5 best practices for secure collaboration

Credit to Author: CSO staff| Date: Wed, 03 Aug 2022 02:00:00 -0700

The landscape around collaboration and communication security has changed in recent years, spurred by the shift to remote work as companies scrambled to bring video and team collaboration tools online.

That rapid change in how teams communicate internally as well as with partners, suppliers, and customers introduced new security challenges, says Irwin Lazar, president and principal analyst at market research firm Metrigy.

At CSO’s recent InfoSec Summit, Lazar shared his research into what companies that are successfully implementing emerging collaboration technologies are doing to ensure that they are secure. What follows are edited excerpts of that presentation. For more insights, watch the full session video embedded here:

When we talk to folks about communication and collaboration security, they are still often focused on toll fraud. They are concerned about attacks on their phone systems, attacks that might allow people to register onto their phone systems and make calls, maybe even exfiltrate data—like call records and so on—and they are concerned about attacks that would cause calls to be routed across malicious carriers or malicious points that might be able to overcharge or gather money based on generating call volumes.

What we have seen is that has rapidly changed now over the last couple of years as calling is still obviously very important, but other collaboration technologies have entered the landscape and have become equally, if not arguably, more important. And the first one of those is video.

The challenges, when you think about securing video, obviously a lot of folks have heard about unauthorized people [discovering] a meeting and [joining] it with an eye toward potentially disrupting the meeting or toward snooping on the meeting and listening in. And that has, fortunately, been addressed by most of the vendors.

But the other real concern that we have seen arise from a security and especially a compliance perspective is meetings are generating a lot of content. So, most meeting vendors today allow you to record the meeting. They allow you to capture transcripts. There are chats going on. There may be notes that are published out of the meeting.

And so where does all that live, and how do you control that within the context of whatever your regulatory environment is, whatever your compliance and your discovery strategy is, and just your overall security strategy.

We conducted a study of about 400 companies in the third quarter of 2021…. [W]e looked at where are people spending their money from a collaboration standpoint—what areas of your budget are growing, and what areas are shrinking? And then we looked at identifying the differences in what we call our success group.

Successful companies—as we define them—are ones that have the highest ROI for their collaboration spend. So they look at the money they are investing in collaboration applications, and they are able to measure improvements in revenue, cost reduction, improvements in productivity, and so on. We had about 400 companies that were in our overall pool in this study. Of that, we had about 68 that we considered to be successful, based on those metrics.

We then looked at what are the successful companies spending money on. And we found that collaboration security was the biggest gap. The successful companies are about 20% more likely to be spending money on collaboration security than the non-successful companies…. [And] the successful companies are significantly more likely to have a strategy.

So let me share with you our five best practices. Here is what we saw were the strongest correlations with our success group.