

Increased risks with collaboration tools

Collaboration and communication tools increase the risk of cyber threats from multichannel social engineering and phishing scams. Phishing attacks are escalating and growing more sophisticated. One study shows that in 2022, phishing scams increased by 61% from the previous year. https://www.cnbc.com/2023/01/07/phishing-attacks-are-increasing-and-getting-more-sophisticated.html 

Other attacks commonly affect API-based platforms.  APIs are a frequent target of hackers and malicious actors due to the data that can be accessed, such as personally identifiable information (PII) or financial details.  Some frequent and common API attacks include Distributed Denial of Service (DDoS) attacks, authorization hijacking and man-in-the-middle attacks. Sources of vulnerability include broken or “zombie APIs” that no longer function properly or have flaws.

In addition, when multiple communications tools and channels are enabled, it is easier for hackers to infiltrate systems and data. Some communications tools carry multiple vulnerabilities and threat actors can gain access to confidential data or information.

Security flaws in popular video conferencing tools recently left users and client systems susceptible to threats including malware and malicious code. Because of software flaws or inadequate cybersecurity, video conferencing tools carry risks such as meeting infiltration by unauthorized parties, as well as unauthorized access to data, confidential conversations, or information.

Other risks with video communications tools include advancement of Deepfake technology. The US Department of Homeland Security defines deepfakes as, “an emergent type of threat falling under the greater and more pervasive umbrella of synthetic media, utilize a form of artificial intelligence/machine learning (AI/ML) to create believable, realistic videos, pictures, audio, and text of events which never happened.”

Deepfakes can produce significant threats to business organizations such as false representation of corporate or leadership figures, fraudulent transactions, or extortion.

Furthermore, the use of “shadow apps,” which include unauthorized applications downloaded by employees, increases vulnerabilities throughout the organization and leads to a loss in visibility and control. Risks with shadow IT or apps unauthorized include cybersecurity risks, unauthorized access to data, and compliance risks.

The vulnerabilities in collaboration platforms are a significant issue for companies in sectors that handle sensitive information and data.  Cybercriminals continue to target firms in sectors including financial services, higher education, healthcare, manufacturing, governments and state agencies. Malicious actors continue to find selling data on the dark web to be lucrative and will change tactics continuously to stay in business.

Multi-faceted strategy needed to secure integrated platforms.

Securing an integrated collaboration platform requires a robust and collaborative strategy. Several different methodologies must be enabled to effectively mitigate risks and vulnerabilities that involve platforms or other communications or business tools.

To be most effective, this strategy needs buy-in throughout the organization. Security is not only the concern of the CISO and other IT security teams.

Here are several ways to create a secure collaboration platform that can function optimally for your organization:

1. Start with software applications that are secure by design. As per recent CISA guidance, “secure by design, secure by default” refers to software that has security built in from the ground up. Secure by design means that security is an integral part in and throughout all stages of design and software engineering. Security isn’t bolted onto the software as an afterthought.
2. Adopt a culture of security in the organization. When an organization adopts a culture of security, it needs to start with leadership. With cybersecurity infrastructure on its way, teams, executives and systems all need to be prepared.  All stakeholders from the C-suite to all employees and end users must be involved in the cybersecurity process. The organization must also ensure that employees are educated in practices for cyber hygiene, including Zero Trust, password rules, and accessing only secure networks, endpoints and devices.
3. Ensure that teams have the tools they need. The organization is responsible for making sure employees have the advanced tools, apps, and platforms required to do their jobs effectively. Tools need to be convenient, effective and easy to use.  When employees become frustrated because they don’t have access to business and collaboration tools, they resort to downloading and using shadow apps that can introduce vulnerabilities and risks. It’s critical for organizations to make sure business tools – including AI tools – are verified and secured at all times to protect data, privacy.
4. Enable all software security tools. It’s critical to verify that all collaboration software tools have every advanced security and authorization tool enabled. This includes requiring multi-factor authentication, monitoring and limiting access, and using the most advanced encryption protocols available.
5. Establish API security practices. Some primary API security practices include defining API protocols and maintaining a current API inventory with comprehensive documentation. Other secure API practices include requiring multi-factor authentication, using security keys and certificates, and applying Zero Trust methodology. Partnering with API security software is another effective strategy.
6. Look for collaboration solutions that give you control over the privacy and security aspects of your data and how it is retained. Implementations that allow you to control where modules are deployed (private cloud/hybrid) and how and where those solutions store your data, shared content and collaboration recordings is critical.

Establishing and implementing a comprehensive platform security strategy also requires collaboration and cooperation among business units, IT teams and security teams. Platform, application and API security is an essential part of ensuring an organization’s entire tech stack is secure and optima

About the Author

Allen Drennan is Principal & Co-Founder of Cordoniq. When he founded Nefsis Corp. in 2005, Allen Drennan introduced a cloud-based, video conferencing online service, cited by Frost and Sullivan as the first of its kind. He achieved this by building engineering teams to create a mobile and desktop solution that successfully blended web and native code into a seamless online service.

Over his career Allen has designed, built and deployed large-scale SaaS solutions for real-time video and collaboration, and created new technology for mobile video user interfaces, messaging, text, voice and video communications. Some of these solutions have been recognized in Gartner’s Magic Quadrant and featured in major industry publications over the years, such as eWeek, PC Magazine, USA Today, New York Times, The Wall Street Journal, CyberDefense Magazine and more.

A frequent contributor to open-source projects, Allen also writes about highly technical software engineering topics for iOS, Android, Linux, MacOS and Windows.

Allen went on to found Cordoniq, Inc., bringing together many of the team of senior engineers who created Nefsis and OmniJoin, as well as new talented team members, to create the next generation of truly secure, state-of-the-art video conferencing and collaboration.

Allen can be reached online at https://www.linkedin.com/in/allen-drennan-0359a822/ and at our company website http://www.cordoniq.com/