Wire Blog

The Admin Privilege Model Is Broken

Written by Alex Henthorn-Iwane | Sep 30, 2024 10:02:38 PM

This summer, the business world was rocked by the revelation that a hacker group NullBulge had compromised Disney's Slack communications tool and made off with 1TB+ of sensitive information on variety of topics, including 44 million messages, 18,800 spreadsheets, and 13,000 PDFs specific to Disney's strategy, finances, and operations. The hacker group claimed that it had the willing help of an insider, but without any acknowledgement from that named party, it is unclear whether or not this was an insider job or whether someone in Disney was a victim of a phishing, malware, or social engineering hack.

But whether it was or not doesn't matter. Because the real problem was that there was a way to use a single account to access 10K+ slack channels.

So, while Disney has since announced that it will be phasing out Slack, unless it makes a radical shift away from popular messaging and collaboration platform choices, it will remain dangerously exposed.  

Why, you ask? 

Because corporate communication tools like Slack, Teams, and Zoom are built with a fatal security flaw, that violates the principles of zero-trust security. Furthermore, this flaw is not an error, but is by design.

Zero trust means no default “root” access

The concept of zero trust is built on the premise that no one, whether inside or outside the organization, should be automatically trusted with access to systems or data. It requires continuous verification of identity and security, regardless of the user’s location or network.

When it comes to messaging and collaboration applications, a very simple way to understand zero-trust is that it should not be possible for someone who has not been explicitly entrusted, to access communication streams, the data exchanged, and any data that’s being collaborated around.

A good analogy for those who are familiar with typical computer operating systems is that in a zero-trust scheme, there should be no default “root” admin privilege or access, where a role or account automatically inherits hierarchical access to everything.

Popular collaboration apps fall (far) short

All major collaboration platforms, including Slack and Microsoft Teams rely heavily on centralized systems and broad administrative controls, which are fundamentally at odds with Zero Trust. Administrators often have deep access to company-wide data and conversations, making it easier for breaches to escalate across the platform. These platforms prioritize ease of access over stringent security, increasing the likelihood of unauthorized access to sensitive information.

Given massive breaches such as Disney’s, why do these tools remain flagrantly foul of zero trust principles, all while proudly claiming to offer enterprise-class security? The simple reason: it’s by design.

Breaking zero trust is part of the business model

A fundamental tenet of most tech companies is leverage and monetize customer data in order to refine their services and generate new revenue streams.

Microsoft for example, is known for being aggressive (some would say unscrupulous) in its enforcement of schemes that allow them access to user data with or without explicit consent. One example is the way that the Cortana OS assistant exports extensive amounts of user data in some cases without any way to opt out. 

The all-out arms race to commercialize Artificial Intelligence (AI) has made it nearly irresistible for tech companies to monetize customer data to train their models.

Ultimately, the overwhelming inclination of tech companies to grant themselves access to customer data means that they design their products to allow unrestricted access to your sensitive data, in direct contradiction of sound security principles.

What zero trust communication should look like

A zero trust approach to collaboration ensures that all communications and data are encrypted end-to-end, meaning that no unauthorized party, including platform administrators, can access the content of your messages. Authentication is required at every step, and access to company data is restricted based on roles. This ensures that even internal employees or administrators cannot access sensitive information unless explicitly authorized. By implementing zero trust principles, organizations can prevent unauthorized access to sensitive data, even if other security measures such as user credentials or network access are compromised.

 

End-to-end encryption: the best defense against data theft

One of the key vulnerabilities in tools like Slack and Teams is the absence of universal end-to-end encryption. While these platforms secure data in transit and at rest, platform administrators or third-party apps may still have access to messages. Without end-to-end encryption, centralized data storage on their servers creates the risk of exposing sensitive company information if administrative privileges are misused or if hackers target the platform.

In contrast, end-to-end encryption ensures that only the sender and intended receiver can read the messages, with no access granted to platform servers. This encryption extends to all messages, calls, and files, safeguarding intellectual property from external threats.

Decentralized data storage further reduces compromise risks

Putting all your eggs in one basket has never been a smart risk mitigation strategy. Yet that’s what you’re choosing when you use platforms like Slack and Teams that store all the data centrally and give administrator accounts broad access to that data. For instance, a single hacked administrator account in Microsoft Teams can lead to unauthorized access across the entire Office 365 ecosystem.

That’s why decentralized storage is so important. Combined with end-to-end encryption and role-based access control (RBAC), decentralized storage creates a potent firewall to limit the blast radius of account compromises.

Protection Against Third-Party Integrations

Messaging and collaboration apps such as Slack, Zoom, and Teams offer numerous third-party app integrations, enhancing productivity but also introducing potential security risks. Each external integration increases the attack surface by providing additional entry points for hackers.

A controlled ecosystem that limits excessive third-party integrations reduces the risks associated with data exposure through these external applications, focusing on maintaining a secure communication environment. To achieve that, there are many aspects to consider, for instance limiting the access to various chats, not even providing a full list of conversations available (this metadata could be very valuable for more persistent threats).

How high is your risk tolerance?

Every security professional knows that phishing, vishing, smishing and other socially engineered attacks are the biggest vulnerability points in your organization’s cybersecurity. Attackers are leveraging AI tools to produce cosmetically perfect, deeply researched and personalized attacks, and can focus huge resources relentlessly to compromise privileged account holders. The upshot of this is that trusting that a massively over-privileged account holder won’t get compromised, is rolling dice that are heavily weighted against you.

A security-first messaging and collaboration platform, using end-to-end encryption and decentralized message data storage, minimizes the impact of a single compromised account. This approach ensures that sensitive data remains protected, even in the event of a breach.

If you’re ready to stop rolling the dice with your company’s critical data, then it’s time to seriously consider a security-first alternative.

Conclusion: Choosing a Secure Business Communication Platform

In an environment where data breaches and intellectual property theft are constant risks, organizations need communication platforms that prioritize security. Centralized control, limited encryption, and vulnerabilities introduced through third-party integrations leave tools like Slack and Teams open to potential threats. By adopting a secure platform built on Zero Trust principles, end-to-end encryption, and decentralized control, businesses can protect their sensitive information and focus on innovation without fear of exposure.