Today’s IT departments managing workstream collaboration environments have less and less control over the technology solutions employees use. They are responsible for keeping enterprises secure and risk-free, but often lack the budget and/or prioritized focus to do so. Gone are the days where on-premises products were released every two years through a formal change management process. In the UCaaS world, the technology itself (or in some cases a Shadow IT procurement) drives the solution release calendar. New features and capabilities roll out automatically and simply appear in the hands of users, putting IT in constant catch-up mode. This shift from proactive to reactive adds pressure and risk to IT departments. Yet, in the eyes of the employees, it’s never been easier to collaborate and communicate in today’s digital workplace.
How can IT teams manage these inevitable challenges while encouraging safe, secure, and seamless communication among employees?
Acknowledge the Collaboration Security Challenge
Collaboration security and governance is highlighted in industry reports as a top IT concern. Almost 90% of IT professionals view insider threats as a dangerous and growing concern. And yet the general response to that statistic is conflicting. First and foremost, the concern must be reflected in IT budgets and resource allocation. As IT budgets and priorities focus on collaboration platform licensing and end user transformation, not enough focus is given to the security and governance of those same platforms. Second, more than 60 percent of enterprise workers polled believe the responsibility for collaboration security rests solely on IT’s shoulders. And yet, the perpetual push to modernize collaboration is driven by the business. Rather than simply tolerating these security risks, IT teams should implement a strategy that looks at the holistic picture and integrates software to better manage those threats.
Discover & Assess
Next, it’s important for IT to take steps to uncover the amount of risk and exposure that exists currently within their deployments. An initial discovery process gathers workplace analytics and insights relating to all collaboration platforms (i.e. Slack, Microsoft Teams, etc.). The initial portion of the discovery relates to monitoring what sort of native tools may already be in place using the platform settings. Next, the organization must measure the business impact of those settings to determine if they are introducing unnecessary risk into the environment. Capturing these details about usage trends and workplace performance helps improve decision-making for IT and mitigate collaboration security risks. Finally, if they don’t already exist, IT and the InfoSec team need to put a set of governance measures in place which will be specifically directed towards the collaboration platforms and how they are used.
Activate
Analyzing the state of collaboration security may be hard. Actually, managing the collaboration environment is even harder. Collaboration is an ever-changing and highly organic process. A myriad of policies must be activated to enable business collaboration within risk-conscious boundaries. Organizations alongside their IT leaders need to provide better governance and compliance strategies in order to provide appropriate swim lanes for business usage. Progressive IT teams will seek out 3rd party speciality software tools which provide advanced governance and policy management to regulate potential threats. The ability to have more granular policy control and enforcement with less manual configuration will become an indispensable feature as UCaaS platform solutions add increasingly complex collaboration features as many (40%) crave even stricter guidelines for usage restrictions.
Educate and Monitor
Thanks to COVID-19, the workforce has gone even more business casual. The consumerization of IT, combined with the general shift of workers not physically being in offices, has impacted employee behaviors and attitudes toward the way they conduct work. Couple this with overloaded IT departments and limited out-of-the-box security administration and it’s a recipe for disaster. IT teams need to take a proactive versus reactive approach to understanding and addressing collaboration security issues. Given the open nature of today’s collaboration solutions, IT leaders must work with their organizations to actively educate employees on how to communicate securely. If IT teams can’t have an intimate insight to every product update or communication, employees need to be aware of how to conduct business safely and securely, especially outside of the office.
Integrating the right collaboration security monitoring and management tools will lessen the burden on IT and allow for real-time adjustments to policies. These tools will take periodic governance snapshots of the collaboration security situation and objectively measure the efficacy of the governance efforts. Viewing these continuous insights will help IT departments to continuously fine-tune their governance policies to better fit employee behavior patterns and corporate infosec requirements.
Evolving digital workplace lifestyles coupled with COVID-19 changes have created the perfect collaboration security storm. Enterprise IT teams face challenges in deploying, monitoring and managing collaboration apps in a secure and ubiquitous manner, especially as collaboration application adoption outpaces IT controls in this “new” world of SaaS. Careful attention to collaboration security analytics, subsequent policy actions, and then periodic compliance snapshot checks is the answer to InfoSec peace of mind.
Guest blog by Alan Shen, VP of Professional Services at Unify Square.
