Diffusing the Zoombombs

Time for WFH Collaboration Security is Now

Now that we are all on Zoom, Slack, Teams, Box and more such apps to get our jobs done while WFH, we must face up to the risks that come with collaboration tools especially when collaborating with people outside your company.

According to Techcrunch, Zoombombing is a thing. And the New York Times agrees.

Who’s in that Zoom or Slack channel? (Photo Credit: @aziz_acharki)

Do you know who that Jack Spade is?

You share a file online and then the person you shared it with forwards it to 13 other people. Now, Jack Spade is lurking on your Google Doc.

Do you know who that Jack Spade is? How do you know if he’s the Jack Spade that actually works for your customer? Do you know your customer or partner’s domain name? Is it LightMachine dot com or LightMachines dot com or LiteMachine dot com?

Does your CISO know who Jack Spade is?

While you may be a digitally savvy user, what about the old board member who barely likes to email? (Don’t send me hate mail. It’s a fact that board members of Fortune 500 companies tend to be old and male.)

It all falls on the CISO. Your CISO has been trying to fight a valiant fight against the #1 attack vector for online cybercrime — business email compromise (also called phishing).

But now, it’s no longer just email. All of our apps are in the cloud and so is our collaboration.

Who is Jack Spade?

Collaboration Security Market

10 years ago, we had the SaaS and Cloud boom. A whole generation of cloud security companies were born from that era — ZScaler to protect your network, Netskope and other CASBs to protect your SaaS apps, Okta to protect your users, 1Password to protect your passwords and so on.

But most of these cloud security products were built for apps that we use within our companies — and not for external collaboration.

The new external collaboration enabled by powerful tools like Slack (Shared Channels), Zoom, Box, etc. requires new tools.

We need to know who Jack Spade is?

At Clearedin, we built a solution for this — applying machine learning to your collaboration history, we autodetect who Jack Spade is and what company he actually works for. Clearedin then automagically blocks any emails, Slack messages, Zoom connections or Box files coming in from all the fake Jack Spades.

Box Shield lets you govern external sharing, Slack Shared Channels lets you manage who you can talk to externally, DocuSign has whitelist features etc. We believe the CISOs cannot manage all these settings and govern them effectively one at a time. So there will be a Cloud Collaboration Security Platform. At Clearedin, we hope to be one of the pioneers.

(Cross-posted @ Storm Ventures)

LinkedIn Twitter
Partner, Storm Ventures. Previously VP of product management & strategy at salesforce.com across applications and platform. Previously founded and led Oracle SaaS Platform, and held engineering and product management roles in SOA and Identity Management. Anshu has a B. Tech. (Honors) and M.S. in Computer Science from Indian Institute of Technology at Kharagpur and University of North Carolina at Chapel Hill respectively. Read his blog here.