How Smart CIOs Can Take The Lead On Information Security
by Aware HQ
Collaboration information governance is a team sport. Here’s how IT leaders can take charge of their risk posture in this new dataset.
Almost 80% of the Fortune 500 use Slack to communicate at work, and 91% of the top 100 companies use Microsoft Teams. Over 90% of businesses use at least two messaging applications. Like them or not, they are an integral part of modern business life and they are here to stay. That presents new risks for the organization to overcome.
Since December 2021, regulators have fined major enterprises $1.8 billion over use of these applications. Courts also expect collaboration data to be accessible for eDiscovery. The time has come for organizations to wrap their arms around this data and mitigate the risks it contains.
As an IT leader, information governance might not be in your wheelhouse. But you own the apps that have introduced these new risks to the organization. You are uniquely positioned to recognize the blind spots in their datasets that others may miss. You can be the champion your organization needs to spearhead compliance and mitigate risk within collaboration tools — before the regulators come calling.
Information governance is a team sport
The data collaboration creates is chaotic, unmanaged and growing exponentially. The widespread adoption of collaboration tools by employees from every department further complicates matters by introducing new information into the dataset. Previously restricted conversations between employees in highly regulated areas of the business can now coexist alongside causal conversations and everyday office chatter.
How do you sort through the vast amount of collaboration data your company holds to identify and isolate the information that matters most? How do you assign value to that data and implement retention policies that preserve what is needed, while purging nonessential or restricted information?
The complexities of collaboration data require a unified response to adequately control. As an IT leader you can identify the risks and blind spots in this dataset, but you need your colleagues in legal and information security departments to team with you to produce a successful strategy.
Make information governance actionable in 5 simple steps
Aware data scientists identified five simple steps that IT leaders can implement to take effective action on collaboration data governance —without adding to their workload. Improve your risk posture and mitigate noncompliance in this new dataset by working interdepartmentally toward a single, unified solution.
1. Understand your collaboration ecosystem
What collaboration tools does your organization use? Are they sanctioned or unsanctioned? How were they chosen, and who is currently in charge of managing them? No information governance policy can be effective if it doesn’t encompass all the places where data is created.
2. Scope your needs and stakeholders
Before placing restrictions on your collaboration ecosystem, it’s important to understand how it is currently used and the needs it fulfills for different departments across the enterprise. What specific operational requirements and technical support do your collaboration tools need to be effective? Which stakeholders drive their adoption and use? What priorities are dealbreakers when it comes to vendor selection?
3. Understand where data resides
Ideally, collaboration data should be managed from a single, central pane of glass. This provides the most effective and efficient data governance solution. However, collaboration data likely exists in pockets throughout your digital workplace. Uncovering where data is stored, where copies exist, and what resides locally vs. in the cloud is critical to a successful information security strategy.
4. Articulate your business needs and goals
Before finalizing any information governance strategy, it’s important to consider the end goals you wish to achieve. As an IT leader, your goal may simply be to reduce risk to the organization. Meanwhile your colleagues in legal might be concerned with regulatory compliance, and information security with closing potential exfiltration points. These goals can be contradictory, so it’s important to make strategic decisions about the relative risk and value of collaboration data to the enterprise.
5. Consider end processes and permissions
Once you have defined a business strategy for collaboration information governance, it makes sense to assign stakeholders who can support the right controls. Who should have access to the data generated by each collaboration tool? What new processes need to be deployed across teams of users? Is it appropriate to institute role-based access controls (RBAC) to restrict access to sensitive information?
Download the whitepaper to learn more
Collaboration data represents new risks and challenges to the enterprise. IT leaders are best placed to identify the blind spots these datasets introduce, and to spearhead an interdepartmental campaign to securing that data, improving the organization’s risk posture and ensuring regulatory compliance.
Download the Aware whitepaper to learn more about aligning stakeholders behind collaboration information security to create a unified data governance solution.