people in masks
PHOTO: philhearing

To read some of the available literature on collaboration, you'd think everything is great. It's like a birthday party where everyone's giddy on cake.

At the most basic level, collaboration may be defined as connectivity linking internal users to each other and to external stakeholders to share critical information, which will mutually improve business performance. 

Some people like to share information at the virtual water cooler, on the phone or perhaps as the non-stop talker in meetings who knows everything about, well, everything. Everyone seems to be jumping on the collaboration bandwagon. People love to talk.

But collaboration goes beyond just talk. 

What doesn't get discussed much is collaborating in a secure manner, both at the intellectual level and the programmatic level. 

The Downside of Collaboration

Collaboration shouldn’t be a free-for-all, with information being shared willy-nilly. 

Yet according to research published by the Ponemon Institute and Intralinks, Breaking Bad: The Risk of Unsecured File Sharing (registration), 61 percent of employees have often or frequently forwarded files or documents by accident to individuals not authorized to see them. Oops.

The average company communicates with 72 business partners via OneDrive for Business and SharePoint Online, according to Skyhigh Networks. Do all partners have access to the same information? Probably not. The same problem occurs internally. 

Unfortunately, access to information is often unruly and uncontrolled. People leave, get promoted and when these changes happen their security rights should change — note the "should" — as should their access to content. 

According to the Ponemon Institute, 23 percent of breaches are caused internally, by accident or by malicious intent. Turning again to Microsoft customers, Skyhigh Networks reports 17.4 percent of content uploaded to OneDrive for Business contains a data breach every month. 

What about email attachments? Osterman Research noted (pdf) that 95 percent of all business emails sent have attachments. Have they been vetted for security and confidential information? Doubtful. 

A Breach Is a Breach Is a Breach

End users will never be controlled. This can jeopardize data breach laws and damage corporate reputation, which doesn't even consider the collaboration aspect. 

If, at the most basic level, security breaches are a regular occurrence, breaches will happen while collaborating. 

The challenge is that most security packages have common descriptors to identify PHI, PII, credit card numbers and other vulnerabilities, but do not defend an organization in terms of protection of confidential information.

And that’s the crux of the problem. 

Of course you don’t want social security numbers or credit cards shared with external stakeholders, or internal ones for that matter. However information such as engineering specs, new product development, merger and acquisition information, and financial details are all typically considered confidential, both internally and externally. 

It takes only one breach to wreak havoc in an organization, even if it goes unpublicized. For example, if you are planning a merger, you probably don't want your staff to know that half of them will be laid off. Not good for productivity. 

Where Security Comes In

Collaboration can’t be administered with an iron fist or it will defeat its purpose. 

Organizations have, one could say unfortunately, overcome their fears of cloud security, confident that their security is up to snuff. 

It’s time to take a second look at collaboration and security to find out who is talking to whom, about what and whether it is in the best interests of the business. It might just take a few times of being burned to start putting out the inevitable fires. 

The problem comes down to content identification and a lack of role-based collaboration. Content needs to be managed more effectively. Businesses must deal with content in context, or what is actually in the content. It may only be a sentence, paragraph or phrase that contains harmful information if shared. 

It’s not feasible nor humanly possible to check every document in every scenario, or control what people are texting and sharing. However, the onus has to be on the end user in terms of what types of information they share and with whom. That requires policies and education. 

ECM solutions can't fill the gap here. Multi-term metadata needs to be automatically generated, and controlled regardless of source repository, origination and purpose at the time of use — which is easier said than done. 

Collaborating Within Boundaries

Collaboration, in all of its varieties of communication modes, can bring great benefits. It’s up to organizations to separate the wheat from the chaff and ensure the information users are sharing is permissible, accessible to only those with a need to know and does not jeopardize the organization’s business outcomes.