No Risk Teamwork

MJ Kaufmann

MJ Kaufmann

Security Specialist

The drastic and sudden ways the COVID-19 pandemic altered our world demanded organizations rethink how they do work and forcibly moved many positions into a remote-only capacity. Phased re-openings and staggered peak dates call for new tools that recreate in-office collaboration and make your remote worker’s identities secure. While many recommended solutions adequately cover remote collaboration or identity access risk, why not simplify your IT overhead by doing both at the same time? 

Just another meeting

You’re in a conference call working with internal and external employees. Someone on the call decides to invite a person outside the organization, possibly a vendor, to join the meeting and review data. What harm could it do? The answer is a lot. No one considers this action to be problematic until access to the meeting, its members, company data, and infrastructure are disclosed, and that simple meeting becomes the center of a security incident. 

How do we collaborate without risk? 

Even before the pandemic, Microsoft Teams was a hub for employees to chat, meet, call, and work together whether a few offices apart or spread across the nation. Microsoft Teams’ powerful collaboration and communication allow individuals a wide-range of freedom in how and when they work together. That freedom, however, creates security and compliance challenges for the business. 

The ability to invite anyone outside of the organization into meetings, or to review data increases the flow of teamwork but opens the door to risk. The lack of oversight into who is being invited leaves the potential for orphaned access. Additionally, the lack of fine-grained entitlements increases the challenge of managing and maintaining updated appropriate access.  

Saviynt integrates directly into Teams bringing real-time automation capabilities for provisioning team members directly into the application without having to switch back and forth each time a new member is added or channel is made. By tying directly into Microsoft Teams it automates the implementation of role or birthright access to ensure appropriate rights are added to grant a ‘zero-day’ start so that the rights needed to perform your job from day 1 are ready and in place. 

To augment this, time-bound access ensures permissions are directly removed from Microsoft Teams once an individual no longer needs access. The utilization of periodic recertification forces the individual team owners to review and validate each member’s access. Automated tasks divide the labor up into smaller manageable chunks, reducing administrative bottlenecks. 

Visibility into team risk

Automation and machine learning from Saviynt simplify the process of safely integrating third parties into your organization’s Microsoft Teams environment. To simplify that business process Saviynt provides the Microsoft Teams owner, as the third-party sponsor, the ability to manage all third-party associations, delegations and review the overall sponsor/contractor relationship throughout the lifecycle of their association.  

For example, external contractors sign into Microsoft Teams to work on a project that allows full collaboration for the duration of the project. After the project is complete, if access is not properly removed, the review process will show this orphaned set of permissions. Saviynt will alert the MS Teams sponsor to remove the rights at this point.  In cases where the project timeline is fixed, time-bound access can be used as a preventive measure. 

Allowing internal individuals to invite external parties into  Microsoft Teams, generates a rather obvious risk in managing their membership and lifecycle. Less obvious though, is the internal threat generated by cross-departmental invites to a team. What might appear as normal utilization of cross-departmental or cross-functional teams can potentially lead to the exposure of sensitive data, or confidential information leaks.   

Saviynt provides dashboards to help identify operational risks such as teams that consist of only guest accounts or inactive team owners.  In addition, Saviynt comes with over 250 out of the box risk controls that the organizations’ Microsoft Teams administrator can select to apply to the overall Microsoft Teams environment. These controls improve visibility throughout Microsoft Teams thus speeding up remediation. Because the controls are easy to configure organizations can quickly and efficiently adapt the Microsoft Teams environment to meet individual business needs and deploy 60% faster than comparable IGA solutions.  

Saviynt’s monitoring identifies situations where toxic combinations of access may occur. For instance, allowing members of the operations group direct access to teams and channels owned by accounting creates the potential for disclosures of company financial information that the operations’ members should not be privy to because of their stock holdings. In many organizations, individuals with access to this data are restricted from selling stock outside of pre-defined periods due to federal regulations. The operations member in question would have no such restrictions thus this financial data disclosure creates the risk of insider trading. Alerting and remediating from Saviynt in advance allows the organization to not only protect itself but its employees and reputation.  

Continuous compliance

Collaboration moves an organization forward and facilitates innovation. However, if the business rules of compliance are not implemented well, it can swiftly throw the brakes on cooperation.  Many compliance frameworks have complex rules that are challenging to guarantee in a tool such as Microsoft Teams without a solution providing additional insights. Faced with this challenge, many organizations choose to avoid implementing a tool such as Microsoft Teams, no matter how much it might improve their efficiency and foster innovation to avoid the challenges of implementing enough controls to maintain compliance. While this might appear short-sighted to many, it is often the answer for the most risk-averse organizations.  

Saviynt helps to facilitate the management of compliance not only Microsoft Teams but the entire multi-cloud ecosystem. By taking a holistic approach to managing compliance by integrating in-depth visibility across all your cloud and on-prem ecosystems, Saviynt provides the depth of visibility required to meet your compliance needs.  Saviynt’s control library directly maps to industry standards such as HIPAA, SOX, PCI, and GDPR and allows organizations to design their own control based upon their corporate security policy.     

Saviynt provides a holistic Microsoft Teams solution to manage the membership lifecycle of a member of a team and investigate the full utilization of your Microsoft Teams ecosystem. By providing single-pane-of-glass visibility into the environment, Saviynt delivers in-depth insights that you can use to control risk and ensure continuous compliance throughout Microsoft Teams while still reaping all of the collaborative advantages that Microsoft Teams delivers. To learn more about how Saviynt and Microsoft work together to provide smarter security, join us this Tuesday.   

Schedule a Demo

Ready to see our solution in action? Sign up for your demo today.