Wrike Says F-U to Security

Anyone use Wrike https://www.wrike.com/ for task or project management? Anyone feel the same as me in that it’s absolutely insane how piss poor they are with regard to allowing customers to secure their accounts? They appear to use the security of their customers’ data, which often includes data associated with collaborating third parties, as a profit center. They want you to start using the platform for free, or cheap enough to try on the low end plan, build business processes around it, and then realize after it’s too late that to actually secure your accounts and data you’ll need to increase your spend anywhere from 2x-4x per user simply to add any meaningful security configuration.

Seriously, you cannot even add two factor authentication to a Wrike account unless you’re paying for their Enterprise tier, with its “call for pricing”. It is 2020, and they’re handing out accounts that can’t even do two factor unless you’re in a $40/mo+ per user tier. I honestly can’t think of any other web services / SaaS company in this day and age, regardless of account type, that does not at least let you do an email, SMS, or TOTP-based second factor.

Want to know who’s logging into your account, or those of your staff? Nah, reporting of that sort is not available either. Why should it be, they want you to realize your security posture is poor, or perhaps after a compromise and loss of data occurs, then you buy up to enterprise because it’s the path of least resistance at that point.

There is one way to gain two factor protection on a tier below enterprise, and that’s with a Microsoft 365 account if you have forced two factor on your organization over there. You can link accounts to Wrike, documented at https://help.wrike.com/hc/en-us/articles/210324525-SSO-with-Microsoft-Credentials-Implementation-Guide However, 365 auth is not mandatory, that requires, you guessed it, enterprise.

I’d strongly recommend bypassing Wrike on your list of providers to consider given any company who places such a low priority on the security of their customers’ data probably has other security gremlins lurking in their house. Atlassian’s Jira or Trello products both compare favorably for task and project management, and have far better security and auditing options available to all users at all levels. Via a cheap plugin, you can even do SAML-based SSO in Jira at its lower levels since Atlassian doesn’t intentionally block you from adding third party auth as part of a cash grab.

Leave a Reply

Your email address will not be published.