9 Replies Latest reply on Aug 17, 2017 6:01 AM by tmaurer

Security Enhancement: Limit of JIVE Publish Destinations from JIVE for Office Plugin

joeupshaw Aug 16, 2017 6:39 AM

Not only at our company but, as the news spreads, at many other companies, the JIVE for Office Plugin is being removed due to a particular security concern. This concern is that, using the JIVE for Office Plugin, an end user may publish to *any* JIVE target, not just to an internal, employees only, intranet JIVE instance. For any company that manage documentation with security or proprietary concerns (which, frankly, is most companies), this poses a very real threat. Corporate knowledge assets, that are becoming among the most valuable of all assets, can be shipped out, undetected.

Is it possible to get an enhancement such that security administrators can "White List" the acceptable JIVE publication targets?

Re: Security Enhancement: Limit of JIVE Publish Destinations from JIVE for Office Plugin

Helen Chen Aug 16, 2017 10:03 AM (in response to joeupshaw)

Joe - Can you share more details on how you have seen this happen? What exactly is the usecase happening?

I am reading this as not respecting permissions for contributing content in a community. If that is the case, isn't this a pretty serious bug not an enhancement?

Thanks for the clarification.
Like (0)

Actions
- Re: Security Enhancement: Limit of JIVE Publish Destinations from JIVE for Office Plugin
  
  tmaurer Aug 16, 2017 11:53 AM (in response to Helen Chen)
  
  Helen,
  
  It would be a situation where someone edited a document, disconnected it from the community, then published it to a different Jive community they were a member of.
  
  My perspective is that it isn't a situation where someone would accidentally make this choice. It actually takes quite a few steps to accomplish. And if someone is going to do that, they can just as easily:
  Save the file locally, dump to a thumb drive and take it wherever
  Save the file locally and use a personal gmail or other email to send
  Take a photo of the screen and save that - completely undetectable
  
  The issue that Jens outlines is the one instance where I can see this being a problem. But I could see that as an accidental problem with general posts as well. "Am I logged into the correct system/private space/secret group when posting my discussion about the M&A target?"
  
  -Tracy
  1 person found this helpful
  
  Like (1)
  
  Actions
  - Re: Security Enhancement: Limit of JIVE Publish Destinations from JIVE for Office Plugin
    
    joeupshaw Aug 16, 2017 12:58 PM (in response to tmaurer)
    
    Tracy,
    
    Our security already prevents saving to a thumb drive. All access to external emails, such as GMail, are blocked. Yes, they could take a photo I suppose.
    
    To clarify, we're not worried about an accidental posting (although I suppose one could forget to disconnect from an external JIVE community and then publish). We're worried about employees deliberately circumventing the security steps that I mentioned and using the JIVE Office Plugin as a mechanism to move corporate assets off site.
    
    Thanks,
    
    -Joe
    
    Like (0)
    
    Actions
    - Re: Security Enhancement: Limit of JIVE Publish Destinations from JIVE for Office Plugin
      
      tmaurer Aug 17, 2017 6:01 AM (in response to joeupshaw)
      
      If someone is paid to gather competitive intelligence, I suspect they would be much less worried about how they deliver the information, just that they do. And in that case, I would consider that a camera (which all of us now have on our phones) is actually a very effective delivery mechanism. Especially if it is a personal phone, which would then not be at all traceable. All the data, in one location, that can then be easily dumped to whatever deliver mechanism you want.
      
      I've actually had these kinds of discussions with a security officer before, and he was of the opinion that there was definitely a point of diminishing returns because people that are determined to get information out of the company will find a way.
      
      Best of luck,
      -Tracy
      1 person found this helpful
      
      Like (2)
      
      Actions
- Re: Security Enhancement: Limit of JIVE Publish Destinations from JIVE for Office Plugin
  
  joeupshaw Aug 16, 2017 1:30 PM (in response to Helen Chen)
  
  Helen,
  
  The use case is this. Someone is paid to gather competitive intelligence and deliver it to an external source.
  
  They attempt to save it to a thumb drive but, outbound (write) access via all computer ports is disabled.
  
  They attempt to email it themselves but, if they use corporate email a record will exist and they will be quickly caught. So, they attempt to do so via a public email server, e.g. GMail. However, all access to any such email servers is blocked.
  
  They attempt to transfer it via a web resident Shared Drive, e.g. GoogleDrive. However, all access to any such File Shares is blocked.
  
  Within the Jive Office Plugin, they authenticate to some external JIVE community. They click Publish. Voila! The file is transferred and in an undetected manner.
  
  Thanks,
  
  -Joe
  
  Like (1)
  
  Actions
  - Re: Security Enhancement: Limit of JIVE Publish Destinations from JIVE for Office Plugin
    
    Helen Chen Aug 17, 2017 5:46 AM (in response to joeupshaw)
    
    I get it. They are using a permissioned account on a different community to upload content. That is different from what I thought you had described. Thank you for the clarification!
    
    Like (0)
    
    Actions
Re: Security Enhancement: Limit of JIVE Publish Destinations from JIVE for Office Plugin

jgoldhammer Aug 16, 2017 11:17 AM (in response to joeupshaw)

AFAIK, Jive for Office cannot be restricted to particular accounts for Jive instances. You are able to setup any jive account, e.g. for a partner community etc.

Nevertheless the security risk is not higher with these additional publication targets at all. If somebody wants to share internal documents to anybody outside, it is easy without the Jive for Office Plugin, too! The user also can login into another community/page/tool and upload it by hand- this is also undetected.

I would say that Jive for Office only increases the risk that somebody publishes a document by accident to another jive instance if you have several accounts configured in Jive for Office... This risk is high when somebody publishes a document and the internal account is not the standard account.

Thanks
Jens
Like (0)

Actions
- Re: Security Enhancement: Limit of JIVE Publish Destinations from JIVE for Office Plugin
  
  joeupshaw Aug 16, 2017 12:58 PM (in response to jgoldhammer)
  
  I disagree, Jens.
  
  We do monitor all external web sites and upload of local files is explicitly prevented. Can't get to Google Drive, Google Mail, or any other file sharing service or public email (or thumb drive). We take a lot of steps, specifically, to prevent any files from being transmitted outside of the company without explicit authorization. Unfortunately, the one known hole was publishing to an external JIVE community via this plugin. So, they've now removed it from all desktops in the company.
  
  We *love* this plugin and found it very, very useful for collaboration and publishing. However, the only way security will allow it back into the environment, is if they can control the publish target JIVE communities.
  
  Moreover, I'm told (anecdotally, I wasn't there in person) that this was raised at an off site security forum with other industry Cybersecurity groups present. This, in fact, was how it came to the attention of our own security team and then led to it being removed. I say all this to point out that we certainly aren't the first nor will we be the last ones forbidding the use of this plugin unless this hole can be effectively plugged.
  
  Cheers,
  
  -Joe
  
  Like (0)
  
  Actions
Re: Security Enhancement: Limit of JIVE Publish Destinations from JIVE for Office Plugin

yuval.twig Aug 16, 2017 10:45 PM (in response to joeupshaw)
Hi Joe,

I'm the product manager for the Jive for Office/Outlook plugins.

I'll start off by stating that you are correct, users can add any number of Jive communities, and then use them to potentially upload sensitive files.
However, i'm not sure i fully understand the security concern here:
The Jive for office plugin allows users to publish files to a Jive community.
The publication done by using a standard HTTP protocol to issue a REST API on the Jive community side.
The API call is similar to the API call performed by the browser (AJAX), when a user uploads a file to the Jive community through the browser (UI).
Whitelisting a specific Jive community in the plugin, will not prevent the user from uploading the same file directly via the browser.

The last bullet is an assumption, as i do not know what are the security controls you have in place that makes the Jive for office a special snow flake that the security controls you have do not apply to it.

Happy to continue this discussion to better understand the use-case and need, to be able to come up with the right solution.

Thanks,
Yuval

PS - this is the first time i'm hearing about security concern with the plugin, (in the 2+ years i've been owning it).
1 person found this helpful
Like (1)

Actions

Go to original post