Shadow spreadsheets: The security gap your tools can’t see

Why obvious solutions fail

Training won’t fix a tool that doesn’t do what people need. You also can’t policy your way past the inevitable clash between security controls and “just getting work done”.

What if you crack down? Lock down file-sharing and implement DLP that flags or blocks spreadsheet attachments containing sensitive data? People will often find even less secure workarounds – USB drives, personal Dropbox accounts – because they have jobs to do. This just makes the problem even harder to track.

What about building an internal app tailored specifically to how your team works? Now you’re looking at six months of development time and $200k+ in costs.

By the time you’ve scoped requirements, hired contractors, and navigated procurement, the team that needed a solution nine months ago has already circulated a dozen more shadow spreadsheets. And when business needs inevitably shift, it’s a perpetual game of catch-up. Custom builds solve the flexibility and security problem by creating a maintenance burden that never ends.

We’ve found that people use spreadsheets because a spreadsheet is really good for most things. It’s a universal interface that most people understand. Many SaaS platforms are essentially a spreadsheet with a fancy UI. Fighting spreadsheets often means fighting your the majority of your organization.

So, if you can’t fight the spreadsheet, why not secure it?

Grist combines the best parts of spreadsheets, databases, and app builders to be structured and secure.
Grist combines the best parts of spreadsheets, databases, and app builders to be structured and secure.

Grist: where spreadsheets come out of the shadows

At Grist Labs, we’ve set out to create software that keeps the best of spreadsheets and avoids the worst. We were founded by an ex-Google Sheets engineer all too familiar with the strengths and weaknesses of the classic tabular grid. Grist was made to look and feel like a spreadsheet, but is built on top of a relational database that enables granular role-based access control.

You can self-host Grist on your own infrastructure, which means sensitive data never leaves your environment. Our RBAC can be set up at the column and row level, meaning users can collaborate in real-time, while everyone, from external contractors to executives, sees only what they should without making copies. It’s an actual single source of truth.

Plus, you can restrict Bob’s ability to ever mess up important formulas again.

You can connect Grist to your SSO, and run it behind a VPN or even air-gapped. Our Enterprise version includes additional admin controls. Among other things, this lets you see a list of all link-shared documents across your installation, or confirm exactly what Bob can access. You can also enable audit logging that connects to your external SIEM system.

Every user’s permissions can be uniquely edited in every table.

When you have familiar-feeling tools that makes sense to your users, adoption is possible. Instead of fighting against spreadsheet experience, use it as a shared foundational interface that works for everyone except potential bad actors.

Come see the evolution of spreadsheets for yourself today.

Sponsored and written by Grist.

Source: www.bleepingcomputer.com

Leave a Reply