McKinsey & Company believes digital collaboration could create over $100 billion in value, thanks in part to productivity boosts of 20-30% in collaboration-intensive work processes.It’s obvious that collaboration technologies are tempting to organizations, given their many benefits – one of which is clear communication in real time.
The trouble is that they also present novel compliance and security problems. When it comes to collaboration, organizations must strike a balance between efficiency, speed, and security. It’s too late to turn a blind eye. The recent Slack channel hack at Uber provides just one illustration of how essential collaboration security is.
To manage and, in some situations, prohibit communication, legacy security solutions like DLP were created. That won’t do for today’s sophisticated business. Collaboration cannot be productive if corporate communication shuts down. Thankfully, there are new methods of collaboration security, so you are not forced into a false dichotomy. Effective collaboration security relies on the ability of collaboration tools to dynamically classify sensitive material and on an awareness of when certain actions are acceptable.
Why collaboration tools need security
It is a common feature of collaboration tools that they are data-driven; you share information, documents and data, some of it sensitive and subject to compliance rules.
These systems were created with the goal of facilitating seamless information sharing between users, with a focus on collaboration. Users exchange documents with one another without considering how private some of the content in those documents may be. The potential exists for an unauthorized person to gain access to all of it. Through collaboration technologies, it is simple to exchange information in an unsafe way, such as with a link that is visible to everyone or data that is still shared with a former business partner.
Using collaboration technology as a gateway, bad actors broke into Electronic Arts (EA), a provider of digital interactive entertainment, last summer and stole passwords. As we saw in the case of the Google executive accused of stealing trade secrets, insider activity also remains a concern.
According to Verizon’s 2022 Data Breach Investigations Report, human error was a factor in 82% of data breaches. The most recent data security events demonstrate the human factor in such events as well as the vulnerability of collaboration tools. The fact that most businesses are still struggling with a serious shortage of security professionals and frequently have undertrained employees only worsens the situation.
Security and collaboration must co-exist
More established organizations may look at this situation and bypass the risk by limiting or even halting the use of collaboration tools. But this decision limits their ability to conduct business. They may be a tad more secure, but they are also causing conflict and obstructing communication. Companies don’t have the luxury of going slower in the current competitive environment. It’s also not a magic fix; whether it’s authorized, workers will still find methods to exchange the knowledge they need to execute their job roles. Finding a secure method to permit data sharing is the best course of action.
The average number of IT-approved SaaS apps used by organizations today is 80, and that number is rising. That’s not including all the SaaS applications that staff members might use independently and without IT’s approval (shadow IT). You should concentrate on securing the collaboration channels where data is transferred back and forth because it is not possible to secure every app.
Collaboration technologies are still in their infancy; for many businesses, adoption just began with the outbreak of the pandemic. The bad guys are still getting used to them, but they are also swiftly seeing the opportunities that these tools may present for them.
The secret weapon: Context
Because remote and hybrid work create a distributed workforce, the same security tools used for the old way of working won’t cut it. And you get a high percentage of false positives and noise if you try manually categorizing the data and using static policies.
Contextual visibility is required. For instance, imagine that someone shares a sensitive file externally. What if there was a dynamic, automatic mechanism to recognize whether an action is justifiable and what action isn’t? Using that information, you can take swift action and prevent the risk of this information being released to the public.
Consider this illustration: With up-to-date collaboration security systems, you can obtain more context, as opposed to an older system that might immediately warn you that an employee has sent sensitive material and promptly block it. Let’s say the employee is a member of the finance team who transmitted a financial document to another staff who was working on other patents in the same patents Slack channel. This conduct is fine, in context.
Static rules produce a lot of noise and false positives, such as those found in legacy data security tools. Having a contextual understanding of the “why” behind each action is the only way to address the issue of collaboration security. Otherwise, you can’t solve the issue successfully.
Since it is not possible to gain contextual understanding manually, what you’ll need is a set of rules that are dynamically updated to provide very low noise and precise detection of unsafe data access and leakage. Fortunately, tools are now available that leverage AI to automatically map the sensitive information in your collaboration tools and attach business context to every activity in every channel.
Before alerting to an action, a reason can be given for it by comprehending how platforms and people are related. This greatly minimizes noise, limits false alarms and enables security teams to spot harmful activity more precisely. These kinds of solutions allow IT and security staff to monitor and manage the data being exchanged through collaboration channels before any harm is done.
Context creates stronger security
When the pandemic forced innumerable businesses to allow remote work, adoption of collaboration software grew significantly. However, this wasn’t always done with security top of mind. Businesses are currently attempting to figure out how to combine the best of both worlds: collaboration in real time with complete visibility, control and security. Contextual visibility and dynamic rules will enable enterprises to maximize the use of collaborative technologies while enhancing their security foundation.