
Rawpixel.com - stock.adobe.com
As user ranks grow, governance of collaboration tools is a must
Even as companies evaluate more unified communications tools, they aren't keeping pace with ways to effectively govern how these applications are managed and deployed.
The last few years have seen an explosion in both the number and type of collaboration tools deployed within the workplace. Video conferencing and team messaging apps are now almost ubiquitous, with companies often using more than one app. At the same time, companies are adopting a flurry of new apps devoted to workflow management, virtual whiteboards, social engagement and information sharing.
As employees take advantage of these novel ways to engage with one another -- as well as with customers and partners -- governance of collaboration tools must keep pace to safeguard networks against the risk of unauthorized application access and data loss.
Emerging challenges include the following:
- controlling content generated within collaboration applications, including chats, recordings and transcripts;
- enabling safe access for customer, external team or project participants;
- ensuring consistent policy enforcement across multiple applications; and
- tracking licensing and costs of applications to avoid sprawl and redundancy.
Absent a proactive strategy for governing collaboration applications, companies place themselves at risk of data loss, reputational damage and financial vulnerability. Unfortunately, just 30% of companies had -- or planned to have -- a proactive unified communications security and governance strategy in place at the end of 2021, according to Metrigy's "Unified Communications Management and Endpoints: 2021-22" global study of 396 companies.
Ensuring successful governance requires coordination across many roles. Typical functions include the following:
- a governance lead or board that sets the rules for what is allowable and what isn't, often working in conjunction with line-of-business leaders; and
- a collaboration service lead (or leads) responsible for managing application implementations and enforcing security controls.
The governance lead often is part of a CSO team -- or reporting to the CSO -- and works closely with those responsible for compliance. Beyond these two roles, both governance and service leads may rely on input from partners, consultants and other subject matter experts.
Once the governance team is established, governance and collaboration leads must work together on the following:
- inventory applications that are in use or planned for adoption;
- understanding the potential risks and security capabilities of each app;
- creating security policies for access control, use and data loss prevention; and
- implementing security policies and ensuring enforcement by using either native controls available from application vendors or third-party tools designed to centralize and enforce governance policies across multiple applications.
Keeping the process in motion
Governance of collaboration tools doesn't just happen once. Instead, it must be a continual process as application capabilities change and new applications enter the workplace. Evaluating the security capabilities of each app goes beyond assessing available access controls. It must also encompass data storage, encryption capabilities and support for data retention. It should also cover contingency plans in case the application vendor -- especially if it's newer and smaller -- ceases operations.
Finally, governance and collaboration leaders must convey the rules of the road to employees. Ideally, a proactive governance strategy enables employees to know what is allowed and understand the process for applying for exceptions or approval of new apps.
In essence, an effective collaboration governance strategy ensures that the organization's security requirements are met, even as it rolls out new capabilities to improve productivity and engagement. Employ a well-rounded communication strategy to help employees avoid frustration, and ensure that everyone knows the risks, the protective measures being implemented and the process for gaining approval for new applications and features.