Collaboration platforms have become the new way of life across most major enterprises. Whether for a remote, hybrid, or in-office workforce, enterprises have realized and pursued the productivity gains offered by platforms like Microsoft Teams, Slack, and Cisco Webex at warp speed. This trend is reflected in the 44% growth seen in collaboration tool usage by enterprises from 2019 to 2021, according to Gartner. However, this digital transformation has come hand-in-hand with a belated understanding of the collaboration security and governance vulnerabilities involved. Without proper governance policies and collaboration governance tools, collaboration platforms allow employees to share files, add guests, and even change security settings without restrictions. This indiscriminate sharing leaves organizations open to the risk of a data breach.
IT teams responsible for policing data-sharing on collaboration platforms often start by using native governance tools. And while Microsoft and other collaboration platforms are equipped with basic collaboration governance tools, these offerings lack the full functionality necessary for enterprise IT. Critical features like advanced policy configurations, enforcement, and automated workflows are lacking, compelling admins to set strict policies that hinder employee productivity—or to opt for none at all. This leaves IT admins with three choices to implement and manage the additional responsibility of their organization’s collaboration governance.
Three Ways Companies Manage Collaboration Governance
1. One way to account for this influx of new responsibilities is for an organization to increase their IT headcount to handle the new demands. The effort of defining and executing the full range of operational workflows required to support all business units is a significant and ongoing workload. For diverse enterprises, this effort translates to multiple FTEs of IT budget growth. These expensive, highly sought–after resources must possess the rarefied gift of understanding business needs, corporate risk, and Teams/O365 technical capabilities.
2. For many organizations, increasing headcount isn’t an option. If an organization chooses to forgo team expansion and instead rely on native collaboration governance tools, there are two possible effects. Some companies accept the outcomes of inflexible governance policies applied broadly to the company, swallowing the resulting drop in productivity. More often, employees push back on security restrictions, leading to shadow IT proliferation or a general loosening of native governance policies. This leaves organizations open to an even larger risk— data theft. In 2020, the average cost of a data breach in the U.S. was $8.64 M, according to Ponemon Institute. In addition to the hefty cost, data theft has a ripple effect across less tangible but equally valuable areas, including brand reputation and consumer confidence. This loss of confidence after a data breach can manifest in a loss of customers. In fact, 83% of U.S. consumers avoid a business for months after it experiences a security breach and a full 21% never return, according to a survey by PCI Pal. When faced with this threat, proper collaboration security and governance is a requirement, not an option, for organizations.
3. Successful management of your organization’s collaboration security without growing headcount or relying on inflexible native controls is possible with the help of third–party collaboration governance tools and software. These offerings help companies create, streamline, and automate customized security controls, freeing IT admin up instead of adding to their workload. Companies have recognized the need for solutions like this, with 75% of decision-makers at large companies on the market for an additional five or more software tools this year, per G2’s 2021 Software Buyer Behavior Report. The best part is, it’s not expensive—one collaboration governance tool clocked in as low as $0.98 per user. For a 10,000-person company, this equates to only $9,800 annually, a far cry from the $2M impact of hiring 20 team members or the $8.64M cost of a data breach.
Collaboration governance software is a popular and effective tool to help protect your enterprise’s data without hurting user productivity—but how do you choose which software to use? Here, we will take you through the process of setting up strong yet streamlined security policies and the software capabilities required to do so.
Optional Step: Consulting & Support Services
Creating, launching, and managing your organization’s collaboration governance policies can be overwhelming. For enterprises that are looking for a professional setup, that don’t know where to start, or that simply do not have the time, we recommend prioritizing third-party collaboration governance tools with consulting and support offerings. Top capabilities to look for include an expert audit of your organization’s collaboration security weaknesses across platforms, guidance in building a collaboration security model, and the creation of topline models for your governance needs.
Step 1: Engaging the Business
Traditional IT security considerations revolve around homogenous infrastructure elements such as network firewalls, VPNs, and multi-factor authentication. These solutions are usually “one-size-fits-all,” irrespective of a given user’s business function. They’re also “one-size-fits-always,” meaning they don’t typically change once in place. Collaboration governance is an entirely different beast. The proper sandbox of allowed behaviors varies widely with each regional business unit and from quarter to quarter.
The first crucial step to free up your IT team’s bandwidth begins with acknowledging that most IT organizations aren’t intimately familiar with the business units they support. This complexity multiplies when you factor country- and region-specific regulations and business norms. For instance, a German HR team working on annual salary adjustments has dramatically different needs than a Brazilian marketing team collaborating with an outside creative firm. Instead of applying an overly permissive or restrictive “one-size-fits-all” collaboration governance policy, IT organizations must engage business units to understand where they would set the governance boundary between useful functionality and excessive risk. For example:
- Who is allowed to create a collaboration workspace?
- Who manages the content and membership of a collaboration workspace?
- What kind of guests are allowed in a collaboration workspace?
- When does a collaboration workspace reach the end of its useful life?
- What data should be archived when a collaboration workspace is no longer needed?
- How discoverable should a collaboration workspace be within the corporate directory?
- Should certain workspaces follow a naming convention to highlight their purpose?
This exercise will reveal a wealth of governance insights, which IT can then take steps to operationalize. Equally important, business units will also gain awareness of the benefits and risks of modern collaboration governance tools. If the ultimate goal is for business units to manage their collaboration governance in a self-service fashion, it only makes sense for them to be engaged from the beginning.
Step 2: Automated Collaboration Governance Tool Policies
Once these business collaboration requirements have been identified, the next step to free up your IT team is setting up and automating governance policies. While Microsoft Teams does offer basic policy creation, IT teams still need to monitor and flag many security policies manually across multiple views to avoid hindering collaboration. Replace these time-consuming monitoring efforts with smart policies tailored to address guests, teams, or even lifecycle management. These policies can then be mapped to the various business unit requirements discovered in Step 1. Top policy management needs include:
- Dynamic Policy Adjustments: Select the appropriate set of teams for each custom policy. This solves IT’s original issue of either inhibiting employee productivity with strict standard security policies, or leaving their organization open to data theft.
- Policy Pre-Test: Test your new policies before they go live. IT teams can save pre-launch worry and post-launch time that would be needed to fix an imperfect policy by seeing how each will play out prior to implementation.
- Smart Policy Management: This is a key value to look for. AI-powered policy recommendations help teams discover existing policy improvements or needed new policies. Admins can simply log in and select improvements to implement immediately.
Defining and assigning these smart policies form a basis of measurement and compliance. For example, assigning an HR Benefits Team to the “secure internal” policy might reveal it’s out of compliance due to the presence of an @gmail.com guest user. When calculated across the entire set of collaboration workspaces, enterprises can finally measure a baseline collaboration compliance score. IT can then use this metric as an ongoing KPI, making ongoing improvements toward achieving a target threshold. How an enterprise achieves this target leads us to Step 3.
Step 3: Automated Workflows
Even with custom governance policies to streamline monitoring, the required follow-ups with guests, end-users, and teams can overwhelm admin bandwidth. A top priority is the ability to set up and automate custom workflows in collaboration governance tools to effortlessly bring teams in compliance with the smart security policies. Examples of automated workflow capabilities to look for are:
- Auto-email end-users who are the sole owner of a team to request that they add a second owner. This will safeguard against potential data loss, should that employee move elsewhere.
- Auto-escalate sensitive policies to admin dashboards for click-to-approve policy enforcement. This is the ideal workflow for critical policies that require sensitive handling but normally take time to enforce.
- Auto-forward guest user accounts to the service desk for follow-ups on removing or restricting these accounts. This will decrease opportunities for data theft and the resulting consequences.
Consider the transformational nature of achieving this operational governance state. Governance policies are aligned to the needs of the business, and business units are empowered to maintain compliance of their collaboration activities on an ongoing basis. This approach helps IT achieve its goals without constantly having to act as the collaboration middleman.
Collaboration Governance Tool: PowerSuite by Unify Square
With collaboration security demands growing exponentially, having the right collaboration governance tool is crucial. PowerSuite, Unify Square’s collaboration governance software, frees up your IT Team, all while ensuring a frictionless yet secure collaboration experience for your organization. Speak with one of our collaboration security experts to learn more.
Collaboration Security & Governance encompasses only side of PowerSuite’s capabilities. Learn more about PowerSuite’s Unified Communication & Collaboration platform here.