Security Think Tank: Secure collaboration not just about technology

What is the best approach to increasing collaboration without reducing security in an enterprise?

Adrian Davis, (ISC)²

Published: 09 May 2014

The best approach is not technology-based, but involves building cross-functional teams both within and without the organisation, encouraging the pooling of knowledge and experience, supported by business management, and using technologies that help them work together.

Building a successful and secure collaborative environment requires clear direction from management about the behaviours of the team; information to be shared; and the role of security in the culture.

When choosing collaboration technologies, strike a balance between functionality, scalability and security. Buying a system on just one of these factors may lead to issues going forwards, as one or more of the factors may prove incapable of meeting future demands.

Cloud and mobile services can offer a mix of all three, and it is important that all the parties – such as business, IT, legal and security – meet to agree how the balance is to be struck, to plan for future demand, to cater for legal and regulatory obligations, and ultimately build the right architecture and environment that ensures the benefits of collaborative technologies can be maximised, while the risks of deliberate or accidental compromise of the confidentiality, integrity or availability of information are minimised.

More on secure collaboration from Computer Weekly's Security Think Tank

Collaborative technologies will also require management in a technical context. Managers cannot assume that "IT will take care of it" and leave administrators to implement suitable controls to protect information and manage access by users. Additionally, managers cannot leave privileged users such as system administrators to work without supervision, or at least regularly review what those privileged users are doing.

Finally, thought must be given to capturing, sharing and securing the information created during the collaboration. Measures to securely archive, delete and access the information – perhaps over a period of years – should be put in place at the beginning of the collaboration and resources allocated to support their successful operation.

Adrian Davis is managing director EMEA for (ISC)²

Read more on Privacy and data protection

CEO on collaboration tool security, insider threats, skills gap Michael Coates, CEO and co-founder of cloud collaboration security platform Altitude Networks, speaks to industry trends and his transition from CISO to CEO.

Nearly two-thirds of businesses hit by credential abuse Most businesses admit to breaches relating to abuse of user credentials, according to a report that highlights cyber hygiene failings in the UK and the importance of greater visibility and integration to cyber defence capability

identity and access management (IAM) Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.

Build up your SDDC security with 3 components If you want to build a foundation for secure operations in your SDDC, software patches, account privileges and encryption should all be part of your security framework.

Firms need to move from DevOps to DevSecOps, says expert In the face of competition, organisations are turning to DevOps to improve efficiency and accelerate innovation, but this is creating new security risks, an industry expert warns

Cryptographic keys: Your password's replacement is here As passwords become targets of phishing attacks, password management has become increasingly difficult. Expert Nick Lewis explains how cryptographic keys could replace passwords.

SearchCIO

Security Think Tank: Secure collaboration not just about technology

What is the best approach to increasing collaboration without reducing security in an enterprise?

More on secure collaboration from Computer Weekly's Security Think Tank

Read more on Privacy and data protection

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

Don't let edge computing security concerns derail your plans

Risk-based digital identity benefits CIOs, CMOs and customers

Agile practices endure and continue to adapt

SearchSecurity

Use network traffic analysis to detect next-gen threats

Check Point: Qualcomm TrustZone flaws could be 'game over'

InfoTrax settles FTC complaint, will implement infosec program

SearchNetworking

5 common SD-WAN challenges and how to prepare for them

The top 10 network security best practices to implement today

SD-WAN explained in 15 key terms and phrases

SearchDataCenter

Understand top public cloud repatriation use cases

Microsoft quantum development turns toward hardware

Top 5 options for Linux certifications

SearchDataManagement

Redis Labs eases database management with RedisInsight

How AI could save the enterprise data catalog

With Vitess 4.0, database vendor matures cloud-native platform

More on secure collaboration from Computer Weekly's Security Think Tank

Read more on Privacy and data protection

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.