The next target for phishing and fraud: ChatOps

Cloud-based chat systems introduce a unique set of requirements given the breadth and depth of access to potentially sensitive data

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Enterprise chat applications have surged in popularity, driven in large part by Slack, which now claims to serve more than three million users daily.  What’s more, the popularity of these apps has given rise to a new phenomenon known as ChatOps, which is what happens when these new messaging systems are used to automate operational tasks. 

The ChatOps term was coined by GitHub to describe a collaboration model that connects people, tools, processes and automation into a transparent workflow.  According to Sean Regan, Atlassian’s Head of Product Marketing for HipChat, this flow connects the work needed, the work happening and the work done in a consistent location staffed by people, bots and related tools.  Its transparent nature hastens the feedback loop, facilitates information sharing, and enhances team collaboration, but also ushers in a new set of challenges for securityand risk professionals.

Take, for example, the General Services Administration. Earlier this year, the agency and one of its outside partners shared a series of documents and spreadsheets through Slack. In doing so, they opened up programmatic access to more than 100 Google Drive accounts for nearly half a year, in violation of the acceptable permissions policy defined by the GSA’s information security team.

This is not a security flaw in Slack – instead, it is a risk exposed by the combination of unfamiliar systems being used and managed by business users who are not security specialists familiar with the many regulatory and compliance-related rules around data protection.

Chat systems, however, can be securely adopted and managed.  In understanding how, first consider how these systems have been adopted.  The ease of using these platforms, coupled with their cloud-native integration capabilities with other systems, is largely responsible for rapid growth in the enterprise.

To continue reading this article register now

Discover what your peers are reading. Sign up for our FREE email newsletters today!