Organizations should take steps to minimize the risk associated with collaboration tools.
Mobile workers and geographically dispersed teams need collaboration tools to share information and stay engaged. Unfortunately, collaboration tools can create security and regulatory compliance risks. Without effective security, collaboration can lead to data exposure, malware infection and credential compromise.
Few organizations have policies and procedures in place for managing and securing collaboration tools, however. Often, data is not encrypted, increasing the risk of exposure when it’s stored in the cloud or shared outside the organization. Malicious URLs and attachments can also be shared across a large user base, quickly spreading throughout various systems. Traditional security measures such as firewalls and access controls are largely ineffective against these threats.
The risks increase exponentially when employees use consumer-grade collaboration tools. Because these applications are typically used without the knowledge or permission of IT, activity can’t be monitored. Furthermore, many consumer-grade applications don’t satisfy government and industry regulations for data protection and privacy, which can lead to costly compliance violations.
In the Shadows
Organizations are often unaware of the extent of the problem. In a recent survey by Osterman Research, 83 percent of IT decision-makers believed that collaboration and communication app usage is being driven by IT, yet 54 percent of users admitted to using unapproved apps at least a few times a year.
The younger the worker, the more likely they are to “go rogue.” Almost three-fourths (71 percent) of Millennials reported using unapproved apps, compared to 45 percent of Gen Xers and 41 percent of Baby Boomers. More than one-fourth (28 percent) of Millennials said they use unapproved apps two to four time per week.
In addition to increasing security risks, this “shadow IT” environment creates a fragmented approach to collaboration. The Osterman study found that 85 percent of users rely on multiple platforms for their communication and collaboration needs. This creates “islands” of collaboration within an organization and even within individual departments, negating much of the benefits the applications were supposed to provide.
Policies Are Key
The first step toward effective collaboration security is to understand how it differs from other aspects of cybersecurity. After all, the point of collaboration is to facilitate information sharing. Organizations should define policies that balance collaboration risks with the business value of the applications.
These policies should focus on the business, legal and regulatory requirements for data protection and retention. What data must be encrypted? When should it be archived? Do privacy laws dictate that data be stored in a particular geographic location?
When implementing these policies, it’s not enough to inform users of the new rules and hope for the best. IT should monitor user behavior and measure policy compliance against pre-defined thresholds. The organization can then determine the best way to encourage compliance, be that communication with individual users, additional training or disabling certain software features.
If noncompliance continues to be widespread, it may be necessary to adjust the policies to better suit organizational culture and workflows. In any event, it’s important to regularly assess collaboration policies to determine if they still meet business needs. Policies should also be redefined when new collaboration technologies are adopted.
Choosing the Right Tools
Even if users are aware of security policies, behaviors don’t always align with policies. To close this gap, organizations should implement an enterprise-class collaboration platform with integrated security tools that provide various levels of control.
Increasingly, organizations are leveraging cloud-based collaboration tools because they offer access to state-of-the-art functionality with faster deployment and no upfront costs. When evaluating cloud providers, organizations should consider where the provider’s data centers are located and whether they meet the highest standards for security and business continuity. The provider also should have robust intrusion prevention and malware detection controls in place.
Administrators should be able to manage policies across all communication channels through a single web-based console. It should be easy to add, delete and change users and services and apply policies to various types of data.
Collaboration is critical to business success but it must be done securely. Organizations need to understand the threats and implement the right policies and tools to enable users to work collaboratively without putting sensitive data at risk.