p0temkin - Fotolia


Protecting content from the enterprise collaboration black hole

As the need for enterprise collaboration grows, so does the need for security. Organizations need to understand when confidential content is at risk and how to protect it.

For most of us, enterprise collaboration is an essential part of work, and we need to be able to collaborate with colleagues inside and outside the company. Business would grind to a halt without it.

Increasingly, more and more collaboration is taking place outside the firewall, where security is often weaker or virtually nonexistent between suppliers, contractors, consultants and customers, as well as mobile employees.

The average organization shares documents with 864 external organizations, with 9.3% of those documents containing sensitive data, according to the "Cloud Adoption & Risk Report Q4 2016" by Skyhigh Networks.

Even one misrouted email or lost file could be costly. A single data breach costs the average U.S. company over $7 million dollars, according to the Ponemon Institute's "2016 Cost of Data Breach Study." While unsecured or lost files may not cost you $7 million, they can still be expensive, especially if those files contain a firm's trade secrets or sensitive customer data.

In an attempt to easily collaborate outside the firewall, employees sometimes use personal apps, often with weak security, circumventing the corporate file-sharing system. Employee dissatisfaction with hard-to-use corporate collaboration applications can be viewed as the driver behind this trend.

"People will use what's most efficient for them," advised Margo Visitacion, vice president for enterprise architecture at Forrester Research. She noted, as an example, "Smartsheet became wildly popular with workers because it's so easy to use. It takes off like wildfire in an organization."

Dimensional Research, an IT research firm, reported that 59% of knowledge workers face challenges with the tools their companies provide for enterprise collaboration, and 51%, said they use personal email accounts for work due to attachment limits or other issues. Another 51% said they use public document sharing tools for work collaboration. Only 38% said they always think of data security when collaborating externally.

"Three quarters of information workers need to collaborate with people outside their organization on a weekly basis, and this has spurred the adoption of cloud collaboration services," said Melissa Webster, vice president for content and digital media technologies at analyst firm IDC. "But consumer-grade file-sharing solutions aren't concerned with meeting regulatory compliance requirements or protecting confidential or sensitive data, or addressing data residency requirements."

Many consumer-grade file-sharing apps lack strong security, such as 256-bit Advanced Encryption Standard encryption for data at rest and in transit, multifactor authentication, auditing capabilities, granular permissions for files, and other enterprise-level features. Also, corporate IT can't monitor the usage of these apps or control their security. These personal apps are convenient and often free, but quickly become black holes for corporate internet protocol.

What's the solution?

The first step is to find out what apps are in use, and why. Then, invest enterprise tools with the same features and convenience, but stronger security.

Cheryl McKinnon, principal analyst in enterprise architecture at Forrester, advocated for making user convenience a priority.

"Map out two or three of the biggest use cases, and test it in the real world with users."

Another key feature to consider is mobile support.

"Mobile has had a tremendous impact on employee adoption," said Webster. "Generally, cloud-based apps have mobile support, unlike many on-premises, traditional applications."

Many consumer app providers have launched enterprise collaboration versions of their software, with better security and administrative control. Dropbox Business (originally Dropbox for Teams) launched in 2011, and Google Drive, SugarSync and Microsoft's OneDrive all now have business editions.

Some have out-of-the-box versions certified to comply with different industry regulations, such as the Federal Risk and Authorization Management Program, the Financial Industry Regulation Authority and HIPAA, noted Webster. They may also have built-in enterprise resource management (ERM) to protect downloaded files.

ERM provides file-level encryption and embedded permissions, so the content owner can control who can access a file and what they can do with it, such as save, print, take screenshots, copy or edit. The permissions can always be revoked later, if needed. Because the permissions are embedded, they travel with the file outside the firewall.

Another option is to send a link to the file on a secure server with password protected controls on viewing, saving, copying, etc. This is useful for mobile enterprise collaboration when a device is lost, explained McKinnon.

St. Petersburg, Fla.-based Power Design Inc., an electrical construction company, moved to Egnyte Inc.'s cloud-based Connect application two years ago to provide better security for its mobile workforce, as well as to enable easier file sharing between employees and external partners. The company previously used Dropbox to share large files, but it didn't, at that time, offer sufficient security.

"With 130 jobs at any given time, and hundreds of suppliers, general contractors, developers, architects and everyone else, we really needed a granular permissions model for our content," said Raghu Kutty, director of IT for Power Design.

Egnyte Connect is a cloud-based enterprise collaboration application with file-based permissions and the ability to send either links or encrypted files. Employees who need to download files onto their mobile devices, such as those heading out to a job site without cell or internet access, can erase the content remotely if the device is lost.

Administrators can also view who has downloaded what files onto what device, enabling them to flag activities that may be from unauthorized or unhappy employees. For digital content, where file-based permissions may not be part of the native application, watermarking is the best form of security, said Rob Marano, co-founder of The Hackerati, and a founder of two IT security companies.

It's important to keep in mind that, while security is a critical consideration, it's of little value if workers avoid the system. McKinnon advised carefully balancing security needs against user convenience.

"An extra security feature might be nice," she said. "But if it adds ten extra steps, employees will find a way around it."

Next Steps

Is enterprise collaboration finally getting street cred?

How collaboration helps companies inside -- and out

Slack rises to the top in the collaboration market

Dig Deeper on Collaboration platforms