Rawpixel.com - stock.adobe.com
Collaboration security and governance must be proactive
Even as companies deploy more collaboration tools, they aren't keeping pace with effective governance strategies for these tools and their generated content.
The last few years have seen an explosion in both the number and type of employee and customer engagement apps deployed within the workplace. The modern communications and collaboration environment includes not just voice calls and video meetings, but also team messaging, collaborative workspaces, social engagement, virtual whiteboards, project and task management and even self-created apps for workflow and task management.
In addition, generative AI enables apps themselves to create content in the form of summaries, recommendations, action items and transcripts for live calls and meetings, as well as presentations and documents from notes and data. In the contact center, generative AI provides live coaching as well as call summaries and transcriptions.
As employees take advantage of these novel ways to engage with one another -- as well as with customers and partners -- collaboration security and governance must keep pace to safeguard networks against the risk of unauthorized application access and data loss.
Emerging challenges include the following:
- Controlling content generated within collaboration and contact center applications, including chats, recordings, transcripts and summaries.
- Enabling safe access for customer, external team or project participants.
- Ensuring consistent policy enforcement across multiple applications.
- Tracking licensing and costs of applications to avoid sprawl and redundancy.
Without a proactive strategy for governing collaboration applications, companies place themselves at risk of data loss, reputational damage and financial vulnerability. Unfortunately, just 37% of companies had -- or planned to have -- a proactive collaboration security and governance strategy in place in early 2023, according to Metrigy's "Workplace Collaboration: 2023-24" global study of 440 companies.
Ensuring successful governance requires coordination across many roles. Typical functions include the following:
- A governance lead or board that sets the rules for what is allowable and what isn't, often working in conjunction with line-of-business leaders.
- A collaboration service lead (or leads) responsible for managing application implementations and enforcing security controls.
- A compliance officer (or team) responsible for developing and implementing information classification and retention policies.
The governance lead often is part of a CSO team -- or reporting to the CSO -- and works closely with those responsible for compliance. Beyond these roles, governance, service and compliance leads may rely on input from partners, consultants and other subject matter experts.
Once the governance team is established, governance, collaboration and compliance leads must work together on the following:
- Inventory applications that are in use or planned for adoption.
- Understanding the potential risks and security capabilities of each app.
- Developing compliance policies based on appropriate regulations and information retention needs.
- Creating security policies for access control, use and data loss prevention.
- Implementing security policies and ensuring enforcement by using either native controls available from application vendors or third-party tools designed to centralize and enforce governance policies across multiple applications.
Governance isn't one-and-done
Collaboration tool governance doesn't just happen once. Instead, it must be a continual process as application capabilities change and new applications enter the workplace. Evaluating the security capabilities of each app goes beyond assessing available access controls. It must also encompass data storage, encryption capabilities and support for data retention. It should also cover contingency plans in case the application vendor -- especially if it's newer and smaller -- ceases operations.
Finally, governance and collaboration leaders must convey the rules of the road to employees. Ideally, a proactive governance strategy enables employees to know what is allowed and understand the process for applying for exceptions or approval of new apps.
In essence, an effective collaboration security and governance strategy ensures that the organization's security requirements are met, even as it rolls out new capabilities to improve productivity and engagement. Employ a well-rounded communication strategy to help employees avoid frustration, and ensure that everyone knows the risks, the protective measures being implemented and the process for gaining approval for new applications and features.