Control Third-party Communication Apps to Protect Your Third-party Workflows
Much like a busy office building with employees and guests coming and going, it’s impossible to monitor all information leaving and entering your organization. Everyday third-party communication apps, such as email, shared folders or file storage, are the doorways leading bad actors straight to your company’s PII, PHI, and IP. To protect these crown jewels, you must limit the number of entrances to your content to shrink the threat surface, the virtual space where your organization is exposed to attacks targeting third-party workflows.
Third-party workflow threats have a common theme: a user is the actor, and a file is the agent. Complete protection requires a defense that spans the full breadth of the associated threat surface: the collective paths of all files entering and exiting your organization. A comprehensive defense entails securing, monitoring, and managing all third-party workflows, including secure email, SFTP, and secure file sharing, among others.
In my last blog post, I discussed the importance of seeing who in your organization is sending what to whom by creating a CISO Dashboard. In this post, I’ll share another strategy to protect your organization from third-party workflow threats: control and defend third-party communication applications.
Restrict and Enforce the Number of Communication Apps Used in Your Third-party Workflows
Users share files from multiple endpoints: email, Web browsers, mobile apps and enterprise apps like Oracle and Salesforce. The fewer third-party communication apps you have to monitor, manage, and secure, the better. Restrict the number of applications coming onto your network by prohibiting unauthorized software installation and deploying a cloud access security broker (CASB) to block unauthorized cloud services.
Reducing the number of doors, the verified apps in your organization, can help in the event a contractor, accountant, or other digital supply chain vendor, gets breached. Hackers will try to access your network through your less secure partners and one of the biggest gateways into an organization is through external applications. Financial tracking apps or communication apps, for example, are porous systems attackers can breach, leading them straight to the heart of your organization and your most sensitive data. By limiting the number of gateways to your organization, you reduce the entry points these attackers have into your enterprise.
Demonstrate Compliance With Data Privacy Regulations
Controlling which applications employees use to share sensitive content is not only essential to protecting PII, PHI, and IP from compromise, but it’s also necessary for demonstrating regulatory compliance with industry regulations such as HIPAA, GDPR, GLBA, NIST 800-171 and others. These regulations have strict requirements for handling, storing and exchanging customer data so that data privacy is ensured every step of the way. Failure to comply can lead to hefty fines, public embarrassment, lost revenues, class action lawsuits, and more.
When you limit the number of entrances to your content, you have a better handle on what sensitive information is coming into or leaving the organization, and you can secure it from end to end. [source: Accellion secure content communication platform]
Securing third-party communication apps is a critical strategy for protecting your sensitive content however it’s not the only one. In my next blog post, I’ll discuss how to make authorized third-party file sharing easy for employees so they don’t look for shadow IT alternatives.