No Jitter is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Symphony Differentiates with Security in Team Collab

It's fair to say the team collaboration era has arrived. That might sound like a glass half full statement but the No Jitter Research 2018 Team Collaboration Survey shows that 90% of 160 enterprise IT respondents use at least one team collaboration app, with a whopping 61% of those responding that they use up to three collaboration apps.

Deciding on which team collaboration tool to use can be very difficult, as there are a number of vendors all with different value propositions. Some tout integration with UC as a differentiator, others their slick mobile interface, and some, ease of use.

Looking in at the No Jitter survey, it appears that "ability to meet corporate security, privacy, and compliance mandates" was the top decision factor for potential buyers. The hypothesis is that many businesses are increasingly worried about the risk posture of collaboration solutions and may be looking for a highly secure solution. There are also many regulated verticals and most companies doing business with Europe need to think about GDPR compliance.

Organizations should do plenty of diligence around security, as not all solutions are created equal. Just because a vendor has "secure" written on its website, doesn't mean they are; there are wide variations in the way security is actually implemented in collaboration solutions. For those customers looking for best practices in secure collaboration, here are some things to think about:

  • End-to-end encryption -- There's a big difference between end-to-end encryption and encrypting at rest and in transit. Instead of going into detail, I'll point to this No Jitter post,as it explains the difference.
  • Ownership and control of keys -- The cloud provider should NEVER EVER own the keys. It's like giving your bank your ATM PIN code for safe keeping. The keys should be stored on one or more premises-based servers. And the keys should be changed regularly.
  • Security before transmission -- This includes strong user authentication tools, user authorization, and mobile security.
  • Security during deployment -- Administrator should have control over who can use the applications and bots.
  • Secure consumption -- The messages initiated by the bots and the data generated by the application should be secured through strong encryption.
  • Data ownership -- Businesses should own their data and secure it with integrated data loss prevention (DLP) and polices to block content from leaving the environment.
  • Real-time monitoring -- This involves monitoring chat rooms and expression filters to promote active compliance with government regulations.
  • Granular policies -- Entitlements should be set up both company wide and at the user level to control who can communicate with external participants, share files, and use audio and video applications.
  • Segmentation -- Information barriers between users and groups can be used to enforce company policies.

Differentiating on Security

As mentioned, every team collaboration vendor goes to market a bit differently. Recently, I ran across a vendor with security its core differentiator: Symphony.

The solution was first built by the startup Perzo and later combined with an internal application created by the financial firm Goldman Sachs, ultimately being made into an independent company with funding from Goldman and 14 other financial firms. Although there were other team collaboration tools on the market when Symphony was founded in 2014, their perceived lack of security was potentially putting Wall Street firms at risk, so a more secure solution was needed. Its flagship product, Symphony Enterprise Tier, provides the many functions found in other solutions such as real-time collaboration, persistent messaging, document sharing, and conferencing, and differentiated capabilities such as end-to-end encryption, comprehensive compliance, encrypted search, and open APIs which many companies use to build bots and apps on top of the platform.

The Symphony Enterprise Tier solution is built with end-to-end encryption, which enables individuals to collaborate with one another within their own company and between companies without fear of a breach or the data being stolen. Symphony offers a separate, fully independent, on-premises key management system where the unprotected keys never leave the customer premises. The proof of its best-in-class security comes from its customer base, which includes over 300 of the world's premier financial services firms. The financial industry has some of the most demanding customers, and 16 of the world's 20 largest investment banks use Symphony.

portable

In addition to end-to-end encryption, Symphony's "security first" approach includes the following features:

  • Policies based on international standards: ISO 27001 is the basis of Symphony's information security policies. It's one of the most demanding and stringent security standards.
  • Hardened system: Symphony has conducted extensive penetration testing (as have its demanding clients) as well as source code and vulnerability scanning to harden the software stack.
  • Certifications: SOC 2 Type II and SOC 3 certifications are used to demonstrate the robustness of Symphony's security controls.
  • Compliance-specific features: Symphony has included several features to help security-conscious organizations comply with internal and industry mandates, including real-time monitoring of chat rooms and expression filters, granular policies, and application segmentation. Symphony supports the creation of information barriers between users and groups to enforce corporate communication policies. Customers can also export their content for archiving and electronic discovery. All of this can be controlled through a robust administrator portal.
  • Integrated data loss prevention -- Symphony automates the process of scanning messages and attachments to ensure content is not hijacked.

In addition to secure enterprise collaboration, the Symphony Enterprise Tier application includes the following features:

  • Trusted global directory: Customers can expand their network of contacts using an integrated global directory that includes individuals both inside and outside the organization while maintaining high levels of security and compliance.
  • Persistent chat: The application includes one-on-one or group chat with drag-and-drop document sharing and screen sharing.
  • Content marking: Important messages or data can be "marked" through the use of hashtags (#), cashtags ($) and mentions (@).
  • Streamlined workflows: Actions can be assigned, progress tracked, and alerts handled through the use of third-party applications, bots, and other integrations.

Symphony got their start in financial services and is now targeting a broader audience. Organizations in regulated verticals or ones that use a team collaboration application for sensitive data have an urgent need to put security at the forefront – Symphony provides an excellent option and is worth a look.

Follow Zeus Kerravala on Twitter!
@zkerravala

Related content: