Unified Communications Tools Complicate Security Picture
Security measures related to unified communications and collaboration (UC&C) have made it harder for employees to do their jobs, even as companies are increasing the number of restrictions or security policies for using UC&C apps since the beginning of the pandemic.
These were among the results of Unify Square’s Status Report: Workplace Collaboration 2021 survey, which also revealed a lack of cybersecurity threat awareness is contributing to the trend of employees bypassing their IT departments.
The survey also found that over 2021, organizations and employees adopted multiple UC&C platforms, with most survey respondents reporting using three or more. The most popular platforms were Zoom and Microsoft Teams, which both experienced growth in use from 2020 to 2021.
Scott Gode, CMO and chief product officer at Unify Square said there are three key considerations organizations need to balance when looking to implement collaboration security.
The first is to consider the overall business risk profile with regards to collaboration data integrity, while the second is determining whether or not the right tools are in place to allow the organization to both monitor and then optimize a collaboration platform when it comes to security issues.
“Third, it is important to assess whether current security issues/challenges are a result of the collaboration apps and associated policies, or, rather, a result of insufficient end-user training and education regarding how to use the platforms,” he said.
Unified Communications Blind Spots
Gode explained the three biggest collaboration security blind spots are guests, team owners (or lack thereof) and identity management.
Guests are unintentional external access “lurkers” who are part of teams or discussion threads and who may have been given inadvertent access to classified chat information or shared documents.
Owners can act as part of the extended IT team to create a life cycle management process to guard against orphaned teams and minimize sprawl. And identity management is all about policies (e.g. team naming conventions) and life cycles for directory objects to help minimize sprawl and focus governance.
“The complexity of these blind spots has increased exponentially as remote and hybrid work have grown,” Gode said. “The need for ‘quick’, the increase in collaboration and unified communications app usage and the lack of user training have exacerbated collaboration risk.”
Nearly half of the IT executives surveyed reported their organizations have not increased the number of restrictions on or implemented policies for how employees can use unified communications or collaboration apps since the beginning of the pandemic.
“This lack of change indicates either a lack of awareness or analytics regarding what potential issues may be lurking out there, or a lack of tools access to or awareness of software tools which are able to create the fine-tuned policies necessary to ensure security while at the same time not impacting productivity,” Gode noted.
He said the key stakeholders related to collaboration security depend on the organization and how collaboration is used/managed—it could be any subset of IT, infosec, legal and compliance, digital workplace and so on.
“By using monitoring tools to first visualize and measure how people, locations and data work in various mini-ecosystems, IT can then create a governance model which aligns with the organization and which anticipates the life cycle needs of teams and their data flows,” Gode said.
UC&C Governance
Because collaboration is fluid and dynamic, so, too, must be the governance model which addresses it.
“Often there is a set-it-and-forget-it approach to collaboration security, when, in fact, what is needed is a constant cycle of policy review with key stakeholders,” he said. “Adopting tools which allow IT access by site, department or geography and which also allow policies not to be funneled into a one-size-fits-all model provides for targeted governance and maximized user flexibility.”
Gode pointed out that many organizations believe that current their current system of perimeter security apps/safeguards are good enough and will also guard against collaboration platform security issues.
“Alternatively, they may not have performed a security audit of their governance model which asks key questions regarding how collaboration apps are used,” he warned.
Many organizations may also believe that the native administration tools provided by the collaboration platform providers are “good enough” to allow for the monitoring and analytics required.
“Finally, the quick growth of collaboration use may have taken many organizations by surprise,” he added. “Many are still catching up with respect to both monitoring and end-user training.”
