Increasing Collaboration at Work While Reducing Security Risk

Authored article by: Alessandro Porro, Senior Vice President, Ipswitch

Security is your responsibility
Employees sharing personal and private data internally and externally is a constant stress area for security teams and IT operators in today dynamic organisational set ups.The proper tools and technology are necessary to make collaboration as seamless as possible, both internally and externally without sidestepping data security.

Encouraging Collaboration While Discouraging Shadow IT
Ask any manager or any worker what they consider a crucial aspect of ahealthy workplace, and you will for sure hear the word collaboration, or its synonym:team work.

And why not!Team work is essential to a happy, functional office, and increasing collaborationshould always be a priority. With the advent of cloud computingand platform as a service,it gets easier to collaborate every day.

But unfortunately, there’s a downside to all this. Without the proper precautions in place, anopen, collaborative environment can also be an insecure one— especially where sensitive datais involved.And it’s import ant to note that sensitive data doesn’t just mean things like credit card numbersand medical data anymore. We are living in the age of the GD PR and other data protectionlegislation like the new California Consumer Privacy Act of 2018. Therefore, even a salesspreadsheet that includes phone numbers and email addressescan cause massive compliance issues, fines, and securityproblems, if handled improperly.

With that said, it should be a given that IT wants to make sure everyone can collaborate effectively to get the job done as quickly and effectively as possible. But unfortunately, other departments don’t always see it this way. Too often, OT can be seen as a bottleneck for collaboration or productivity which causes employees to turn to shadow IT to achieve their goals.

For thatreason, there needs to be a happy and secure balance which it comes to collaboration. End users always favour the tools they are most comfortable using. If it isn’t careful, however, these tools may pose a huge risk to the security of business data. For instance, one of the biggest menaces when it comes to shadow IT is enterprise file sync and share (EFSS).

EFSS is one of the mostpopular types of file sharing tools, but there is a dark side toallowing these tools to flourish in the workplace.

What Data Says About Ad Hoc File Sharing
The term “Ad Hoc” is Latin and means “for this.” The term has evolved to meansomething created for the moment in an unplanned way. Left to make the decision forthemselves, most end users would choose an ad hoc means of sharing data ordocuments with peers, customers and partners. They tend to choose the tools theyare familiar with such as email, Drop box or Google Drive. They tend not to think aboutthe potential security implications of these choices.

As an IT professional, you should be aware of the security and compliance risksassociated with Ad hoc file sharing tools. You also need to make sure that thecollaboration tools available to your end user s are as convenient and easy-to-use asemail and EFSS. 
Why Do Businesses need to Limit or Replace EFSS?
FSS tools are great. Let’s not take away how much EFSS has changed the way peoplecollaborate and share content. It has helped bring cloud storage mainstream, but thesetools were designed for personal use, and the corporate use cases were not completelyunderstood at the time of EFSS’s conception. If you consider the security risks involvedwith end users sharing sensitive data via E FSS, it quickly becomes apparent that asecure alternative is required. Users must be trained to recognize the risk to thecompany of sharing sensitive data using tools that are not adequately secure orcontrolled. They then need to be offered a secure collaboration tool to use in caseswhere the data being shared is proprietary, confidential or controlled by industryregulations.
Ironically, if your organizationdecided to outright ban Drop boxor Google Drive, you run thegambit of alienating employeesand increasing shadow IT withinyour business. It’s a double-edgedsword. Instead, IT team s shouldlook to limit the use of E FSS andemail to moving large non-sensitive files quickly. An example of a greatEFSS use case that doesn’tcompromise security is marketingmaterials, such as images andvideo. But the problem persists thatIT can’t properly control andmonitor data sent to outsidesources via E FSS and email.

EFSS and Email areNon-Compliant
In many industries, IT teams areforced by regulatory compliance tocontrol and report on exactly who is sharing what data with whom. You would be hard pressed to find a company that didn’t have to meet some form of regulatory compliance. Many of these organizations havealready turned to Managed File Transfer as the preferred means of sharing sensitive data. And toprovide a similar level of ease of useto end user s as available from toolslike email, Dropbox or Google D rive,they rely on Secure Folder Sharingfor secure collaboration.

Managed file transfer is a tool that allows the encrypted movement of files and folders across the wire and at rest. A proper MFT solutions includes security controls for data in transit aswell as visibility to document sharing activities and an audit trail showing themovement of sensitive data.