As day-to-day corporate usage of collaboration platforms like Microsoft Teams and Slack expands, collaboration security is increasingly a top priority for IT and InfoSec teams. According to the World Economic Forum, executives now see cybersecurity as one of the most significant risks to organizational growth.
However, there’s a conflicting trend in that employee productivity and collaboration are also incredibly important for employees given the increasingly performance-based focus of organizations. In fact, 74% of Chief Information Security Officers (CISOs) believe that employees in their organization are frustrated with security policies hindering their productivity.
With the shift to remote work driving the rise of collaboration platforms like Microsoft Teams, Slack, and Cisco Webex Teams, the balance between security and productivity has become more crucial than ever before. The goal of these collaboration platforms is to improve end-user productivity through easy file-sharing and team collaboration. While helpful for productivity, this ease of use naturally increases security risks.
In response, many IT and InfoSec teams have started limiting end-user abilities to create and name new teams, deal with external guests, or install platform marketplace add-ons. These limitations, however, often contradict the original purpose of collaboration platforms.
Now the challenge is to find the right balance between security and productivity. Too many policies and governance requirements hinder end-user productivity, yet too few put the company at risk. This blog explores the tension between collaboration security and employee productivity, then offers four ways to achieve a balance while decreasing security policy intrusiveness and maintaining a productive workstream environment.
Why Balancing Collaboration Security and Employee Productivity Is Essential Now
The recent rapid adoption of workstream collaboration platforms comes from the desire to improve employee communication and collaboration by offering chat, voice call, video call, and file-sharing features all in one place. According to Slack’s Future of Work Study, when asked about the range of communication tools available to them, 74% of employees preferred the ability to send real-time messages instead of email or in-person conversation.
Undeniably, collaboration platforms are here to stay and grow alongside both remote and in-person work. Gartner predicts that by the end of 2022, 70% of organizations will rely on collaboration as the primary means of communicating, coordinating, and sharing information between employees, replacing email and other unified communications platforms.
To improve productivity, these platforms lower the burden to sharing data and installing third-party apps, simultaneously expanding potential security risks. In many cases, end users mistakenly share sensitive data externally or add guests to the collaboration workspaces only to let them stay indefinitely. According to Ponemon’s 2020 report on the Cost of Insider Threats, 62% of data breach incidents are caused by end-user errors and negligence.
In other cases, end users introduce security risks from Shadow IT in the collaboration workspace. This occurs when end users deploy software that the IT team is unaware of and has not approved and often occurs when IT tries to strictly lock down virtual workspaces. Many end users simply install unsupported apps and plugins to achieve their work goals instead of waiting for top-down IT-approved solutions.
In a report conducted by Unify Square and Osterman Research, 54% of all end users utilize unapproved apps at least a few times per year in the workplace. Shadow IT is even more severe among millennials, with 28% reporting they use unapproved apps as frequently as 2 to 4 times per week.
Between the rise of collaboration platforms and the ineffectiveness of curbing potential risk by completely locking down workplaces, finding a functional balance between collaboration security and employee productivity is essential.
How to Support Employee Productivity While Maintaining Organizational Security
Security and productivity are both essential components of collaboration success in any organization. Although challenging, there are numerous ways to support employee productivity while keeping data secure. Here are four promising and proven strategies.
1. Develop Systems Based on Employee Needs to Seamlessly Integrate Security Measures
IT teams should start by understanding end-user needs and workflows. IT can then work backwards to design systems that keep employees secure throughout their workflow without negatively impacting productivity or wasting time. As part of this system, IT teams can create and integrate end-user-facing tools or wizards that foster easy communication between end users and IT. This integration will encourage and enable end users to take timely action under IT supervision.
In this way, IT can ensure that the correct data is collected and secured, the proper policies are followed, and the appropriate approval cycles are used.
2. Proactively Raise Employee Awareness About Security Risks and Best Practices
End users often fail to follow safe practices and policies due to the lack of understanding about security risks. To address this, CISOs and InfoSec teams should raise employee awareness of the potential risks, financial losses, and reputation-crushing consequences resulting from lousy security habits.
Employees should be educated about the best security practices while using collaboration platforms. For example, employees should know the best way to add guests to the organization’s workplace, what permissions to allow guests, and other secure data-sharing methods. By employing proactive education strategies and career-long security training, IT can avoid most risks from end-user errors and focus on higher-level security issues.
3. Empower a Set of Users to Become IT Champions
In addition to broad education efforts, CISOs and IT teams can foster security in the organizational culture by selecting and training a smaller set of end users as IT champions. Either temporarily or permanently, these IT champions help monitor collaboration and security processes in day-to-day functioning. Champions work with their peers to identify and communicate common security issues to the IT team, and proactively troubleshoot end-users’ problems.
As non-IT security role models, champions can encourage other employees to follow the best security practices and resolve simple security issues in a way that IT cannot. Utilizing peer-to-peer cooperation, IT champions can assist their teams and build a healthy balance between collaboration security and employee productivity in different parts of the organization.
Connect with a Consultant
Don’t let information security concerns keep you up at night. Work with us to take the necessary steps to secure your workplace collaboration platform with our Security Rightrack offering.
4. Deploy Third-Party Specialist Collaboration and Security Governance Tools
IT can deploy third-party specialist collaboration security and governance tools, such as PowerSuite. These tools go beyond the native platform admin console functionality to understand collaboration security profiles and discover real-time security and governance issues. Some tools offer policy management creation and enforcement to maintain the right balance between security and end-user productivity in collaboration platforms.
For example, PowerSuite enables IT to set policies to control guest access in the collaboration platform and ensure that guests only have access for the right period of time. In this way, PowerSuite helps IT balance security and productivity by providing various guest access policies from basic general restrictions to more nuanced guest interaction limitations.
Additionally, PowerSuite also encourages productivity by enabling IT to set policies to determine the right number of team owners for Microsoft Teams. Having a team owner is crucial for productivity and security as owners facilitate discussions, allow new members, and take the proper management steps.
By taking advantage of third-party tools like PowerSuite and other complementary strategies, organizations can establish and maintain a healthy balance between securing sensitive data and enabling employee productivity.