February 20, 2017 | Written by: Judith Hurwitz
Share this post:
The risks of consumer collaboration tools
Collaboration platforms can transform the ability of your extended team to create new value for your company. While these collaboration platforms are becoming commonplace, they expose organizations to risks that can potentially have serious consequences for the business. Because of the self-service and ease of use of consumer-oriented collaboration platforms, business users often begin using freely available collaboration tools when working together. In most cases well-meaning employees simply want to get their job done more efficiently and never consider the security implications of consumer-oriented collaboration platforms. In this blog, we will explain the nature of these risks and how your company should be prepared to protect the value of your company’s intellectual property.
You can learn more in the infographic “Collaborating out of the shadows.”
Here is a real-world example. You may have employees using a popular online virtual drive as a way to create, store and share documents. The team is drafting detailed specifications for a new product offering, including documents, spreadsheets and customer presentations. These materials also include detailed and confidential information regarding the positioning of the new product, pricings and potential client prospect lists. The team chose this virtual drive because they all have accounts with it and were familiar with its capabilities. It never occurred to the team leaders to discuss the product offering details with the company’s security office. As the project progresses, it comes to the attention of the Chief Information Security Officer (CISO) that the business initiative is about to launch. While he is supportive of the product offering and does not want to create road blocks, he voices strong concern over the team’s use of their personal accounts with that virtual drive. In fact, he points out a specific paragraph from the terms and conditions that has caused him concern:
“Your Content in Our Service: …. When you upload, submit, store, send or receive content to or through our Services, you give [company name] (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services ….”
While the implication is that the company will only use your content to improve the way its services are delivered, the scope of use is not explicitly defined. Most consumers have nothing to worry about. However, if you are working within a commercial company there is at least a small chance that your intellectual property could be exposed. Even more troubling is that you have no control or visibility into who can access, view, and potentially modify your data.
It is important to educate employees that collaboration shouldn’t be an ad-hoc process. Although groups may not think about the security around the data they are sharing, it is likely that it contains important intellectual property. In addition, each of their contributions to the collaborative environment may contain valuable IP. The environment may have data that is critical to a company’s success or failure.
Consumer cloud collaboration tools are made up of sophisticated technology and often contain some level of security; however, the security tends to be monolithic. The security offerings typically do not allow users to have the granular controls or management that enterprise-level collaboration tools allow. For example, files might be encrypted, but a user cannot control where the encryption keys are held or what level of encryption is used.
The following are three areas where consumer collaboration tools typically fail to meet the demands of enterprises:
- You need to maintain a chain of custody in terms of who is viewing content and who is making changing that content. You may want to also know who has downloaded content to their local system.
- If a project is active for a limited time (e.g., M&A due diligence) you’ll want to make sure the content is not accessible after a certain time.
- You may want to control regions that can or cannot access content. For example, for highly sensitive data you may want to only allow a certain range of IP addresses to access data. For other projects you may want to restrict certain geographic regions from accessing data.
The way you manage your collaborative environment will make a difference in the safety and security of your most important assets: your intellectual property such as your strategic plan or your designs for new products and services. You might be sharing sensitive information about customers that needs to remain confidential. Often employees leveraging collaboration platforms are not in tune with the risks of managing data securely. Typically, these employees may not realize, for example, that customer information contained in a document should be highly restricted and protected. Therefore, you need to begin with education. Providing employees with an intuitive collaboration platform that provides the right level of security needs to be part of your strategy.
In the next blog in this series we will examine specific areas where consumer-oriented tools fail to meet the security needs of businesses.
To learn more, view the infographic “Collaborating out of the shadows.”