As user ranks grow, governance of collaboration tools is a must

The last few years have seen an explosion in both the number and type of collaboration tools deployed within the workplace. Video conferencing and team messaging apps are now almost ubiquitous, with companies often using more than one app. At the same time, companies are adopting a flurry of new apps devoted to workflow management, virtual whiteboards, social engagement and information sharing.

As employees take advantage of these novel ways to engage with one another -- as well as with customers and partners -- governance of collaboration tools must keep pace to safeguard networks against the risk of unauthorized application access and data loss.

Emerging challenges include the following:

• controlling content generated within collaboration applications, including chats, recordings and transcripts;
• enabling safe access for customer, external team or project participants;
• ensuring consistent policy enforcement across multiple applications; and
• tracking licensing and costs of applications to avoid sprawl and redundancy.

Absent a proactive strategy for governing collaboration applications, companies place themselves at risk of data loss, reputational damage and financial vulnerability. Unfortunately, just 30% of companies had -- or planned to have -- a proactive unified communications security and governance strategy in place at the end of 2021, according to Metrigy's "Unified Communications Management and Endpoints: 2021-22" global study of 396 companies.

Ensuring successful governance requires coordination across many roles. Typical functions include the following:

• a governance lead or board that sets the rules for what is allowable and what isn't, often working in conjunction with line-of-business leaders; and
• a collaboration service lead (or leads) responsible for managing application implementations and enforcing security controls.

The governance lead often is part of a CSO team -- or reporting to the CSO -- and works closely with those responsible for compliance. Beyond these two roles, both governance and service leads may rely on input from partners, consultants and other subject matter experts.

Once the governance team is established, governance and collaboration leads must work together on the following:

• inventory applications that are in use or planned for adoption;
• understanding the potential risks and security capabilities of each app;
• creating security policies for access control, use and data loss prevention; and
• implementing security policies and ensuring enforcement by using either native controls available from application vendors or third-party tools designed to centralize and enforce governance policies across multiple applications.