Security is arguably the biggest concern that companies face when it comes to implementing new apps in a technology stack. In the modern workplace, businesses need more than just a strategy for protecting their calls, conferences, and data, they require a way to keep collaborative messages and chats secure and the ability to assure data compliancy. Workstream collaboration is positioned as an open model, aligned with the communication patterns of the digital generation that is rapidly evolving. Users are empowered to create channels dynamically and share information across them. While this model may appeal to a digital workforce, it gives rise to concerns for information security teams in IT.
In a recent
study conducted in partnership with Osterman Research, we looked at usage of the current workstream collaboration and unified communication evolution and found that 28% of Millennials have used unapproved apps two to four times per week. This highlights one of many threatening scenarios organizations consistently face. As insider accidents and inadvertent data breaches become the norm, the requirement for strong collaboration security has never been more vital.
With workstream collaboration, traditional information security measures such as network perimeters, firewalls, and access control lists can’t easily solve these kinds of risks. Even cloud-centric solutions are limited in approaching the problem purely from a data classification perspective (e.g., tagging files that contain credit card numbers). You can look at the framework used to address these ongoing threats through three lenses: understanding collaboration security, modeling applications to allow for better policy making, and operationalizing policies through a monitor, measure, manage (3M) approach.
1. Defining Collaboration Security
In order to put the correct systems in place, decision makers need to understand the drivers behind why collaboration security is so unique from other, better understood, security challenges.
Collaboration security boils down to managing the risk that’s introduced when modern collaboration dynamics enter the workplace. This covers a broad set of security-related areas: access and usage policies, app store management, user and channel management, and workflow automation. The end goal of collaboration security is to achieve the right balance of business value and business risk across all collaboration platforms. This security spotlight shines brightest on mainstream applications like Microsoft Teams, Slack, Cisco Webex Teams, and Workplace by Facebook, but can also periodically encompass parts of UC ecosystems as well.
Oftentimes, a collaboration security data breach will remain hidden from business owners for weeks or even months. Managing such issues falls outside typical cybersecurity constructs, which generally focus on identity/access management and malicious attacks. To address collaboration security effectively, intelligent software is crucial in not only managing problems as they occur, but circumventing risk before it’s exposed to the business.
2. Modeling Applications for Policy
Applications like Microsoft Teams need to be modelled in a way that allows IT security and business units to make balanced policy decisions regarding effective collaboration security strategy. It’s important to regularly evaluate and adjust such policies to ensure they’re meeting the needs of the business without being too restrictive. In many cases, automating policy management and enforcement can drastically reduce the burden on IT.
These four steps typically apply to policy implementation:
- Define — Formulate policy definitions based on an appropriate balance of business and security requirements.
- Implement — Put in place the appropriate workflows to steer users toward policy compliance. This could range from disabling features to informing users and hoping for best-effort behavior.
- Evaluate — Perform regular assessments of compliance against defined policies; this is critical.
- Optimize — Adjust policies and implementation based on effectiveness and changing business needs.
3. 3Ms of Collaboration Security
In an era of multiplatform collaboration apps, the traditional model of controlling information worker application behavior is ineffective with the new digital generation. Top-down governance simply drives users to shadow IT solutions as a workaround. The 3Ms model is a subtler approach that keeps users on IT’s chosen solution. The thinking is that it’s better to know what your users are doing (including uncomfortable behavior) than to be blind to shadow IT usage. This approach has three key components that can be molded to fit comfortably into the information security framework of the organization.
- Monitor — Rather than forcing users to a constrained behavior, IT first uses software tool intelligence to observe user behavior across the multiplatform environment.
- Measure — Based on the analytics returned from the software tools, IT can measure user compliance by comparing user behavior with the pre-defined thresholds set for the various workstream collaboration app policies.
- Manage — To drive compliance goals, IT can then take various courses of action, ranging from hard feature disablement, soft user communications, or middle ground workflow actions that nudge organizations and users into compliance.
The ultimate ROI for workstream collaboration app platforms is business productivity. So, it’s no surprise that the goal of collaboration security is to manage risk without undermining user productivity. While each cloud-based collaboration solution offers a common set of features, each organization must leverage those features in a unique way to effectively empower end users in a manner that streamlines business for both business and IT leaders.