Gal Nakash, CTO
September 9, 2022
How well do we really know the identity of each and every person we work with? Do we know exactly what they are working on at any given time, who they are working with, and what tools they are using?
In today’s increasingly interconnected world, where collaboration channels expand our reach, and new pieces of data are created every minute, the identity of each and every user is more important than ever before. Because if we don’t know who a user is, how do we know that they are justified in their interaction with a particular piece of data?
In this blog we look at:
Identity is the set of physical and behavioral characteristics which enable us to recognize an individual. Organizations must establish identity for each individual in their teams to understand who a user is across the entire range of apps in use. However, where the average organization’s SaaS portfolio now comprises 254 apps, that could be up to 254 user identities for every individual.
Traditionally, identity is established through the use of Active Directory, single sign on, or other tools that connect all company-sanctioned accounts to one source of truth. However, if an employee uses shadow IT accounts (unsanctioned products which individual users have signed up to using corporate email addresses, but which are not connected to the corporate identity mechanisms), or personal accounts, these tools will miss vital parts of their identity.
An expanding universe of users has also made establishing identity more difficult. Collaboration tools enable organizations to hook suppliers and customers into working groups, projects, or onto tools. These suppliers, even those with corporate accounts are much more challenging to identify as they come with multiple sets of user accounts. Further chaos may be created if a third party shares an item through a collaboration tool with a fourth party, who is connected to them, but not to you.
Many organizations focus on the data when building data loss protection programs. These programs define rules for every piece of data, setting out who can perform any action against that piece of data, and blocking unauthorized actions before they can be completed. However, these rules are static, and frequently block legitimate actions, or fail to identify unauthorized actions if they are carried outside of the defined parameters.
The universe of data is also expanding. Data is no longer just files and spreadsheets. Any message or shared document can be a piece of data. On collaboration tools data now exists in many tiny small clips which can be originated by any user who can share it with any other user on the tool.
The path that data takes across an organization is not linear. A user can choose to open a document in more than one word processor, or they may choose to share it with others through native share, email, or on a communication application.
If you don’t fully know the identity of that user, then you don’t know who is doing what with a piece of data, and in turn, you are unable to assure that data is not being leaked to unauthorized users both within and outside the organization.
Say that the organization has succeeded in establishing a unified identity for every user across every collaboration tool, and every possible account they could use within the network. Now, the organization must understand what that identity owns, what data they are connected to, what data they have access to, and how they accessed it. At the speed with which collaboration tools move, this task is all but impossible to do manually, and requires some form of automated way to understand who can do what, why, when, and with whom.
The blanket rules defined in the section above are no longer relevant. Because of limitations in tools and the lack of understanding of identity, they usually only cover a small part of the total user identity, making them easy to bypass (intentionally, or accidentally).
For example: A rule places limitations on sharing specific files by email, but the tool is unable to define rules for sharing via Slack. The file has link sharing enabled, and is now shared by a user inside a Slack channel. Every member of the Slack channel can now access the file because of the link sharing setting, even if they did not have access to it before. And because the rule wasn’t able to prevent actions through Slack, this piece of data may now be exposed to unauthorized access.
Traditionally security tools have chosen to secure EITHER identity OR data, leaving a disconnect between the two. But in today’s world, any approach that addresses data protection must be able to address both sides.
In order to truly protect data, an organization must be able to understand the identity, their connections with other identities, their roles and their relationship to a piece of data. At the same time, the organization must also be able to understand the context of each piece of data, who created it, the actions performed on it, and the justification for that action.
And only once all of that context of individuals, data, and justified actions is created, can you truly understand what isn’t justified, enabling the organization to continue to collaborate quickly and securely.
Reco’s collaboration security tool uses AI to create a full context map of every individual and data enabling understanding of how collaboration occurs between users. This way, Reco can match up identities and data to identify the justification for every single action.
Learn more about how Reco can help you bridge the gap between identity and data now.