I have a couple of business partners (supply and trading, shipping) that leverage email heavily, mainly sharing documentation back and forth between themselves and third parties and some deals or agreements are also done over email. These partners would like a secondary communication in the event of email disruption: what other communication methods (email-esque) would you suggest? Also, cybersecurity is nixing other ideas because of concerns, but business is the number one concern, can assume all risk and override cyber though this could lead to consequences. Have any of you experienced this and how have you addressed their concerns?

Applications & PlatformsEnd-User Services & Collaboration
2.1k views1 Upvote3 Comments
Sort By:
Oldest
CISO in Softwarea year ago
Oh man, a lot to unpack here! First, I have to say I'm surprised that cybersecurity is nixing other ideas in FAVOR of sharing documentation over a standard email channel. Email is notoriously insecure, a primary vector for fraud-based attacks, easily spoofed, and lacks robust control mechanisms beyond DMARC/DKIM/SPF. 

The best solution usually depends on the organization(s) in question. Are they Microsoft O365 shops? Google Workspace? Do they leverage chat-ops heavily? How do they track access control and access requests? What sort of regulatory implications may there be as it relates to data retention and handling? Are there contractual agreements with any vendors or partners regarding how sensitive data must be handled?

As a CISO/CIO in my organizations IT reports into security so the default lens through which we view technology solutions is; "what is the greatest security posture I can cultivate around this process without installing friction for users?" 

Often times the unlikely best candidate here is whatever cloud storage offering is native to your productivity suite. Both O365 and Google Workspaces have decent default security functionality and offer licensing for fairly robust security capabilities within their ecosystem. Or; they have really great toys to play with but, they don't leave the sandbox. Using a solution like MS OneDrive or Google Drive as a sharing platform for documentation is usually super easy for everyone to use. In addition to ease of use, however, this also makes sure that the documentation exists in an environment where you have granular control over security and audibility. Some basic suggestions with this solution include:
- Configure the default settings so that everything you create starts out private, and you must grant people access.
- Don't allow "share with anyone who has the link." Share with individuals or groups of individuals.
- Set expiration on sharing access so that you don't forget to revoke access later when business is concluded.
- Consider purchasing the native DLP functionality to ensure certain types of sensitive data are not inadvertently shared.
- Create a process to log access requests for external parties so there is an audit trail showing business cause for the access and logging expected access revocation timelines.

If the orgs are newer orgs that are chat-ops heavy (like mine) sometimes creating a collaborative Slack channel and inviting the other parties is best. This, similar to cloud storage, allows some degree of control over the environment security and is probably the "best" business solution in terms of speed-to-collaboration. Similar considerations as above, mostly want to focus on the part everyone forgets; revoking access so there are no hanging permissions. 

Then there are the more traditional file-sharing services like DropBox and Dropzone. I doubt those need explanation.

IMHO email should be considered the last ditch form of communication for these types of interactions and if email is used it should only be used with a secondary security layer on top- password encrypting shared files and sharing the password through a password management solution like 1Password, for example.

Hopefully this helps, sorry for the lack of brevity 😅
5
Chief Information Security Officer in Healthcare and Biotecha year ago
a good number of business is trying slack. you can also try
1 1 Reply
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CISO in Softwarea year ago

Slack is certainly a MASSIVE improvement on email, and I'm fully bought-in to the ChatOps culture.  

I do think it bears mentioning that ChatOps platforms have become an increasingly popular attack vector for malicious actors, given the intrinsic credibility an ATO on Slack gives to a social engineer and the often broad cross-section of different corporate data types shared and stored there. 

Also, because Slack is often considered an out-of-band comms channel for support when other services go down or get locked, it often is configured with a longer log-in duration than other enterprise services (so you can contact IT when your email is locked). 

We recently developed an internal standards doc for external data-sharing practices. We host a GCP bucket and a combination of asymmetric encryption, single-use expiring URLs, and granular audit logging (among a few other details) to ensure complete control over sensitive external shares. If you're a cloud-native org make sure you have strong relationships with your Architects who should be able to serve up solutions like this with relative ease. 

1

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & PlatformsCloudData & Analytics+15 more
Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago
Strategy & Architecture
Read More Comments
39k views5 Upvotes34 Comments

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

Do you know anyone who migrated to the Informatica SaaS MDM solution? If so, please describe the migration experience in detail (pros / cons). Is the MDM SaaS all that it was promised to be? 

MigrationSaaSApplications & Platforms
1.8k views2 Upvotes

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & LeadershipStrategy & ArchitectureCloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments

What is the most interesting/helpful/unique tool you're using right now that no one is talking about?

CloudNetworkCompute+37 more
Senior Director, Technology Solutions and Analytics in Telecommunication3 years ago
Palantir Foundry
3
Read More Comments
11.7k views13 Upvotes49 Comments