Sharing info seesaws with securing sensitive data

Free flow of info online presents management, security concerns
 

How do you balance the need for freedom and collaboration with a mandate to secure the network and its data? This is something that’s been facing IT managers across every level of business, especially as collaboration tools and corresponding data move out of the corporate environment and into the cloud.

In the past, organizations that allowed collaboration did so in the confines of the network, blocking access to external collaboration tools. In many cases, they limited use of the tools even inside the network, allowing only managers or specific departments to instant message or create and post to discussion boards. However, during the past year, the visible benefits of collaboration tools have made it impossible to exclude specific employees from collaboration tools, and a quick look at some of the most popular collaboration tools bears this out. Programs such as OpenView Venture Partners’ AtTask project and portfolio management software, Salesforce.com’s Chatter, 37signal’s Basecamp, and Microsoft’s SharePoint Online all live in the cloud and can be used by almost anyone on staff.

However, unfettered use, especially in the cloud, creates specific security and privacy problems. For one, unless a collaboration tool has the inherent ability to create groups and specify rights, users might gain access to topics and discussions that they are not authorized to see. Considering how easy it is to copy and paste text from a browser, it’s not difficult to see how such access could create a WikiLeaks-size problem very quickly.

The open nature of collaboration tools might also contribute to finger pointing. Some tools allow people to edit and change files and intellectual property without authorship. Although many wikis or group document-sharing sites have version control, there are common ways around it, which could lead to problems. Online communities such as wikis or forums can also give rise to heated discussions or personal insults. Finally, surreptitious viewing of calendar tools might lead to employees goofing off, such as taking a 90-minute lunch when supervisors are out of the building.

It is possible to avoid those problems even when collaboration applications are open to the general population, though. One strategy is proactively enforcing a governance program, said B.A. Boit, a principal at professional audit, tax and advisory services provider KPMG’s forensic practice. “The best defense is to put into place confidentiality policies and software that has an archiving capability to whichever collaboration tools you have installed can be searched across,” he said.

To promote responsible posting and civility, Sameer Patel, founding partner of the Sovos Group, a San Francisco-based consulting group that specializes in social and collaborative strategy and technology planning, suggested that organizations also must have a strong identity management policy in place so employees are familiar with one another and less likely to post or interact with one another without thinking. An identity management program will also make it easier for like-minded employees to link together and collaborate on projects, he said. “When you think about having that level of rich meta data about the people who are at an agency or the external contractors you work with, it’s far more likely that the best minds are going to find each other.

Finally, every organization should engage in a formal training program that encompasses best practices around collaboration tools as well as the internal and external use of social media, Boit said. “Social media and collaboration [governance] isn’t a technical challenge anymore,” he said. “Information flows out of the weakest link, and that link is usually an employee.”

About this Report

This special report was commissioned by the Content Solutions unit, an independent editorial arm of 1105 Government Information Group. Specific topics are chosen in response to interest from the vendor community; however, sponsors are not guaranteed content contribution or review of content before publication. For more information about 1105 Government Information Group Content Solutions, please email us at GIGCustomMedia@1105govinfo.com