The need for collaboration tools like chat and video apps is greater than ever, for a few big reasons:
- Businesses are increasing their numbers of remote locations quickly
- Companies have recognized that it’s important to hire the best talent regardless of location.
- Employees often travel on business or choose to work remotely.
- Customers and suppliers are actively involved in the design of products or supply chain orchestration.
In the absence of corporate collaboration tool standards, employees may choose a SaaS or cloud-based tool that hasn’t been vetted by IT. Even if IT selects the collaboration tool, they may not have the experience to evaluate an application born in the cloud—which many collaboration tools, like Slack and Skype for Business, are. In combination, these factors may lead to network security risks or drag down network performance. Here are the factors to consider when considering collaboration tools.
1. Start with a Policy
Nobody likes company policies that spell out every detail of what can and can’t be done, but in the case of collaboration tools, a strongly enforced policy is a necessity. That’s especially important at remote locations without IT on-site. The policy should cover:
- Criteria for granting access to the portal for outsiders
- Which documents and IP can be shared both internally and externally
- Access requirements such as two-factor authentication, VPN or passwords
- Collaboration on trading partners’ platforms, spelling out the rules for sharing IP
2. Validate Application Security
Cloud apps often get rushed to market in the hope that early revenue gains will support future product expansion. The developers first focus on features that will attract users as customers. These apps may be architected for world-class security, but the developing companies rarely take the time to have the apps certified by an independent agency such as Veracode. Without a certification and with no ability to examine the code, you may not be able to tell if the chosen solution is hardened enough for corporate use.
IT should determine which certifications they are most comfortable with, and specify that collaboration tools must carry one of those security certifications before they can be used.
3. Segregate Workloads When Needed
Whenever the network is accessed, there is the potential for a security breach. To help prevent malware from penetrating the network, IT should segregate workloads for collaboration tools and require additional security and logins to move from the collaboration tool server to other servers on the network.
The segregation may not completely prevent malware intrusion, but it may slow it down or prevent access to other network nodes where sensitive data may be stored.
Segregating and balancing the workloads will help to improve network performance as well as enhancing security. IT teams should select a tool that can automatically balance queues and workloads and manage the additional layers of abstraction that come into play with a cloud solution. Ideally, the monitoring tool should provide a centralized portal for management of all locations, and send proactive alerts when suspicious activity is detected.
4. Manage Documents
Consider a document management tool that tracks check-in and check-out of documents, and ensures that all parties are working with the latest revision. The document management security will add an extra layer of protection to company IP if your team collaborates with external as well as internal stakeholders.
5. Don’t Forget the Basics
Passwords are the basic building blocks of network security, but if you make your password requirements too burdensome, users will find a way to circumvent the restrictions.
The latest research from NIST (National Institute of Standards and Technology) reveals that what we used to consider good password hygiene actually leads to bad habits like writing passwords on sticky notes. The new guidelines recommend an easy-to-remember string of four or more words. Gone are the requirements for special characters and frequent password changes, which simply frustrate users without adding to security. The new guidelines lead to passwords that can take more than 500 years to crack, while the older guidelines’ passwords could be hacked in three days or less.
Simple changes can make it easy for your users to take advantages of the synergies of collaboration while protecting the health and safety of your network.