The COVID-19 crisis has sent businesses scrambling to support a newly mobile workforce. These companies have turned to cloud-based SaaS providers in droves: Meetings over Zoom, instant messaging via Slack, and project and task management from Trello. But with these rapid changes comes a host of security risks and vulnerabilities — which both the SaaS companies and their users are facing with varied results.
First, there are the inherent risks of trusting a third party with your company’s data. Zoom has already faced several high-profile security issues, including two vulnerabilities in the platform itself. But it’s not fair to single out Zoom — nearly every major platform provider has faced one security vulnerability or another over the years. And the tidal shift to these platforms has only exacerbated the problem.
But not all of these security issues have been the fault of the service provider’s security per se. In many cases, the companies setting up these services fail to take basic precautions to protect their users and their data. For example, Zoom was criticized for failing to protect users from unwanted intrusions into their private meetings. But in that case, it was the users and administrators who failed to use the security tools — meeting passwords, user restrictions, etc. — that were available. Similarly, Trello boards can be set to Public, allowing anyone to find your data with a simple Google search, as happened to real estate giant Regus earlier this year.
Other issues are a combination of the two problems — poor implementation choices by users and admins compounded by insecurities inherent to the platform. For example, Slack’s big draw is its interconnectedness. But when implemented improperly, it can multiply risk factors. One company tied their online application system to Slack. But when someone uploaded an infected Word doc as their resume, it was pushed out as a Slack notification to hundreds of people in their HR department — and many of them opened it.
So during this time of rapid change, it’s good to slow down and consider the design choices you’re making when it comes to cloud apps and SaaS platforms. The security of your company and your data depends on it.