What to look for in secure collaboration tools

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Despite monumental enterprise efforts to secure information, data breaches continue to top headlines, in part because of the way employees collaborate and share data. What's needed are enterprise-level secure collaboration tools.

The growth in mobile tech, the consumerization of IT and the rise of cloud computing are creating additional security challenges. Never before has the need to equip users with a secure, easy way to share information been as important, because if IT doesn't do it, users will take matters into their own hands.

TEST YOUR SAVVY: The data breach quiz

In many regards, they already have. From 2008 to 2010, mobile storage devices including USB thumb drives, CDs and DVDs became common vehicles for transferring large amounts of data. Simple to use and relatively inexpensive, these devices were the ideal IT workaround for business users not wanting to deal with complex FTP servers.

A steady stream of news stories has raised awareness of the security and compliance risks associated with these devices and how easy it is for them to be misplaced, lost in transit or stolen.

During this same time frame, a growing number of consumer technologies began making their way into corporate environments, like peer-to-peer (P2P) services then enable users up against a tight deadline to send an email that the corporate email system rejected as too large.

Today personal smartphones and tablets are penetrating the workplace in increasing numbers. Included on these devices are often free and low cost consumer apps that employees have downloaded for personal use.

Business users are quickly embracing the anytime, anywhere data access that these devices offer. They're accessing email, file sharing and other collaboration services from almost any device, especially iPads, which few enterprises have authorized for use.

Regaining control

Employees need to do their jobs; IT needs to equip them to do so by offering "whitelisted" or approved apps that answer the same need, while providing IT the necessary control and insight over corporate data. [Also see: "AT&T's Toggle to deliver enterprise apps to Android phones"]

The collaboration and file sharing space is quickly growing as established enterprise veterans, startups and consumer-focused providers answer the growing need for mobile file sharing solutions. When conducting your search, it is important to remember not all collaboration tools are equal. There is a vast difference between those developed for consumers and those developed specifically for enterprise organizations. To help IT regain control over corporate data being shared via mobile devices, consider the following:

Businesses require more than just a freemium, public multi-tenant cloud solution. Meeting the needs of enterprises requires choice of where to store data, particularly sensitive information (organizations in EMEA do not want data stored in the U.S.).

Allowing employees to sign up for individual file-sharing accounts exposes organizations to significant data security and compliance risks. Because IT has no visibility or control over the information being accessed or shared, it is impossible to know just how exposed an organization is to a data breach.

Enterprise-level solutions provide IT with the necessary visibility and control to monitor and manage what information is being accessed, by whom and when, so the enterprise can comply with industry regulations, such as SOX and HIPAA, that require monitoring and reporting systems to be in place. Utilizing security controls, IT administrators and business users can set policies to prevent files from being forwarded to unauthorized users. [Also see: "Warning: HIPAA has teeth and will bite over healthcare privacy blunders"]

When looking for a solution, make sure you have the ability to set automated security policies to validate recipients, set workspace and file expiration dates as well as multi-tier access and permissions to workspaces and files. With file access monitored and logged, demonstrating compliance will no longer be an issue.

Other things to consider:

* Mobile apps should have an intuitive interface and be available for common mobile platforms, such as Android, Apple iOS and BlackBerry. When security solutions are easy-to-use, employees use them, rather than looking for workarounds that might put confidential data at risk.

* When considering your options, do not overlook file sizes. If the solution you select does not accommodate the sharing of large files, you risk users turning to non-secure, unmanaged applications.

* Server-based security, as compared to client-based security, will help you avoid the daunting task of having to configure an ever-changing collection of hundreds or even thousands of mobile devices. Server-based security also enables administrators to enforce changes to security policies immediately. For example, to disable mobile access for an ex-employee, the person's mobile phone is not required. With server-based security, IT can simply turn off access through an administrative dashboard.

* Employees need to collaborate not only with colleagues but also with external users, such as business consultants, ad agencies, industrial design firms, legal counsel, and other types of business partners. Therefore it is important the solution you select supports cross-boundary collaboration, so mobile users can work with all members of a team, including external users.

Integration with your existing IT infrastructure, such as LDAP directories, active directory services, archiving systems, content management systems, data loss prevention (DLP) systems, mobile device management and digital rights management systems is essential.

The ability to integrate your existing directories ensures access controls are consistently enforced across all IT services, while integration with archiving and DLP systems enables collaboration services to be part of broader data security initiatives and practices. In addition, the ability to plug secure file sharing capabilities into an existing content management system, such as SharePoint, to enable internal-external collaboration and mobile access enables centralized tracking and reporting of file sharing across the enterprise and leverages existing investments

With an enterprise-level collaboration and file sharing solution in place for mobile devices, the temptation for users to use free Dropbox-type applications is eliminated. IT administrators can manage and audit file sharing, ensuring that business users are complying with security policies; and IT managers and compliance officers can be confident that compliance mandates are being met.

Paula Skokowski is the chief marketing officer for Accellion, a pioneer and leading provider of enterprise-class secure collaboration and managed file transfer solutions. You can contact the author at paula.skokowski@accellion.com.

Copyright © 2011 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022