The danger of the ‘bits in-between’ applications
By Shain Singh (pictured), Principal Security Architect at F5
We live in a world where falling victim to social media advertisements isn’t a niche occurrence. It’s something we experience daily. From the moment we open our Facebook or Instagram accounts, we are bombarded with personalised ads– some of them so precise it feels as though they’re reading our minds. Take for instance that exact item you’ve been looking at buying for weeks suddenly appears on your Instagram feed at 20 per cent off.
Likewise, on an enterprise level, solutions use similar machine learning algorithms to predict customer needs. For example, you may receive a targeted proposal for a cloud service upgrade, just as your business hits a growth milestone. Or think about when Teams intuitively knows that the meeting you’re scheduled to have is linked to an email you sent two weeks prior.
While it may seem like these prompts are magic – it’s just data.
But the real question is, how do these systems know so much about our behaviour, preferences, or interactions across different systems? It’s something I like to call, the ‘bits in-between’ – the unprotected pathways between one app to another, like hidden gaps that seemingly go unnoticed by us.
These pathways may seem innocent, even helpful (at times), but there’s danger that lies between the data being transferred within these intertwined applications.
Traditional security lacks depth
Most traditional security tools are designed to monitor access and permissions within individual app or devices, and few are paying attention to securing the ‘bits in-between’ that connect them. Every second, data is flowing seamlessly between platforms – Outlook to Teams, Salesforce to Slack, etc., – creating pathways that are often unmonitored and unprotected.
For instance, an employee may receive an email with sensitive information in Outlook. From there, it can seamlessly flow into Teams. Similarly, data from Salesforce could migrate onto Slack for a real-time update. While the security measures within the individual apps may be sufficient, the junctions between the apps may not be well-secured.
It’s within these overlooked ‘bits in-between’ where cyberthreats can slip through quietly, exploiting trust between platforms. Without monitoring these hidden bridges, security breaches can occur right under our nose.
The data speaks for itself
According to a recent report, 63 per cent of organisations report external data oversharing, with over half saying that their employees share sensitive information on unauthorised SaaS applications. The proliferation of data oversharing is enabled by the lack of visibility, enforcement, and protection of the ‘bits in-between’.
Similarly, a can of worms has been opened by the sprawl of SaaS applications. Nearly half of mid-market organisations report they are navigating between 51 and 200 different SaaS applications. And still, 58 per cent admit their orchestration and oversight of processes are ineffective. That’s hundreds of unmonitored pathways in-between applications that are seemingly unprotected – making them appealing targets for cybercriminals. While trying to secure the bits in-between may seem like a daunting task – particularly when you are juggling a multitude of pathways – it’s a necessity when the consequences are financial and reputational destruction.
A Wake-Up Call
The solution isn’t to ban employees from using certain applications – such restrictions can often backfire and lead to resistance. Plus, in a hybrid and IT world, it’s unrealistic to expect employees to manage their own security or to behave with security at the forefront.
Instead, modern businesses need to shift how they think about security – it’s their responsibly to manage and protect the unnoticed or hidden pathways. This involves looking past the end points and managing the data flowing in the bits in between. Organisations must invest in security detection tools that can monitor how data travels in between applications.
While the technology side of things is paramount, it’s also about making individuals aware of how powerful technology is – and how their usage of applications can impact themselves, and their business.
Employees need more awareness about the specifics – how every time they send information from Outlook to Teams, they’re creating a new data pathway – one that is often unprotected and vulnerable. Simply training staff on phishing is not going to cut the mustard – they need education on how interconnected platforms increase risk without proper monitoring.
Make your roads as safe as your house
Most importantly, we need to redefine what it means to be ‘secure’. Many businesses just assume that their platforms and applications are secure – but that’s a one-dimensional view. Security isn’t just checking the front and back door is locked – it’s about checking that the windows in-between are shut.
Think about it like travelling from your household to someone else’s. While the houses may be safe and secure, the road to get there may not be – there’s the risk of accidents, roadblocks, wildlife, or weather. The same goes for the bits in-between different applications. Applications may be secure in isolation, but the data that link them may be exposed to risk.
Look in all directions
Convenience should never come at the cost of security. As businesses, and individuals, continue to use a cascading number of different applications or SaaS tools, we must shine a light on the ‘bits in-between’ – making sure we secure how applications talk to each other. The real danger isn’t in the obvious – it’s in the bits in-between.
