Collaboration & Messaging apps like Webex, Zoom, Teams, and Slack can be challenging for any organization to tackle. As these cloud resources are being consumed from remote locations maintaining control of what users can and cannot share has become more challenging. Furthermore, consider apps like QQ, WeChat, and KakaoTalk that use certificate pinning, and you quickly realize that control becomes a privacy concern. This doesn't always have to be the case, however in this battle for control its more important than ever to address privacy first.
Here are a few things to consider:
Some applications leverage other Cloud Storage Resources to share content. For instance Cisco Webex Teams uses alternate domains for Cisco Spark Messaging and chat. MS Teams uses OneDrive, Zoom can use Google Drive. Mapping collaboration and messaging apps to Cloud Storage will minimize false negatives and make policy creation and testing much easier. De-sanctioning of cloud apps and understanding which personal instances of apps your users are accessing ensures you don't restrict access unnecessarily.
Certificate Pinned apps running on your corporate assets should be reviewed regularly to determine the proper course of action from an access and control standpoint. It's important to ensure clear communication with existing app users to prevent confusion and anger. Turning off access to an app that a BU uses could have unintended consequences. This is why using Netskope ShadowIT and App Discovery features to determine which apps are being used and by whom is a critical first step.
Regional based app controls are very important, especially when your users are spread out across the globe. Some Collaboration tools like KakaoTalk are very popular in certain regions and are expected to be allowed, however users in other regions may not operate with the same expectation. Leveraging Netskope's global footprint and location awareness capabilities, we can ensure only specific users or groups based in specific countries have access to applications that may be country specific. If this is a personal instance of an app the concern around privacy becomes more important. Using Netskope ShadowIT and App Discovery features to talk with BU leaders can be extremely valuable and should be leveraged where possible.
Security conscious organizations will want to block specific apps, Netskope can help with this. Our policy engine can be configured to help you address binary and non-binary privacy concerns by leveraging our rich contextual-based policy engine. Coupled with granular steering controls, the ability to tackle virtually any cloud-based access scenario becomes possible.
You will also want to discuss access to personal instances of applications and start to consider data protection concerns when it comes to allowing access to specific instances of apps. Using Netskope Instance Awareness we can help differentiate between specific instances of many SaaS Apps and provide more granular controls when a personal instances is detected. For instance prevent a user from uploading sensitive data to a personal instance of Slack or prevent them from sharing externally, while allowing that same user to collaborate with other internal users on your sanctioned instance of Slack.
A few of the more common Messaging and Collaboration apps we support with Access and Activity based controls are: Cisco Webex Teams (Spark), Zoom, MS teams, Slack, Google Hangouts, Blue Jeans, SFDC Chatter. For a complete list of Collaboration Apps please contact your Netskope Account Team.