Using Varonis & Teams to visualise &
reduce risk in a home-working World
Introduction
Now is not the time to stop thinking about security, especially as the world of cyber only gets more and more complex with every new app that gets added to the mix; add a smattering of CoVid-19 on top of that to make us change the way we work, and suddenly the new situation could make things worse if not careful.
Now is the time to tighten up on security if anything. It would be easy to lose sight of our security amidst the CoVid-19 pandemic and the unusual circumstances that we all find ourselves in. After all, this situation is affecting all of us in many ways that no recent generation would have recognised. Gratefully, one of the things that is holding everything together right now is our IT infrastructure — just imagine if we didn’t even have the option of working from home!?
Remote working is currently the norm for all those who can, so remote collaboration has become particularly important for people to work together effectively. It seems many organisations — including our government here in the UK — are resorting to the first convenient application available, without giving much thought as to whether the tools are suitable or necessary; nor indeed is there much obvious consideration of the security implications of using tools such as Zoom, for example. Surprisingly, even our government was quick to use Zoom to hold their initial socially-distanced meetings — a tool deemed not suitable by the UK’s Ministry of Defence. As it turned out there was a security flaw, which has since been patched, but the question is: how robust and secure is that particular application for serious business use?
Microsoft Teams
Microsoft’s Teams solution is, on the surface, a good idea. It allows for collaboration and, hailing from Microsoft, a reputable business software company, it should be fine to use? Right?
Well, yes BUT… it is important is to realise what an application like Teams does and how it works. For starters, it is important to know that it is not a platform or a data store but rather a client that allows access via a single interface to all of the applications that sit behind it:
- SharePoint
- OneDrive
- Outlook
- Skype…
In addition, Teams has been designed to bypass IT admins, which means that each user can control who gains access to shared data. Microsoft may have even taken it a step too far by making Teams available to anyone to kick off a free trial.
How does Teams make all that data accessible? When a user creates a team, several things happen automatically:
- A site is created in SharePoint online
- Sharepoint local groups are created and given permissions to the site
- Azure AD groups are created and nested inside the SharePoint local groups
- Team owners add team members, who are added to the Azure AD groups (Team members may include internal and external members, depending on the site’s configuration.)
- A hidden mailbox is created in Exchange online
This process is repeated for public and private channels within the team and that is just the beginning!
Once a team is set up, users can continue to expand their collaborative scope, making changes to permission mechanisms without administrative assistance.
- Team owners can elevate privileges for other users, making them owners for their teams
- Users can share links to sites, folders and files from teams and from SharePoint online
- When users share files through chat, these files are stored in their OneDrive folders
Admin nightmare — How can you see who has access to all that data?
In Teams, administrators must also look in multiple places to understand who has access:
- They must look in Teams or in Azure AD to determine who are team members and owners
- They must look in Sharepoint Online (Advanced View) to see who has received links to files, folders or sites, and where permissions have been granted directly through SharePoint Online
- They must review permissions on files stored in OneDrive
Even if you weren’t aware of how Teams works, it should become apparent just how quickly things can become messy. As well as effectively losing control, admins do not have the level of visibility they should have. It soon becomes extremely hard to get a grip on what is shared internally, publicly and in the cloud — virtually impossible to keep track of. IT cannot even see who has access to a Team — from Azure, it is not possible to see people who have been added by a link. Alongside all of this, Microsoft is adding features to Teams, giving admins little chance of keeping up with effective administration.
The adoption of Office 365 and Teams is taking off. Last week there was a surge in use of Teams (an additional 44 million instances just last week) as it integrates so easily with O365.
And remember, creating a Team is a matter of a couple of clicks, naming it and adding users to it.
By the way, how many instances do you expect to have? A reasonable estimate is that you can probably expect to have at least one Team per user per month. MS have recently made changes to Teams to allow 2 million per tenant!
Everyone in a Team is an equal, meaning that anyone who is a part of the Team will have access to all of the shared data.
Data Protection: the Elephant in the room.
Your data is already spread out and growing. It’s getting harder and harder to know where the data is. Here are some questions worth asking:
- How quickly can your data be located?
- Do you know who has access to your sensitive data?
- Can you easily retrieve access from those who shouldn’t have access without removing access to those who should?
It is possible to build access templates behind Teams to control the sharing but in reality, this is unlikely to happen. Building access templates to create custom permissions behind it will become the bottleneck as templates would have to be created for each instance (remember, how many Teams do you envisage you will have in your environment?).
A way to take control of the situation
It’s hard to protect what you cannot see, but Varonis actually gives admins greater and more extensive visibility of who has access to what and where the data is stored, especially where Teams is concerned. This is what Varonis is all about. If you are unfamiliar with Varonis, here are some of the benefits that you will get from using Varonis:
- Centralised visibility and control for hybrid O365 environments
- Quickly and accurately answer “who really has access to our critical data?”
- Classify and protect sensitive & regulated data at scale
- Data-centric threat detection with hundreds of out-of-the-box models
- Commit engine to take action to quickly remediate at-risk data
- Comprehensive and scalable audit trail of events across O365 apps
In Varonis, administrators have a single pane of glass to view all of these permissions, and more. In the scenario below you see the TEAMS site called COMPENSATIONS2 and below it you see folders and a file called Employees Bonuses.xlsx. On the right you see the permissions for that file:
This view is unavailable in Teams, 365, or MCAS. It is also not possible to visualise where sensitive data resides in the hierarchical structures and who has access. This context is available in Varonis:
