Maksim Kabakou - Fotolia

Security Think Tank: No company is an island

How can businesses of all sizes ensure that employees are able to collaborate effectively without the risk of compromise to the company IT network or systems?

In order to succeed, companies need to collaborate with their wider ecosystem, where that ecosystem may comprise suppliers, partners, customers and other entities that help the business to meet its goals. Sometimes improved collaboration is needed across organisational units within a single business when silos have been allowed to build up over time.

Collaboration can take a variety of forms, such as working together on designs, documents, products or software development. In many cases, this will necessitate the sharing of valuable information, such as intellectual property, that all parties need to be able to access and modify. 

At the same time, unauthorised access to this information could be extremely damaging. Organisations therefore need to tackle the most traditional of security problems – providing the good guys with access while keeping out the bad.

Solving this problem means adapting to working in an always-on digital world, particularly as there are countless ways for individuals and organisations to collaborate. These range from traditional tools such as email and instant messaging to newer, cloud-based tools such as Dropbox, Github, Huddle, Trello, Google Apps and Microsoft Office 365

Users expect this stuff to be easy, and suppliers are keen to make it so. But what about security? Can you collaborate easily and securely

Fortunately, the answer is yes. Albeit with the usual caveat that every organisation needs to understand its own appetite for risk and make appropriate design and implementation decisions. 

Cloud providers have woken up to the need to support secure ways of working, so many will provide customers with the ability to use existing credentials (username and password) through federated authentication or through directory synchronisation (think Microsoft Active Directory). Many of those that do not support federated authentication will at least give you the option of multi-factor authentication, which is much more secure than a simple username and password. 

But security is not just about authentication. How can organisations be confident that collaboration providers care about the wider aspects of security? This is where security certifications come in, such as ISO 27001. Some providers of collaboration tools have taken the effort to obtain such internationally recognised certifications, with Huddle being one example. 

It is important to note that this is not just an opportunity for the major, multi-national enterprises. Cloud-based collaboration services are available to all. Indeed, many cloud providers will actually offer a free tier of access for small users – Socialcast, for example, is free for up to 50 users – and this means small and medium businesses can get the same collaboration benefits as larger players at a much lower cost.

As always with security, the real key to choosing the right collaboration tool for your business is to understand the information assets your business cares about, the threats to those assets and whether or not the product you want to use is adequate to address those concerning risks. 

If your business is content to accept a little risk, then you have a plethora of options for controlled collaboration with your business partners. If your business is completely risk averse, then you are likely still limited to the exchange of encrypted email attachments. The choice is yours.

Lee Newcombe is a member of (ISC)2 and senior manager for information protection and business resilience at KPMG.

Read more on IT for small and medium-sized enterprises (SME)