woman walking a tightrope between two mountains
PHOTO: Leio McLaren

We’ve all been continuing to work under the unique challenges COVID-19 has presented since March. For most organizations, this means most if not all of their workforce is still working from the safety of their homes, forcing a digital transformation around the globe the likes of which we have never seen.

Organizations have had to adapt to new ways of working — remote meetings, sharing documents and files via cloud collaboration platforms, and even collaborating across platforms and organizations with users from different business units and organizations across the globe. But while meeting those collaboration needs, organizations have also required solutions, processes and an internal culture that fosters an ongoing dedication to information security.

A New Business User Contract: Secure Collaboration

Organizations have worked tirelessly to understand if the security and data governance features of their platforms can handle the massive increase in collaboration volume.

Though many collaboration platforms like Microsoft 365 have advanced security features, maintaining order while using the various features in ways that meet the security needs of the organization remains a challenge. Businesses have turned to ongoing training and communications efforts to ensure employees understand how to use the platforms in ways that don’t violate policies, which increases the burden on already overtaxed IT and security teams.

And as always, businesses are striving to establish governance without restricting user collaboration and impeding productivity.

All of this has been a major challenge as cloud collaboration platforms are inherently designed to make collaboration easy, and their security features are often not scalable enough to meet the needs of an organization without adding to their workloads.

Related Article: Content Sprawl Happens: How Will You Manage It?

External Collaboration Can Be a Nightmare of Convenience

That ease of collaboration extends to collaboration and sharing with external parties — including documents and files that may contain sensitive or business critical information.

The increasing number of regulations and security threats has made maintaining an understanding of what information is being shared with external contributors critical. Clearly defining which information is business critical or sensitive becomes all the more important in this context, so businesses can decide whether or not to grant access to this information to external contributors.

Another critical part of security here is having systems in place to enforce rules and maintain an accurate understanding of who has access to what kinds of information, including via the kinds of links that anyone (internal or external) may have access to.

Related Article: You Rolled Out Your Remote Workplace in Record Time. Now Let's Talk Governance

Accurate Collaboration Security Require Ongoing Dedication

Many organizations have general security processes in place, where occasional audits of access or sensitive information are recorded and stored for record.

These kinds of reports, which present a vague snapshot of security at a given point in time, fail to meet the standards of security in this new age of digital collaboration. Any organization that has gone through a security audit such as ISO or FEDRAMP can attest to this: organizations need a true and accurate understanding of their sensitive information exposure to truly be able to reduce risk.

The only way to meet the current security challenges is a combination of effective security solutions, end user training that encourages secure collaboration in combination with processes that don’t hinder productivity, and the fostering of a true culture of security across the organization.

Related Article: We Need 'Set It and Forget It' Governance

Partner With Trusted Organizations Who Have a Proven a Commitment to Security

Meeting these needs will at times mean partnering with service or solution vendors. Most large organizations have a security questionnaire they require of vendors and contractors. If your organization doesn't already have a process for this, develop one now.

When considering external partners, choose those who have met security certification standards themselves, don’t rely solely on those of the cloud platform they’ve built their solutions on. Be wary of those that brag of industry standards like encrypted data transfers, and ask questions that force them to present their knowledge of data security even in initial conversations. Are they proud of the lengths they’ve gone to in maintain data security? Do they seem knowledgeable in this area? Do they offer features that enhance security beyond your minimum requirements?

Remember it is possible to secure collaboration across cloud platforms. Though it can be a long journey, it’s never too late to start.