Due to the pandemic, companies are turning into online meetings and conference calls to continue operating. I have been working remotely over 10 year remotely and have used multiple different tools. Similarly, over the years I have been advising companies adopting cloud solutions in a secure way. Our focus is to protect the company’ data and our user’s privacy.
We need to understand that consumerization of IT is a real challenge for organizations, especially the ones with a high cyber security awareness. Hundreds of free conference and video call tools and services were released only last month. And users are adopting these tools in their personal life to continue practicing social distancing. The challenge comes, when users adopt these free tools for their personal use and start using them in the business world.
There is another conversation about IT leadership and how to understand the end-users need to be able to provide the right set of tools that fulfill the operation’s needs. But I will leave that for a different blog post. The real issue here, is that users need to stop using consumer-grade solution for business operations. Privacy, Security and Compliance is a real need for businesses.
I would like to list the reason why, as a cloud security architect, I would recommend implementing enterprise solutions such as Microsoft Teams. Disclaimer, I use Microsoft Teams, but Cisco, LogMeIn, Adobe, etc. offer also robust and secure solutions.
- Data Loss Preventions (DLP): Teams integrates with Microsoft DLP allowing the organization to monitor and control the data shared by users or guests. This will prevent users to from sharing personal identifiable information (PII), U.S. Financial data. Similarly, we can enforce HIPPA, PCI, and other standards compliance.
- Real-time safe-links and safe attachment: By using Teams all chat conversations, collaboration and shared information is protected by advanced protection system powered by AI in real time. Links or documents are reviewed by a spam filtering.
- Archiving and Data Retention Policies: Teams allow administration to retain data following the compliance policies.
- E-Discovery and Legal-hold Integration, Audits: Compliance teams and auditor can always perform E-Discovery searches during a litigation.
- Authentication integrated with Azure AD: Admin can enhance their Teams security by implementing sign-in risk policies, conditional access policies and even implementing multi-factor authentication preventing un-authorized access to service.
To summarize my recommendation for SMBs. which are the most vulnerable entities to malware and cyber-attacks, is to stop using free software immediately and start looking into solutions that will protect your data and your user’s privacy.