For a lot of trendy enterprises, it’s typically a story of two cities. In a single division, Microsoft Groups could be the de facto working system for work; in one other, many in engineering and DevOps groups cling fiercely to Slack. For years, CIOs accepted this bifurcation in collaboration as a obligatory friction. Nonetheless, the current surge in interoperability instruments, middleware bridges like Mio and Matrix, and proprietary connectors promised a truce. These instruments drill tunnels by way of the partitions, permitting a message typed in Groups to seem instantaneously in a Slack channel. But beneath the seamless workflow lies a safety and governance minefield.
“When a Groups consumer interacts with a Slack consumer, the actual threat isn’t the people – it’s the non-human identification brokering the trade,” warned Puneet Bhatnagar to UC At present.
Bhatnagar, previously Senior Vice President and Head of Identification Administration at Blackstone and CISO at Dave & Buster’s, highlights a crucial blind spot within the rush towards “open” collaboration. By specializing in the endpoints, safety leaders have uncared for the “pipes.”
Latest information from Josys reveals that 85 p.c of SaaS identities have extra permissions than obligatory. This discovering aligns with the Cloud Safety Alliance’s 2025 report, which recognized “over-privileged entry” as a top-tier threat. After we join two safe fortresses with an unguarded tunnel, we’ve got bypassed our safety quite than enhanced it.
The Collaboration Identification Disaster: The “God-Mode” Downside for Safety
A foundational precept of recent cybersecurity is “least privilege,” the concept a consumer or bot ought to solely have entry to what they strictly want. Interoperability bridges, by their very nature, wrestle to respect this. To operate, a bridge typically requires broad learn/write permissions to sync messages throughout platforms. It successfully must see all the things to maneuver something.
“Most interoperability depends on OAuth tokens, service principals, or middleware connectors with broad API scopes,” Bhatnagar defined. “If that middleman identification holds cross-platform learn/write permissions, it turns into a transitive privilege amplifier – successfully bypassing native least-privilege controls in every system.”
This creates a terrifying state of affairs for the CISO, conjuring the picture of a “God-mode” superuser that exists outdoors the usual hierarchy. If a risk actor compromises a consumer in Groups, their lateral motion is often restricted by that consumer’s particular Azure AD permissions. But when they compromise the bridge itself, or the token it makes use of, they doubtlessly acquire the keys to each kingdoms.
The chance is compounded when third events enter the combination. In a fancy provide chain, your group could be bridging its inside Groups atmosphere with a companion’s Slack workspace. “The chance intensifies with third-party identities (contractors, companions) ruled outdoors your main IAM boundary,” stated Bhatnagar.
“As soon as entry traverses ecosystems, enforcement consistency will depend on how attributes and roles are translated between identification suppliers.”
To mitigate this, organizations should deal with these bridges not as passive utilities however as energetic, privileged entities. Bhatnagar suggested that “least privilege should prolong to orchestration identities – not simply finish customers.” This requires a shift in mindset of steady monitoring of token issuance, monitoring of privilege drift, and validation of attribute mapping throughout domains.
The Collaboration Safety Black Gap: Information in Movement
If identification is the lock, information residency is the border management. For multinational companies topic to GDPR or CCPA, the bodily location of information is a matter of authorized legal responsibility.
Information residency legal guidelines are typically binary. Information stays within the EU, or it doesn’t. Nonetheless, in a mesh of interoperable apps, messages are continuously in movement. A regulated artifact leaving a compliant Groups atmosphere and coming into a companion’s Webex occasion through a middleware bridge enters a authorized gray zone.
“Information residency assumes steady custody boundaries. Interoperability disrupts that assumption,” famous Bhatnagar.
“When regulated information strikes between tenants through middleware, three identification contexts are concerned: the originating consumer, the combination identification, and the receiving tenant. Governance breaks when identification context is reworked or stripped throughout that transition.”
The technical problem is that metadata, the “tags” that say Confidential or EU Eyes Solely, typically will get washed away within the pipe. Middleware continuously re-tokenizes or normalizes identification claims to make the message readable on the opposite facet. “If classification metadata or coverage bindings don’t persist throughout APIs, enforcement turns into probabilistic,” Bhatnagar emphasised.
This aligns with broader trade considerations. The 2025 World State of API Safety report discovered that 57 p.c of organizations reported a knowledge breach brought on by API exploitation within the final two years. The “pipe” is commonly the supply of the leak. With out what Bhatnagar known as “integration-layer governance,” organizations are flying blind. “Compliance visibility degrades the second information crosses ecosystems,” he concluded. The one protection is persistent information classification tagging and auditable identification assertions that survive the bounce between platforms.
The Fog of Struggle: Shattering the Collaboration Single Pane of Glass
For the final decade, safety distributors have promised the “Single Pane of Glass,” a unified dashboard the place a safety analyst can see each risk. Cross-platform collaboration shatters this glass.
Think about an insider risk investigation involving a dialog that spanned three completely different ecosystems: a file shared in Groups, mentioned in Slack, and leaked through a Zoom chat. Reconstructing this narrative is a forensic nightmare.
“In idea, sure (it’s doable for an interoperable single pane of glass). In apply, it’s complicated,” Bhatnagar burdened. “Every platform logs otherwise, and identification codecs not often align. The identical particular person might seem as a UPN in Azure AD, an electronic mail alias in Slack, or a federated SAML assertion in a companion tenant.”
This fragmentation forces safety groups to interact in what Bhatnagar described as “guide stitching of timestamps quite than reconstruction of intent.” When logs are siloed in three completely different proprietary codecs, correlating an assault timeline in actual time turns into practically unimaginable.
The answer requires rigorous logging standardization on the transit layer. Sensible forensics calls for canonical identification mapping and normalized occasion schemas. “Till identification context survives transit intact, the ‘single pane of glass’ stays aspirational,” Bhatnagar said.
Safety within the Seams
The push for interoperability is irreversible. The friction of walled gardens is just too excessive a value for contemporary, agile companies to pay. Nonetheless, treating these bridges as “set and neglect” utilities is a colossal strategic error.
The safety perimeter is nicely past embodying a circle drawn across the firm. At this stage, it’s the sum of the seams between purposes. As Bhatnagar succinctly places it, “Interoperability isn’t inherently dangerous – unmanaged belief is.”
If these connectors aren’t constantly evaluated and included in entry evaluations, they turn out to be “invisible control-plane actors,” or as Bhatnagar described them:
“Sanctioned shadow IT: formally accredited, however insufficiently scrutinized.”
The way forward for safe collaboration hinges on recognizing that the pipes are simply as necessary because the platforms. We should examine the toll cubicles, audit the bridges, and make sure that when our information travels, our governance travels with it.
