rewrite this title The Security Peril in the Pipes: Why Collaboration Interoperability is the New Shadow IT – UC Today

For many modern enterprises, it is often a tale of two cities. In one department, Microsoft Teams might be the de facto operating system for work; in another, many in engineering and DevOps teams cling fiercely to Slack. For years, CIOs accepted this bifurcation in collaboration as a necessary friction. However, the recent surge in interoperability tools, middleware bridges like Mio and Matrix, and proprietary connectors promised a truce. These tools drill tunnels through the walls, allowing a message typed in Teams to appear instantaneously in a Slack channel. Yet beneath the seamless workflow lies a security and governance minefield.

“When a Teams user interacts with a Slack user, the real risk isn’t the humans – it’s the non-human identity brokering the exchange,” warned Puneet Bhatnagar to UC Today.

Bhatnagar, formerly Senior Vice President and Head of Identity Management at Blackstone and CISO at Dave & Buster’s, highlights a critical blind spot in the rush toward “open” collaboration. By focusing on the endpoints, security leaders have neglected the “pipes.”

Recent data from Josys reveals that 85 percent of SaaS identities have more permissions than necessary. This finding aligns with the Cloud Security Alliance’s 2025 report, which identified “over-privileged access” as a top-tier risk. When we connect two secure fortresses with an unguarded tunnel, we have bypassed our security rather than enhanced it.

The Collaboration Identity Crisis: The “God-Mode” Problem for Security

A foundational principle of modern cybersecurity is “least privilege,” the idea that a user or bot should only have access to what they strictly need. Interoperability bridges, by their very nature, struggle to respect this. To function, a bridge often requires broad read/write permissions to sync messages across platforms. It effectively needs to see everything to move anything.

“Most interoperability relies on OAuth tokens, service principals, or middleware connectors with broad API scopes,” Bhatnagar explained. “If that intermediary identity holds cross-platform read/write permissions, it becomes a transitive privilege amplifier – effectively bypassing native least-privilege controls in each system.”

This creates a terrifying scenario for the CISO, conjuring the image of a “God-mode” superuser that exists outside the standard hierarchy. If a threat actor compromises a user in Teams, their lateral movement is usually limited by that user’s specific Azure AD permissions. But if they compromise the bridge itself, or the token it uses, they potentially gain the keys to both kingdoms.

The risk is compounded when third parties enter the mix. In a complex supply chain, your organization might be bridging its internal Teams environment with a partner’s Slack workspace. “The risk intensifies with third-party identities (contractors, partners) governed outside your primary IAM boundary,” said Bhatnagar.

“Once access traverses ecosystems, enforcement consistency depends on how attributes and roles are translated between identity providers.”

To mitigate this, organizations must treat these bridges not as passive utilities but as active, privileged entities. Bhatnagar advised that “least privilege must extend to orchestration identities – not just end users.” This requires a shift in mindset of continuous monitoring of token issuance, tracking of privilege drift, and validation of attribute mapping across domains.

The Collaboration Security Black Hole: Data in Motion

If identity is the lock, data residency is the border control. For multinational corporations subject to GDPR or CCPA, the physical location of data is a matter of legal liability.

Data residency laws are generally binary. Data stays in the EU, or it doesn’t. However, in a mesh of interoperable apps, messages are constantly in motion. A regulated artifact leaving a compliant Teams environment and entering a partner’s Webex instance via a middleware bridge enters a legal grey zone.

“Data residency assumes stable custody boundaries. Interoperability disrupts that assumption,” noted Bhatnagar.

“When regulated data moves between tenants via middleware, three identity contexts are involved: the originating user, the integration identity, and the receiving tenant. Governance breaks when identity context is transformed or stripped during that transition.”

The technical challenge is that metadata, the “tags” that say Confidential or EU Eyes Only, often gets washed away in the pipe. Middleware frequently re-tokenizes or normalizes identity claims to make the message readable on the other side. “If classification metadata or policy bindings don’t persist across APIs, enforcement becomes probabilistic,” Bhatnagar emphasized.

This aligns with broader industry concerns. The 2025 Global State of API Security report found that 57 percent of organizations reported a data breach caused by API exploitation in the last two years. The “pipe” is often the source of the leak. Without what Bhatnagar called “integration-layer governance,” organizations are flying blind. “Compliance visibility degrades the moment data crosses ecosystems,” he concluded. The only defense is persistent data classification tagging and auditable identity assertions that survive the jump between platforms.

The Fog of War: Shattering the Collaboration Single Pane of Glass

For the last decade, security vendors have promised the “Single Pane of Glass,” a unified dashboard where a security analyst can see every threat. Cross-platform collaboration shatters this glass.

Imagine an insider threat investigation involving a conversation that spanned three different ecosystems: a file shared in Teams, discussed in Slack, and leaked via a Zoom chat. Reconstructing this narrative is a forensic nightmare.

“In theory, yes (it is possible for an interoperable single pane of glass). In practice, it’s complex,” Bhatnagar stressed. “Each platform logs differently, and identity formats rarely align. The same individual may appear as a UPN in Azure AD, an email alias in Slack, or a federated SAML assertion in a partner tenant.”

This fragmentation forces security teams to engage in what Bhatnagar described as “manual stitching of timestamps rather than reconstruction of intent.” When logs are siloed in three different proprietary formats, correlating an attack timeline in real time becomes nearly impossible.

The solution requires rigorous logging standardization at the transit layer. Practical forensics demands canonical identity mapping and normalized event schemas. “Until identity context survives transit intact, the ‘single pane of glass’ remains aspirational,” Bhatnagar stated.

Security in the Seams

The push for interoperability is irreversible. The friction of walled gardens is too high a price for modern, agile businesses to pay. However, treating these bridges as “set and forget” utilities is a colossal strategic error.

The security perimeter is well beyond embodying a circle drawn around the company. At this stage, it is the sum of the seams between applications. As Bhatnagar succinctly puts it, “Interoperability isn’t inherently risky – unmanaged trust is.”

If these connectors are not continuously evaluated and included in access reviews, they become “invisible control-plane actors,” or as Bhatnagar described them:

“Sanctioned shadow IT: officially approved, but insufficiently scrutinized.”

The future of secure collaboration hinges on recognizing that the pipes are just as important as the platforms. We must inspect the toll booths, audit the bridges, and ensure that when our data travels, our governance travels with it.