For any new technology investment, enterprise IT must consider how it impacts the security plane. Collaboration apps are designed to align with the communication and productivity patterns of a quickly-changing digital workplace, empowering users to share information across dynamic channels. As teams are equipped with these tools, enterprise IT is focused on collaboration security.
Some difficulty is introduced with shadow IT, when employees access unapproved collaboration apps, but even those that are downloaded through appropriate processes require a unique strategy for collaboration security. For instance, traditional security tools such as firewalls and network perimeters aren’t effective at addressing the risks. Collaboration apps also can’t be made secure through simple data classification measures, such as tagging transmissions that include a credit card number.
There are three steps for understanding and supporting secure collaboration apps:
Define Collaboration Security: First, security teams need to understand the factors behind the unique approach to collaboration security and why it is a different challenge than other types of risks. These areas include usage and access policies, user and channel management, app store management, and automated workflows. The goal of collaboration security is the right balance between value and risk in any collaboration application.
A breach in a collaboration tool can remain hidden for months because the management of this type of security often falls outside typical policy, which focuses on identity and access management as well as malicious attacks.
Collaboration Application Security Policy: Applications must be modeled in ways that give IT security a way to make balanced decisions around collaboration security. IT teams need to be able to periodically evaluate policies, making adjustments to ensure needs are being met without being overly restrictive. Automating this management and enforcement can be effective in reducing the burden on security teams.
A Unique Approach: The traditional approach to securing application behaviors is through top-down governance, but this is the type of strategy that often leads employees to turn to shadow IT as a way to get around inconvenient security policies. Security teams need to take the viewpoint that it’s better to know what workers are doing rather than have them turn to shadow IT. There are three key components to this approach:
- Monitor user behavior across platforms first, rather than automatically forcing certain behaviors.
- Measure compliance by running a comparison between actual behavior and the pre-defined thresholds established for particular workstream policies.
- Manage particular features when necessary, such as feature disablement or soft user communications to encourage behaviors that comply with collaboration security policy.
The ultimate goal of collaboration security is to minimize risk while supporting business productivity, which is the reason for having collaboration solutions. To find out how to strike the right balance with any new technology, contact us at Cory Communications.