Collaboration security and governance must be proactive

The last few years have seen an explosion in both the number and type of employee and customer engagement apps deployed within the workplace. The modern communications and collaboration environment includes not just voice calls and video meetings, but also team messaging, collaborative workspaces, social engagement, virtual whiteboards, project and task management and even self-created apps for workflow and task management.

In addition, generative AI enables apps themselves to create content in the form of summaries, recommendations, action items and transcripts for live calls and meetings, as well as presentations and documents from notes and data. In the contact center, generative AI provides live coaching as well as call summaries and transcriptions.

As employees take advantage of these novel ways to engage with one another -- as well as with customers and partners -- collaboration security and governance must keep pace to safeguard networks against the risk of unauthorized application access and data loss.

Emerging challenges include the following:

• Controlling content generated within collaboration and contact center applications, including chats, recordings, transcripts and summaries.
• Enabling safe access for customer, external team or project participants.
• Ensuring consistent policy enforcement across multiple applications.
• Tracking licensing and costs of applications to avoid sprawl and redundancy.

Without a proactive strategy for governing collaboration applications, companies place themselves at risk of data loss, reputational damage and financial vulnerability. Unfortunately, just 37% of companies had -- or planned to have -- a proactive collaboration security and governance strategy in place in early 2023, according to Metrigy's "Workplace Collaboration: 2023-24" global study of 440 companies.

Building a proactive collaboration governance strategy

3:56

Ensuring successful governance requires coordination across many roles. Typical functions include the following:

• A governance lead or board that sets the rules for what is allowable and what isn't, often working in conjunction with line-of-business leaders.
• A collaboration service lead (or leads) responsible for managing application implementations and enforcing security controls.
• A compliance officer (or team) responsible for developing and implementing information classification and retention policies.

The governance lead often is part of a CSO team -- or reporting to the CSO -- and works closely with those responsible for compliance. Beyond these roles, governance, service and compliance leads may rely on input from partners, consultants and other subject matter experts.

Once the governance team is established, governance, collaboration and compliance leads must work together on the following:

• Inventory applications that are in use or planned for adoption.
• Understanding the potential risks and security capabilities of each app.
• Developing compliance policies based on appropriate regulations and information retention needs.
• Creating security policies for access control, use and data loss prevention.
• Implementing security policies and ensuring enforcement by using either native controls available from application vendors or third-party tools designed to centralize and enforce governance policies across multiple applications.