kras99 - stock.adobe.com
The rise of hybrid work since 2020 has driven an arms race among unified communications, or UC, and collaboration vendors to add new features to their offerings to achieve competitive advantage and differentiation.
Gone are the days when IT shops would undergo long change processes to test new capabilities before rolling them out to their employees. Now, thanks to Agile software development coupled with cloud-based applications, new features are often pushed to users before IT can properly test or prepare for the updates, as well as address governance and compliance needs.
According to Metrigy's "Unified Communications Management and Endpoints: 2021-22" study, 77% of nearly 400 companies surveyed lack a proactive collaboration security strategy. This means most companies are unequipped to evaluate collaboration application features and recognize potential security risks.
Metrigy also found that 15% of respondents currently respond to these risks by disabling collaboration features, while another 13% are considering doing so. Let's examine the most commonly disabled collaboration features and understand why organizations may choose to disable them.
1. Guest accounts
Guest accounts enable users outside an organization to log in to collaborative workspaces. However, guest accounts can be difficult to manage. For example, guest users who leave their job may still retain access to shared files and chats, or their account can become compromised. Many organizations lack governance strategies that automatically disable inactive guest accounts or validate that guests are still active.
Metrigy's research showed most companies are moving away from guest accounts and toward federated access. This strategy enables IT security leaders to set approved lists and ensure that only validated accounts from trusted partners can access internal collaboration resources.
2. Meeting recording and transcription
Recordings and transcriptions can create some potential vulnerabilities, like when meeting participants are unaware they're being recorded -- although many meeting apps now alert participants when a recording is in progress. Meeting hosts must also ensure that recordings and transcripts are properly protected against inadvertent sharing or distribution.
Disabling recording removes these risks for companies that lack solid governance strategies or for companies where meetings contain discussions of sensitive topics or personally identifiable information they do not wish to have recorded.
3. In-meeting chat
Some organizations, especially those that conduct meetings, events or classes involving public attendees, often disable in-meeting chat between participants to prevent disruptions or harassment in chats, such as Zoombombing.
4. Team collaboration
Most UC platforms now include some sort of messaging capability, but companies often disable native messaging services if they already use another messaging app. Disabling additional team collaboration apps reduces the risk of unauthorized apps being used outside of IT control and policy enforcement.
5. Virtual whiteboards
Companies may wish to disable built-in virtual whiteboard apps if they lack the means to protect potentially sensitive content generated on them, such as product designs or other intellectual property, or if they have standardized a different, standalone virtual whiteboard app.
To minimize risk and achieve maximum flexibility for employees using collaboration tools, companies should establish proactive collaboration security strategies to assess and protect against potential risks. Consider whether risk mitigation involves disabling certain collaboration features in your environment.