Securing your Collaborative Environment
As the government struggles to reduce costs, we have seen an increased interest in improving efficiencies and reducing costs through collaboration. Alternately, we have also seen a renewed push for security especially after Edward Snowden stole information from NSA. There has always been a tug of war between increased collaboration and information sharing and the need to ensure the security of information. This is only natural, but it is also important to find a balance of the right amount of security without preventing collaboration.
So how does an organization deal with these conflicting issues? First, we must realize that organizations need to collaborate and share information in order to make better-informed and quicker decisions, but how do we do this securely? As with any enterprise application there are 3 key areas of focus when securing an application: they are Authentication, Authorization, and Auditing/Logging.
Collaborative applications, like most corporate applications, require that you know who is accessing the data and this starts with a strong authentication service. An authentication service is responsible for ensuring that the person logging into the machine and accessing your data is who they say they are. Some authentication services use username and password credentials for authentication, but many newer systems have increased security by using a two-factor authentication or Public Key Infrastructure (PKI) Certificates. You may have noticed two-factor authentication, when accessing your social media accounts or your financial institution’s online banking site, involves receiving a code through another source such as a text message to complete the login.
In addition, having multiple applications use the same authentication service via a Single Sign On (SSO) solution eliminates the need for multiple user logins. This eliminates duplicate authentication systems, duplicate passwords, and ensures that users are properly authenticated. SSO becomes very important for solutions that have multiple collaborative components that are embedded within existing applications – for without an SSO, users would have to enter their password multiple times.
Once we know who is logged into the system, we need to ensure that we can control what they have access to. This is the function of the Authorization service. Having a central service in the organization that controls access and making sure groups are set up properly and applied to the appropriate areas of the collaboration environment is critical. Access controls in the collaborative environment should be able to limit what areas of the virtual world people can access (i.e. chat rooms) as well as what documents and content they are able to read and edit. Make sure that the access controls are not too restrictive, thereby limiting a users’ ability to access areas necessary for a truly collaborative experience. Just as you limit what ‘share drives’ people have access to on your network, you should be able to limit what data people can see in the collaborative environment. This is extremely important in a collaborative environment, because if it is not done properly it can have a negative impact on collaboration. Having one service that controls both the access controls will make for a tighter and consistent security posture within an organization.
Finally, the systems should be able to keep track of what people are doing in the collaborative environment. Every piece of information a user touches in the system should be logged. Auditing and logging can at a minimum be used to retroactively see what information someone can access. But more importantly, this data can be accessed by behavioral analytics to look for anomalies in employee access, leading to an audit and help identify insider threats, both internal and external. These analytics can show if an employee is searching vast amounts of data not relevant to their job function or if they are gathering large amounts of data about a particular sensitive corporate capability. Similar to the various analytics employed by financial institutions for identifying credit card fraud, behavioral analytics should be a part of your corporate collaboration environment.
Taking care in employing authentication, authorization, and auditing services in your corporate collaborative environment will allow you to gain the vast benefits of collaboration while still ensuring that your corporate data is secure.