Monday, April 28, 2014

Cloud-based collaboration: It's better together

Rebecca Bailey
Senior PR & Marketing Executive
Egress Software Technologies Ltd.
Aside from data security concerns, a topic we recently examined here, online (Cloud-based) collaboration sites can also present IT management and integration issues. For many, such sites are seen as separate from traditional email and file transfer systems, meaning they are procured, developed and managed differently, with solutions kept in insolation from one another.

By taking this approach, however, organisations risk adding layers of complexity to their IT infrastructure – resulting in data silos, additional ongoing management overhead and low end-user take up.

Systems in silo

In the absence of a centrally managed solution, end-users often select collaboration sites on an ad-hoc basis, away from existing solutions for email and file transfer. Consequently, IT staff and senior managers end up with another system to manage and reduced visibility over what information is being shared where and with whom, both inside and outside of their organisation’s network boundary. Similarly, managing multiple sets of credentials for different collaboration, email and file transfer systems can create problems for users, who may resort to using other, less secure file sharing mechanisms as an answer to this. Not only does this heighten the risk of data breaches but it also impacts efficiency – one of the very reasons these services are used in the first place.

Moreover, even when solutions are procured centrally, if they don’t integrate with existing infrastructure, organisations will continue to risk added complexity and, consequently, the cost-effectiveness of their chosen solution.

The benefits of an integrated approach to online collaboration

To simplify this process and increase control over the information that employees are sharing with internal peers and external third parties, an integrated approach to data management must be taken.

This potentially involves procuring online collaboration solutions as part of a broad information sharing platform that also includes email and file transfer functionality. Moreover, it is also important that collaboration tools integrate well with an organisations’ existing IT infrastructure, such as archive and document management systems, to improve workflow and business processes.

Cloud solutions are championed for increasing efficiency and reducing costs – however a disjointed approach to procuring such platforms risks jeopardising these benefits. 

Thursday, April 24, 2014

Cloud-based collaboration: Golden goose or white elephant?

Rebecca Bailey
Senior PR & Marketing Executive
Egress Software Technologies Ltd.
Have you ever stopped to consider the sensitivity and potential value of the information you disclose using one of the many widely available, online collaboration and file sharing websites?
The go-to solution for multiple email threads and file transfers, as well as for improved project and document management between co-workers and external third parties, collaboration sites have grown in prominence within business. Offering the ability to edit in real time and check in / check out documents, these sites seem to solve many business challenges, such as efficiency, cost overheads, and sharing information from private networks without numerous emails and file transfers.

While these sites all claim to have invested heavily in security and authentication mechanisms designed to keep user data safe, recent stories in the press have caused many to question this:

Understanding the security threats

Typically, security breaches can be routed back to one of the following causes –or in some cases, both.

Access control

By their very nature, collaboration platforms have been designed with ease of access in mind. Internal and external access to documents and information enables users to share content and work collectively on files, which in turn offers substantial efficiency and cost saving potential. However, if insufficient access control mechanisms are put in place, the risks to data protection can be significant.

In many cases, once a user has gone through the initial authentication process steps, there is nothing to stop them from sharing personal or commercially sensitive data with an extended group of external third parties. Additionally, with no auditing or tracking capabilities, in many cases an organisation’s IT team will have little to no visibility over what information has left the corporate network.

This reduced control also extends to the types of devices and applications that are used to access the data. With links being forwarded to different email addresses, for instance, sensitive information can be downloaded onto personal laptops. This is not only a concern due to potential malware or viruses existing on these devices, but also means that individuals can continue to access certain information after they have left a project or, even, the company.

The hacker / cyber security threat

The recent disclosure of the Heartbleed bug and the ease with which hackers have bypassed the security / authentication mechanisms of many websites that were previously perceived as secure raises a more fundamental security concern. As Dropbox found out when they were hacked two years ago, the consequences of unpermitted users gaining access to unencrypted data can be disastrous. An attentive reading of the security credential webpages of many online collaboration service providers shows that although they may have taken measures to protect data in transit using TLS, very few have taken steps to encrypt information at rest.

A secure approach to online collaboration

These factors pose significant threats to data security – however, they shouldn’t be used as excuses to avoid collaboration through Cloud-based service providers. Organisations should be able to take advantage of the benefits offered by online collaboration sites, such as time and cost efficiencies, without compromising their data security.

Investment must be made in suitably secure platforms. Sensitive data needs to be encrypted both in transit and at rest, and appropriate access control mechanisms need to be implemented so that organisations and central administrators have full visibility and control over who accesses information – including the ability to restrict the access rights of those no longer relevant to the project, such as ex-employees. Online collaboration shouldn't be an issue that makes senior management and IT departments uncomfortable. The benefits of Cloud services and data protection shouldn't be mutually exclusive.