Many enterprises are asking their employees to use collaboration platforms to improve internal communications and share information, but collaboration security is becoming a major problem for many of these
Users often disregard the security implications of sharing information from internal collaboration tools because these technologies become just another tool they use every day, according to Ashish Kudsia, global IT director at Christie Digital Systems.
“Information and intellectual property can easily slip and be uploaded that should not have been,” Kudsia said. “Gradually, information will get [uploaded] that should not have been there. And someone that was given permission six months ago might still have permission now that [they] shouldn’t.”
“As more sensitive information goes onto SharePoint, we would like to see what security and auditing options we have so we can implement those options,” he said.
SharePoint security and collaboration security are common problems
A SharePoint security study released this month by Swedish IT security provider Cryptzone Group revealed that a significant number of Microsoft SharePoint users are an immediate security risk to their employers. While 92% of respondents said they are aware that taking documents out of SharePoint is a security risk, 30% of them said they will still do it if it helps them do their jobs.
Cryptzone surveyed 100 users, administrators and developers about SharePoint security at the SharePoint Saturday UK conference last November. Of the 45 respondents who admitted to copying data off SharePoint, 34% said they never considered the potential security implications, while 13% said they believed it was not their responsibility to protect company information.
SharePoint, like other collaboration and information sharing platforms, collects enormous amounts of corporate information -- including financial data and intellectual property -- and indexes and structures that information, said Jamie Bodley-Scott, system integrator at Cryptzone. While these platforms can be very helpful to remote workers or employees who bring their work home, collaboration security problems can crop up due to the “sheer amount of data that can be accessed and lost,” he said.
Collaboration platforms offer an easier way to search for information that was previously stored on network drives. Employees can find the data they need quickly, but then they download it to their local hard drive or a USB device. Users often access far more data then they may need.
“Employees are easily finding information and taking anything they think might be useful,” Bodley-Scott said.
SharePoint security and usage policies commonly violated
Users are also improperly sharing the data they pull out of collaboration tools. Fifty-five percent of survey respondents admitted to sending files they downloaded from SharePoint to third parties without SharePoint access -- a violation of the SharePoint security policies that enterprises typically have in place.
Cryptzone said enterprises should consider providing third-party partners and customers role-based access to collaboration platforms. Fifty-six percent of respondents said that third-party organizations do not have access rights to their collaboration environments, forcing employees to share data with outside users when they collaborate.
Educate users to improve collaboration security
The first step to improving collaboration security is raising awareness. Bodley-Scott said training, coaching and ongoing engagement with users will improve collaboration security and ensure employees are utilizing the system the way the company intended.
Education isn’t the sole responsibility of the IT department, Bodley-Scott said. While IT managers understand security, they may not understand all the business use cases that individual departments have for collaboration tools.
“With products like SharePoint, it’s hard to implement [them] in one way that will be good for everyone,” Bodley-Scott said.
Many collaboration platforms are highly customizable, so enterprises should consult with business leaders during implementation. Individual departments within a company can decide which features and functions they want enabled and who will have access to the platform.
“Treat [the collaboration platform] as more of a business process tool rather than a replacement for a network drive,” he said.
But education must happen in parallel with other collaboration security measures, said Kudsia, including more in-depth and frequent security audits and reports detailing which users are accessing certain information.
“Security is a tricky thing, and [companies] have to be at it all the time,” Kudsia said.
Cryptzone urges organizations to look into how both administrators and users access sensitive data, and enforce data loss polices to prevent security breaches resulting from irresponsible behavior.
“If [companies are] going to fill the [collaboration] tool with somewhat sensitive information, then they have to question whether they need to add other dimensions to the security model in order to make sure certain people don’t have full access to information that normally they wouldn’t have access to,” said Bodley-Scott.
Let us know what you think about the story; email: Gina Narcisi, News Writer.