Most enterprises have much to gain from supporting collaborative working. For those founded on R&D it is pretty much second nature: proprietary tools support internal capabilities, uptake of social platforms encourages user participation.
Such organisations quickly pick up, pilot and absorb – or drop – iterations as they launch, and Corporate IT Forum members regularly share results and views on effectiveness (‘Yammer’ being a case in point as I write).
Commercial relationships with external organisations, too, can benefit from a collaborative approach, particularly in the drive to foster innovation. But it is this process of external collaboration that most often raises challenges in meeting security and data standards, and it is vital to appreciate that, by and large, it is not the tools used for collaboration that create risk, but rather the environment they operate in. For example, in the Cloud, or across geographies.
A recent Forum workshop addressed this issue of third-party collaboration, asking questions such as how practical is working across and beyond boundaries? Does the actual reward outweigh the potential risk? How are enterprises bringing partners and suppliers inside the firewall while still keeping all parties’ sensitive data protected?
It concluded that for many, the de-perimeterisation of the network has already happened and the natural consequence of collaboration with partners and suppliers is that they are effectively already inside the firewall.
“It just means that you do not know where the edge of your, or their, network is.” Even greater reason to protect sensitive data, and for all parties to provide assurance that their interconnectivity is not introducing unacceptable risks, and that their partners’ partners are not a risk liability.
But Forum members are keen not to reinvent the wheel when faced with this apparent ‘new’ security risk, but to apply the recognised good practice of existing security principles:
Know the Data: manage data based upon classification. Use ‘read-only’ where appropriate and screen scraping tools
Know the Users: IDM/IAM. Modify the data view according to access location
Know the Systems: have endpoint assurance
Do not trust the Network: monitoring and management. Enforce security protocols
Apply these principles anywhere, including in the cloud, whether public or private – and do not forget to support the principles with monitored audit trails.
Ollie Ross is head of research at The Corporate IT Forum.
More on secure collaboration:
Security Think Tank: How to share data securely
Security Think Tank: Enable collaboration by putting data at the heart of security
Security Think Tank: Collaboration without compromise
Security Think Tank: Secure and seamless collaboration key for business
Security Think Tank: Secure collaboration not just about technology
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK
This was first published in May 2014