security concerns with glip

  • 0
  • 7
  • Question
  • Updated 4 weeks ago
  • Acknowledged
I am disappointed by the lack of support as well as security for the glip app.  We have recently had an incident in which a new member was added to our glip app, but no one actually added them.  A second incident happened this past weekend, in which a post was supposedly made by one of our employees, however, he says he did not make the post.

Is there any way to see where an account was logged in from?  Possible IP address?  We cannot tell if this one employee's account has been hacked or if someone is able to access our account from outside.  What are different security measures we can look at to ensure we are not continuing to be hacked?
Photo of Tammy

Tammy

  • 212 Points 100 badge 2x thumb

Posted 5 months ago

  • 0
  • 7
Photo of Cecile Glassy

Cecile Glassy, Champion

  • 21,366 Points 20k badge 2x thumb


USA-based acct | 2287 Users | 3800 DID lines | 28 sites | all Polycom VVX500 phone handsets


The Enterprise Security options for Glip are not robust enough for use on our network - we have requested these improvements over a year ago when we restricted any use of Glip by users on our account for these reasons.  You may want to read our write up of these issues

http://ringcentraladminusersgroup.org/faq/glipsec.html

Join our unofficial RingCentral Admins User Group 
http://ringcentraladminusersgroup.org/index.html
Photo of Saadet - Community Moderator

Saadet - Community Moderator, Official Rep

  • 66,140 Points 50k badge 2x thumb
Hey Tammy, our Glip Support team is going to look into this. I've had case 08752181 created for this issue. If you haven't already heard from the agent, you should soon :)
Photo of Cecile Glassy

Cecile Glassy, Champion

  • 21,366 Points 20k badge 2x thumb
Outstanding - thanks for carrying this forward Saadet!
Photo of Saadet - Community Moderator

Saadet - Community Moderator, Official Rep

  • 66,140 Points 50k badge 2x thumb
:)
Photo of Tammy

Tammy

  • 212 Points 100 badge 2x thumb
Thank you for creating a ticket for this issue.  It is very appreciated.  I did receive a response which basically said that there is no audit trail capability, and (to my understanding) while there is security for Glip's own infrastructure, there is no other security features available for Glip users. 
Photo of Cecile Glassy

Cecile Glassy, Champion

  • 21,366 Points 20k badge 2x thumb
@Tammy - this is our point exactly - there is no Enterprise level security in GLIP  which makes it not usable for our organization.   http://ringcentraladminusersgroup.org/faq/glipsec.html  

Our list of concerns for Enterprise use of Glip include:

 

No User Message Moderation by SuperAdmin is available

We have been told that Team Moderation is planned for first half of 2019 but no firm date yet, and no details for exactly which specific aspects of Glip will be available for moderation by Admins.

Need for SuperAdmin to restrict ability of any user's ability to send a Glip message to ALL USERS in the entire organization without moderation or Admin approval, 

Need ability for SuperAdmin to control who can and cannot create Teams only as approved by SuperAdmin

Users can change their name in GLIP at will.  Basic users should not be able to edit and/or change their name as set by the SuperAdmin when the account was provisioned.  Name changes for RingCentral Users - across ALL RingCentral products should be by SuperAdmin only.

File Sharing is all or nothing -

Use case: thousands of users hit because one trusted user, accidentally or on purpose, sent an attachment to all staff --- calculate the labor overhead to clean that per incident.   Need ability for SuperAdmin to force any User-attachments to go through Enterprise Endpoint Protection/Virus Scan prior to delivery. Glip operates inside your network, needs to be compliant with Endpoint Virus and Malware scanning products
Photo of Keith Lazarus

Keith Lazarus

  • 900 Points 500 badge 2x thumb
Great points, Cecile.  

Related to one of your points, I'd add that one of the nice things about Glip is how easy it is to add external parties to our site.  *I* would love to specify their name though, so that I could add a notation such as "[External-<somecompany>]" to make it clear who they are and what their role in our organization is.  This just isn't possible with how things work now. 

What bothers me most about this category of issue is how little feedback we've had from RingCentral, acknowledging this shortcoming and specifying their plans about how to deal with it moving forward.  
Photo of Tammy

Tammy

  • 212 Points 100 badge 2x thumb
Completely agree, Cecile.  Unfortunately we will need to move away from Glip as well for these reasons.