Cloud computing became one of the principle enablers of the digital workplace following years of debate about its relative security. In a recent report, Gartner suggests those fears may be warranted. The report identified the top 10 emerging risks (pdf) based on a survey of 110 senior executives in risk, audit, finance and compliance at large global organizations, and cloud computing topped the list.
According to the report, the problem stems from either unauthorized access to sensitive or restricted information, or with accessing information due to disruption of their own services.
But it’s not the only problem for emerging digital workplaces. The report also cited social engineering — the practice of influencing, manipulating or tricking users into giving up privileged information or access within an organization — and GDPR compliance as most likely to cause the greatest enterprise damage. Think how prevalent social network use and GDPR initiatives are in the digital workplace and you get idea of how significant these findings are.
Gartner warns these trends are likely to continue for at least the next four to five years. The analyst firm issued a statement saying that through 2022, at least 95 percent of cloud security failures will be the fault of the organization. As more sophisticated tactics such as social engineering are used to compromise sensitive data, organizations should expand their cybersecurity team to address evolving digital risks.
“Executives are right to expand cloud services as part of their digital business initiatives, but they need to ensure their cloud security strategy keeps up with this growth. Leaders should start by clearly identifying their most at-risk areas, which remain obscure to many large organization leaders,” said Matthew Shinkman, risk practice leader at Gartner.
Gartner forecasts cloud computing will be a $300 billion business by 2021, as companies increasingly adopt cloud services to realize their desired digital business outcomes.
Office 365 Phishing Campaign Targets SharePoint Files
In other security news, researchers have detected a new phishing campaign that mainly targets Office 365 customers to harvest credentials. The campaign, called “PhishPoint,” is spread to victims via emails containing a SharePoint document and invitation to collaborate. According to a blog post from cloud security platform provider Avanan, over the past two weeks, the company detected (and blocked) a new phishing attack that affected 10 percent of Avanan’s Office 365 customers. It estimates this percentage applies to Office 365 globally.
The post, by Reece Guida, said PhishPoint marks an evolution in phishing attacks, where hackers go beyond just email and use SharePoint to harvest end-users’ credentials for Office 365. She explained that hackers are using SharePoint files to host phishing links. By inserting the malicious link into a SharePoint file rather than the email itself, hackers bypass the built-in security within Office 365. This leverages a critical flaw, as the security focuses on email but neglects other Office 365 services.
To protect against potential threats, Office 365 scans links in email bodies to look for blacklisted or suspicious domains. Since the link in the email leads to an actual SharePoint document, Microsoft did not identify it as a threat.
As usual with these things, the best way to avoid a problem is to ignore emails, documents or any kind of communication sent from an unknown source, but because its SharePoint and you may be working on a system with thousands of users you might be tempted to open unsolicited emails. Unsurprisingly Avanan, among others, offers a solution for such security challenges.
LinkedIn Improves Groups
Microsft has worked to improve LinkedIn since its acquisition in 2016. In its latest move, it is relaunching Groups to make them more useful. According to an announcement made to Groups’ power users on Aug. 15 and reported in TechCrunch, the relaunch will see LinkedIn push Groups into its main mobile app later this month after pulling the standalone app earlier this year. It will also streamline the new app and cut several features including removing moderation powers from non-owners or managers, temporarily removing the ability to pre-moderate comments, as well as making auto-generated email notifications unavailable.
This comes three years after LinkedIn tried to breathe new life into Groups by creating a standalone app in the hopes of encouraging the two million Groups users already on LinkedIn to spend more time posting, reading and managing (if they were admins) those groups, and creating new groups.
The revamp of Groups comes only a month after the company announced that it is rolling out voice messaging across its apps, with the aim of voice messages being to build a “more personal connection.” The rollout will be ongoing, and all LinkedIn users should have access to the feature within weeks.
Nuxeo Upgrades Content Services
New York City-based Nuxeo has upgraded its core Nuxeo platform with several new additions and releases with the Fast Track 10.2 release. Among the new additions are enhanced capabilities for annotations, including the ability for users to annotate office documents, images, videos, PDFs, and AutoCAD documents for review/validation processes or for media enrichment.
It also comes with an Adobe Creative Cloud connector, which has been rebuilt from the ground up to improve the user experience and take advantage of the full capabilities of Adobe CC 2018. In a statement, Chris McLaughlin, chief marketing officer at Nuxeo said the upgrades were part of the company’s ongoing strategy to help businesses connect information across the enterprise. “The latest release of the Nuxeo Platform further strengthens our foundation for building intelligent solutions that connect information across the enterprise, improving business performance and delivering competitive advantage,” he said.
Among the other upgrades is the “Identifying Similar Content” query, which enables intelligent searches across a repository for content that’s close to the content of a given image, document, case or other business object.
Nuxeo has figured prominently in independent research reports in the last few months. In March it was ranked as a “Leader” in the 2018 Nucleus Research Technology Value Matrix for Enterprise Content Management (ECM). Aragon Research also named it a “Leader” in its Globe for Enterprise Video, 2018: Making Customer Journeys Visual report in July, an evaluation of 17 providers in a market that is set for explosive growth.
Jim Marggraff Joins Oblong
Finally this week, Los Angeles-headquartered Oblong Industries, creator of the Mezzanine interactive collaborative software, has added Jim Marggraff to its board of directors. The addition came at the same time as an announced extension of the Mezzanine product family and deeper software integrations with Cisco Webex Teams, IBM Watson Workspace and Slack.
Marggraff joins Oblong after decades of corporate leadership as a co-founder of StrataCom, Livescribe and most recently Eyefluence, which Google acquired in 2016. He also worked at Leapfrog, where he invented the renowned LeapPad Learning System.
In a statement Marggraff said: “At a time when collaboration is a buzzword, and continuous innovation is table-stakes for all enterprises, nothing compares to the simplicity and ease of use of the platform Oblong has built with Mezzanine. Given my career focus on technologies that advance communication, cognition, and collaboration, I share a commitment with this team to enhance human potential through improved collective intelligence augmented with collaborative thought-environments. I see great things happening with Oblong and their partners.”