What to look for in secure collaboration tools

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Despite monumental enterprise efforts to secure information, data breaches continue to top headlines, in part because of the way employees collaborate and share data. What's needed are enterprise-level secure collaboration tools.

The growth in mobile tech, the consumerization of IT and the rise of cloud computing are creating additional security challenges. Never before has the need to equip users with a secure, easy way to share information been as important, because if IT doesn't do it, users will take matters into their own hands.

TEST YOUR SAVVY: The data breach quiz

In many regards, they already have. From 2008 to 2010, mobile storage devices including USB thumb drives, CDs and DVDs became common vehicles for transferring large amounts of data. Simple to use and relatively inexpensive, these devices were the ideal IT workaround for business users not wanting to deal with complex FTP servers.

A steady stream of news stories has raised awareness of the security and compliance risks associated with these devices and how easy it is for them to be misplaced, lost in transit or stolen.

During this same time frame, a growing number of consumer technologies began making their way into corporate environments, like peer-to-peer (P2P) services then enable users up against a tight deadline to send an email that the corporate email system rejected as too large.

Today personal smartphones and tablets are penetrating the workplace in increasing numbers. Included on these devices are often free and low cost consumer apps that employees have downloaded for personal use.

Business users are quickly embracing the anytime, anywhere data access that these devices offer. They're accessing email, file sharing and other collaboration services from almost any device, especially iPads, which few enterprises have authorized for use.

Regaining control

Employees need to do their jobs; IT needs to equip them to do so by offering "whitelisted" or approved apps that answer the same need, while providing IT the necessary control and insight over corporate data. [Also see: "AT&T's Toggle to deliver enterprise apps to Android phones"]

The collaboration and file sharing space is quickly growing as established enterprise veterans, startups and consumer-focused providers answer the growing need for mobile file sharing solutions. When conducting your search, it is important to remember not all collaboration tools are equal. There is a vast difference between those developed for consumers and those developed specifically for enterprise organizations. To help IT regain control over corporate data being shared via mobile devices, consider the following:

Businesses require more than just a freemium, public multi-tenant cloud solution. Meeting the needs of enterprises requires choice of where to store data, particularly sensitive information (organizations in EMEA do not want data stored in the U.S.).

Allowing employees to sign up for individual file-sharing accounts exposes organizations to significant data security and compliance risks. Because IT has no visibility or control over the information being accessed or shared, it is impossible to know just how exposed an organization is to a data breach.

Enterprise-level solutions provide IT with the necessary visibility and control to monitor and manage what information is being accessed, by whom and when, so the enterprise can comply with industry regulations, such as SOX and HIPAA, that require monitoring and reporting systems to be in place. Utilizing security controls, IT administrators and business users can set policies to prevent files from being forwarded to unauthorized users. [Also see: "Warning: HIPAA has teeth and will bite over healthcare privacy blunders"]

When looking for a solution, make sure you have the ability to set automated security policies to validate recipients, set workspace and file expiration dates as well as multi-tier access and permissions to workspaces and files. With file access monitored and logged, demonstrating compliance will no longer be an issue.

Other things to consider:

* Mobile apps should have an intuitive interface and be available for common mobile platforms, such as Android, Apple iOS and BlackBerry. When security solutions are easy-to-use, employees use them, rather than looking for workarounds that might put confidential data at risk.

* When considering your options, do not overlook file sizes. If the solution you select does not accommodate the sharing of large files, you risk users turning to non-secure, unmanaged applications.

* Server-based security, as compared to client-based security, will help you avoid the daunting task of having to configure an ever-changing collection of hundreds or even thousands of mobile devices. Server-based security also enables administrators to enforce changes to security policies immediately. For example, to disable mobile access for an ex-employee, the person's mobile phone is not required. With server-based security, IT can simply turn off access through an administrative dashboard.

* Employees need to collaborate not only with colleagues but also with external users, such as business consultants, ad agencies, industrial design firms, legal counsel, and other types of business partners. Therefore it is important the solution you select supports cross-boundary collaboration, so mobile users can work with all members of a team, including external users.

Integration with your existing IT infrastructure, such as LDAP directories, active directory services, archiving systems, content management systems, data loss prevention (DLP) systems, mobile device management and digital rights management systems is essential.

The ability to integrate your existing directories ensures access controls are consistently enforced across all IT services, while integration with archiving and DLP systems enables collaboration services to be part of broader data security initiatives and practices. In addition, the ability to plug secure file sharing capabilities into an existing content management system, such as SharePoint, to enable internal-external collaboration and mobile access enables centralized tracking and reporting of file sharing across the enterprise and leverages existing investments

With an enterprise-level collaboration and file sharing solution in place for mobile devices, the temptation for users to use free Dropbox-type applications is eliminated. IT administrators can manage and audit file sharing, ensuring that business users are complying with security policies; and IT managers and compliance officers can be confident that compliance mandates are being met.

Paula Skokowski is the chief marketing officer for Accellion, a pioneer and leading provider of enterprise-class secure collaboration and managed file transfer solutions. You can contact the author at paula.skokowski@accellion.com.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsconsumer electronicssecurityhardware systemssmartphonesdata breachtabletssoftwarecollaboration

More about AccellionAppleBlackBerryDLPDropboxetworkGoogleIDC AustraliaLANLP

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Paula Skokowski, chief marketing officer for Accellion

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place