Maksim Kabakou - Fotolia

Security Think Tank: Think twice about unlimited collaboration

How can businesses of all sizes ensure that employees are able to collaborate effectively without the risk of compromise to the company IT network or systems?

Collaboration, decentralised work patterns and the “always on” paradigm appear to have become the rule rather than the exception. 

While larger companies are already implementing controls to avoid overburdening their staff with 24/7 collaboration, small and medium sized-enterprises (SMEs) often find themselves in a situation where they have to catch up with their customers’ expectations.

From a technology perspective, the overarching need for seamless connectivity and collaboration has broadened the market for all kinds of systems, ranging from the casual freeware tool to large enterprise-level implementations by major suppliers.

The obvious downside of collaboration is the increased security risk, particularly where travelling users and mobile devices come into play. 

Sharing and collaborating often entail disclosure of user information. The registration processes and typical opt-in schemes to newsletters and advertising are just a few of the sacrifices to be made when using open-source or freeware collaborative mechanisms.

Companies should, therefore, think twice before entering the arena of unlimited collaboration. 

The challenge is twofold. Technically speaking, both the corporate infrastructure and the user should be protected from the most obvious security risks and vulnerabilities. When looking at collaboration from a managerial perspective, employee expectations must be balanced with the way in which people interact.

While it may be convenient and sometimes fun to quickly arrange a video conference between several mobile users, this type of collaborative event is unsuitable for confidential conversations. Similarly, casual information exchange may not justify setting up a commercial telephone and video environment.

For large companies, the key to establishing appropriate security levels for collaborative environments and practices is in classifying content rather than media or technology. Only where the subject matter and the requisite level of confidentiality are known will firms be able to provide the right sense of direction to their staff and contractors. 

Read more from Computer Weekly's Security Think Tank about secure collaboration

Needless to say, the technology that enables full collaboration in larger corporate environments will usually provide the functionality to maintain the desired levels of security. However, configuring these systems should follow sound business logic.

For SMEs, cost is always a central factor, and using mainstream commercial products is often out of reach. But even in the open-source field, there are several attractive collaboration offerings that will build a bridge between an SME and its counterparts, provided the IT administrators or experienced users respect a few ground rules and spend enough time on actually using and maintaining the security features offered by these systems.

Rolf von Roessing is a past international vice-president of Isaca and president of Forfa.

Read more on Privacy and data protection