Perimeter-based security strategies continue to become more obsolete as organizations adopt cloud technologies and SaaS applications like Zoom, Slack, Microsoft Teams and more in the workplace. As the security landscape evolves to be less binary, business’ understanding of security and risk must evolve, too.
In March 2020, we witnessed IT infrastructures disband entirely as a global pandemic pushed employees to work from home and organizations towards a digital transformation. This shift initially created gaps between IT and security maturity. IT teams were asked to get tools in place for file sharing, video conferencing, and remote collaboration without any security considerations. But as these technologies were implemented, it wasn’t long before we started seeing cracks in the foundation.
It became critical for organizations to enable employees with the technology required to be productive, efficient and connected. Strategic security leaders followed suit, enabling the business by ensuring the security and visibility of data that moved on and off the corporate network.
IT, step aside — HR owns the digital workplace now
Collaboration tools have changed the nature of how we work. Data is more portable than ever, and not everything can happen on the network.
While most companies have embraced collaboration tools and SaaS applications at some level, the use cases for these tools continue to evolve. As an example, if an organization originally implemented Zoom for HR interviews and sales calls, it may find that other departments operating in a fully remote or hybrid setting prefer — or even require — Zoom over traditional conference calls for internal team meetings. As we consider the shift to a virtual workforce, it should be HR in the driver’s seat, steering the strategy on what the optimal employee experience should look like. IT’s role isn’t to raise objections; it’s to support that strategy with the tools and training to empower employees and facilitate collaboration.
Furthermore, as companies move to the cloud, tools like DocuSign, JIRA or Zendesk help ensure business continuity, especially across global, remote or hybrid workforces. Security teams should understand that choosing not to embrace these tools paves the way for shadow IT. If authorized tools are too restrictive and slow or lack important features to accomplish regular tasks, they’ll find themselves playing a game of “whack a mole,” trying to stop employees from downloading the unsanctioned apps that they need to get their jobs done.
When considering security’s role in your digital workplace strategy, think of them as the drummer in your band. They are critical in keeping the tempo, but generally speaking, it’s their role to cover the bases in the background outside the spotlight when it comes to establishing and maintaining a collaborative culture.
Toe the line of collaboration and securing corporate data
Legacy security and data loss prevention (DLP) tools have been in place for years to handle on-site collaboration and work environments. With the rise of the knowledge worker and an increasingly remote workforce, teams have adopted Google, Zoom, Slack and Microsoft Teams as part of their daily operations. These tools that workers use to collaborate serve as popular vectors for not only sharing information with colleagues, but also exfiltrating data.
While most users are aware of their organization’s data security policies and appropriate practices for data sharing, they may not understand how these policies apply to new tools. Controlling risk is best accomplished by making secure collaboration easier for users — not creating barriers that users will circumvent in an effort to get their job done.
It’s all about access — create accountability across the organization
Managing risk is the responsibility of everyone within an organization, but what does that really mean? If you’re itching for new technology to aid collaboration or help you be more efficient in your job, consider the bigger picture and engage your security business partner so they can help you identify how you can best achieve your objectives. A few questions to think about:
- Does this tool or technology support broader enterprise goals?
- What will this tool help me accomplish? Are there other tools within the organization that can do the same thing?
- What are the potential risks of introducing a new tool?
Keep in mind that having too many niche technologies helps no one. End users don’t have time to spend learning new tools. They want to stay productive and get their work done, so it’s more efficient if certain technologies help meet multiple needs across an organization. CISOs have become increasingly strategic and have largely risen to the occasion of quickly adapting security priorities and workflows to a collaborative workforce. Features like two-factor authentication, encryption and logging ensure the right controls are in place organizationally. Then additional, more granular controls may be considered for applications posing greater risks, such as those with data being accessible by third parties.
Upon implementation, security teams can incorporate best practices and tips in ongoing security awareness training so users know how to do their job securely. Users should understand how security controls apply to both the tools that your organization is managing — such as Zoom or Microsoft Teams — as well as the ones they aren’t. You want them to be equipped to protect themselves and the data they work with regardless of the tools they’re using. Simple practices such as setting passwords in video conferencing tools for internal meetings or using unique links for candidates during HR interviews can keep vulnerable data and information from being compromised.
Collaborative technologies are a game-changer. However, once you have them in place, don’t lose sight of the risks that these technologies can pose to your organization and the importance of using these tools correctly. Whether the catalyst for change was the COVID-19 pandemic or your organization has been undergoing a digital transformation for quite some time, these tools are here to stay. As the old saying goes, “You can’t put toothpaste back in the tube.”