As I get ready for my upcoming session at Enterprise Connect 2023 on unified communications and collaboration (UCC) security, I have some sad news to report. In Metrigy’s latest Workplace Collaboration: 2023-24 global study of 440 organizations we found that just 37.0% of participants say their company has implemented a proactive workplace collaboration security strategy that covers both real-time, and non-real time apps and services. That’s little changed from the last time we gathered security data in early 2020.
On the positive side, 18.0% say they have a security strategy under development, and 12.3% say they are evaluating creating one. Still, that means more than 30% of companies still have no overall strategy for UCC security and instead often rely on patchwork approaches managed by separate teams.
Security remains challenging for remote employees. Of our participant pool, 34.0% say that they continue to face issues in ensuring both security of remote employee devices and applications, while also ensuring that remote employees do not become an attack vector through their connections into enterprise networks.
The lack of a comprehensive security strategy is particularly concerning given that threats continue to multiply. According to the Communications Fraud Control Association (CFCA) 2021 bi-annual Global Telecom Fraud Survey communications service providers lost an estimated $39.9 billion to toll fraud in 2021, up 28% from two years prior.
While toll fraud remains a problem, the communications and collaboration landscape has rapidly shifted from one based on phone calls, to one based on meetings and team chat. Here, threats include unintended meeting access, registration and exfiltration attacks against applications, and the loss of control over content including meeting transcripts and recordings. Media reports in recent years have covered attacks across messaging apps, as well fines related to unauthorized use of consumer apps for regulated business activities.
It’s not just internal communications that are at risk. Companies increasingly rely on messaging and meeting apps for both B2B and B2C engagement, creating further security challenges. New collaboration applications including virtual whiteboard, note sharing, and workflow management require a security policy that can evolve, and has the means to quickly evaluate new applications as they enter the workplace.
A proactive security strategy doesn’t just mean protection against attack. It also requires ensuring that communications and collaboration resources are protected in accordance with risk management and compliance requirements. This may require archiving of collaboration content while also monitoring collaboration and communications modes for data loss protection. Third-party security platforms are likely to be part of the equation. We find 25.9% of companies use one (or more) today, with another 55.5% either evaluating or planning to purchase a third-party security platform in the future. Funding for these platforms most often comes out of the CISO/CSO group.
Finally, effective security means building the right organization. In our study we found that for half of companies (50.2%) security, governance, and compliance teams are involved with application selection and purchase. Successful companies, those we define as having above average gains in revenue, reductions in costs, and/or improvements in productivity, are more likely to have cross-functional responsibility for workplace collaboration security between application teams, and CISO/CSO functions.
Securing workplace collaboration apps and services is challenging, but not impossible. The first step is creating a plan, for although no plan typically survives first contact with the enemy, as Dwight Eisenhower once said, “In preparing for battle I have always found that plans are useless, but planning is indispensable.”
Ensure that plans aren’t just focused on one modality, but instead cover threats across the present, and anticipated future, collaboration technology landscape. And consider the use of third-party specialty tools where appropriate to minimize risk and ensure compliance.
Join me at Enterprise Connect on Monday, March 27, at 9:00 AM for “UC and Collaboration Security: The New Threat Landscape.”
ABOUT METRIGY: Metrigy is an innovative research firm focusing on the rapidly changing areas of Unified Communications & Collaboration (UCC), digital workplace, digital transformation, and Customer Experience (CX)/contact center—along with several related technologies. Metrigy delivers strategic guidance and informative content, backed by primary research metrics and analysis, for technology providers and enterprise organizations.
