For a lot of trendy enterprises, it’s typically a story of two cities. In a single division, Microsoft Groups is perhaps the de facto working system for work; in one other, many in engineering and DevOps groups cling fiercely to Slack. For years, CIOs accepted this bifurcation in collaboration as a vital friction. Nonetheless, the current surge in interoperability instruments, middleware bridges like Mio and Matrix, and proprietary connectors promised a truce. These instruments drill tunnels via the partitions, permitting a message typed in Groups to look instantaneously in a Slack channel. But beneath the seamless workflow lies a safety and governance minefield.
“When a Groups consumer interacts with a Slack consumer, the actual danger isn’t the people – it’s the non-human id brokering the trade,” warned Puneet Bhatnagar to UC At the moment.
Bhatnagar, previously Senior Vice President and Head of Identification Administration at Blackstone and CISO at Dave & Buster’s, highlights a vital blind spot within the rush towards “open” collaboration. By specializing in the endpoints, safety leaders have uncared for the “pipes.”
Current knowledge from Josys reveals that 85 % of SaaS identities have extra permissions than vital. This discovering aligns with the Cloud Safety Alliance’s 2025 report, which recognized “over-privileged entry” as a top-tier danger. Once we join two safe fortresses with an unguarded tunnel, we’ve bypassed our safety fairly than enhanced it.
The Collaboration Identification Disaster: The “God-Mode” Drawback for Safety
A foundational precept of recent cybersecurity is “least privilege,” the concept a consumer or bot ought to solely have entry to what they strictly want. Interoperability bridges, by their very nature, wrestle to respect this. To operate, a bridge typically requires broad learn/write permissions to sync messages throughout platforms. It successfully must see every part to maneuver something.
“Most interoperability depends on OAuth tokens, service principals, or middleware connectors with broad API scopes,” Bhatnagar defined. “If that middleman id holds cross-platform learn/write permissions, it turns into a transitive privilege amplifier – successfully bypassing native least-privilege controls in every system.”
This creates a terrifying state of affairs for the CISO, conjuring the picture of a “God-mode” superuser that exists outdoors the usual hierarchy. If a menace actor compromises a consumer in Groups, their lateral motion is normally restricted by that consumer’s particular Azure AD permissions. But when they compromise the bridge itself, or the token it makes use of, they doubtlessly achieve the keys to each kingdoms.
The danger is compounded when third events enter the combo. In a posh provide chain, your group is perhaps bridging its inside Groups atmosphere with a associate’s Slack workspace. “The danger intensifies with third-party identities (contractors, companions) ruled outdoors your main IAM boundary,” mentioned Bhatnagar.
“As soon as entry traverses ecosystems, enforcement consistency is dependent upon how attributes and roles are translated between id suppliers.”
To mitigate this, organizations should deal with these bridges not as passive utilities however as lively, privileged entities. Bhatnagar suggested that “least privilege should prolong to orchestration identities – not simply finish customers.” This requires a shift in mindset of steady monitoring of token issuance, monitoring of privilege drift, and validation of attribute mapping throughout domains.
The Collaboration Safety Black Gap: Information in Movement
If id is the lock, knowledge residency is the border management. For multinational firms topic to GDPR or CCPA, the bodily location of knowledge is a matter of authorized legal responsibility.
Information residency legal guidelines are usually binary. Information stays within the EU, or it doesn’t. Nonetheless, in a mesh of interoperable apps, messages are always in movement. A regulated artifact leaving a compliant Groups atmosphere and getting into a associate’s Webex occasion by way of a middleware bridge enters a authorized gray zone.
“Information residency assumes secure custody boundaries. Interoperability disrupts that assumption,” famous Bhatnagar.
“When regulated knowledge strikes between tenants by way of middleware, three id contexts are concerned: the originating consumer, the mixing id, and the receiving tenant. Governance breaks when id context is remodeled or stripped throughout that transition.”
The technical problem is that metadata, the “tags” that say Confidential or EU Eyes Solely, typically will get washed away within the pipe. Middleware often re-tokenizes or normalizes id claims to make the message readable on the opposite aspect. “If classification metadata or coverage bindings don’t persist throughout APIs, enforcement turns into probabilistic,” Bhatnagar emphasised.
This aligns with broader trade issues. The 2025 International State of API Safety report discovered that 57 % of organizations reported a knowledge breach brought on by API exploitation within the final two years. The “pipe” is commonly the supply of the leak. With out what Bhatnagar referred to as “integration-layer governance,” organizations are flying blind. “Compliance visibility degrades the second knowledge crosses ecosystems,” he concluded. The one protection is persistent knowledge classification tagging and auditable id assertions that survive the leap between platforms.
The Fog of Struggle: Shattering the Collaboration Single Pane of Glass
For the final decade, safety distributors have promised the “Single Pane of Glass,” a unified dashboard the place a safety analyst can see each menace. Cross-platform collaboration shatters this glass.
Think about an insider menace investigation involving a dialog that spanned three completely different ecosystems: a file shared in Groups, mentioned in Slack, and leaked by way of a Zoom chat. Reconstructing this narrative is a forensic nightmare.
“In idea, sure (it’s doable for an interoperable single pane of glass). In apply, it’s complicated,” Bhatnagar burdened. “Every platform logs in a different way, and id codecs not often align. The identical particular person could seem as a UPN in Azure AD, an electronic mail alias in Slack, or a federated SAML assertion in a associate tenant.”
This fragmentation forces safety groups to interact in what Bhatnagar described as “guide stitching of timestamps fairly than reconstruction of intent.” When logs are siloed in three completely different proprietary codecs, correlating an assault timeline in actual time turns into almost unimaginable.
The answer requires rigorous logging standardization on the transit layer. Sensible forensics calls for canonical id mapping and normalized occasion schemas. “Till id context survives transit intact, the ‘single pane of glass’ stays aspirational,” Bhatnagar acknowledged.
Safety within the Seams
The push for interoperability is irreversible. The friction of walled gardens is simply too excessive a value for contemporary, agile companies to pay. Nonetheless, treating these bridges as “set and overlook” utilities is a colossal strategic error.
The safety perimeter is effectively past embodying a circle drawn across the firm. At this stage, it’s the sum of the seams between functions. As Bhatnagar succinctly places it, “Interoperability isn’t inherently dangerous – unmanaged belief is.”
If these connectors aren’t constantly evaluated and included in entry critiques, they turn into “invisible control-plane actors,” or as Bhatnagar described them:
“Sanctioned shadow IT: formally authorized, however insufficiently scrutinized.”
The way forward for safe collaboration hinges on recognizing that the pipes are simply as vital because the platforms. We should examine the toll cubicles, audit the bridges, and be certain that when our knowledge travels, our governance travels with it.
