Storagepipe Is Now Thrive

Learn More

GridWay Is Now Thrive

Learn More

Cybersecurity

Talking Tech: Collaboration and Security

Talking Tech: Collaboration and Security
05.12.21
Collaboration Cybersecurity
By: Chip Gibbons, CISO & Ryan Thomas, EVP & GM, Microsoft Collaboration Group

Recently, Thrive’s CISO, Chip Gibbons, and EVP & GM of Microsoft Collaboration, Ryan Thomas, hosted an informative webinar discussing the important topics of security and collaboration.

Discussion included secure external sharing in Microsoft Office programs, the security and governance controls that should be in place in every organization, and how platforms continue to evolve and why it’s important to stay up to date with the latest features and changes.

Below, check out some highlights from this enlightening conversation.

On what’s driving transformation in collaboration:

Ryan: People are looking for efficiency. They have vendors, consultants, and external projects to complete. Sending outdated, antiquated documents back and forth over email and trying to piece the changes back together is difficult. As someone who has been diving into Microsoft Teams for years now, when I have to go back to sending items over email it’s tough.

Chip: Absolutely. I’m sure I’m not the only person who has dealt with this, but starting an email thread can sometimes morph into something completely else, or something that doesn’t have to deal with the original email. This is where Teams and collaboration can shine. With Teams, there’s built-in security that’s already there, because you know who you are collaborating with and doing so in real-time.

Ryan: Right. Email is a tough place to store data and access it. It’s fine to send a message to someone, but when it comes to working on a document or sending one, it becomes difficult to use email. We hear from clients that their vendors and their customers are asking for [collaboration tools], too. It’s not just for internal use, but it’s for external use, too.

Why data classification and protecting data matters:

Ryan: One of the things we always highly recommend is a governance plan. Governance is half about security, and half about guidance. Part of governance is about architecture, and understanding the type of data that will be shared externally, so policies can be set.

Chip: Policies and procedures are important. You can’t secure anything before knowing what you’re trying to secure and how to secure it. We do come across clients who may not have an information security plan. It doesn’t have to be perfect the very first time, but there has to be a plan on paper to start with. If there is no written information security policy, employees don’t know what they can and can’t share. Should they be on social media? Should they be able to plug a USB port into a work computer and take data home? It depends on the security policy. If there’s nothing there, then we don’t know what should and shouldn’t be protected.

On platform capabilities and what they can offer:

Ryan: I think a lot of people don’t know what the platform capabilities are and how these platforms can protect them. Simply going through settings can give you an idea but won’t give you the full picture. The first thing we always do is we start to educate ourselves on what a platform can offer, to better understand what data can and should be locked down. Education is important.

Chip: Education is important, yes. It can’t just stop, either. The platform will keep on changing.

Ryan: Exactly. Customers ask us to help them keep up with everything a platform has to offer. From a security and a sharing perspective, that is a risk, right? When things change in the platform, they need to be identified quickly. Capabilities continue to be added, and it can present more challenges along the way. We’re here to help. When a platform is set up with proper policies, it can be secured where it would pass a stress test of a security audit.

Chip: We don’t ever put something into place and leave it and walk away. It’s important to monitor, maintain, and adjust as things change.

How to avoid “shadow IT”:

Chip: There’s a whole concept of “shadow IT”, where employees are trying to do their jobs, and they want to do their job right, and they need to get data to someone. So, they might, for example, open up a personal Dropbox account and transfer data that way. The last thing anyone wants is data leaving the organization and not knowing where it’s going. Having policies and procedures in place goes a long way to eliminating shadow IT and data leaving the organization. It’s not malicious intent. It’s just an employee trying to do their job. They need to have the right tools so they can do their job effectively and not put an organization at risk.

Ryan: We can set the needs up in a way that they are supported. Generally, end users will find a way. We call it shadow IT, but essentially, they’re working around systems. So, give them a viable solution to do what they need but make it viable and secure. You’re better off that way than you are letting them try to figure it out on their own and seeing data or important information slip through the cracks.

Be sure to check out the full conversation below, and contact the Thrive team for all of your digital transformation and security needs. We are here to ensure organizations have everything they need to work successfully, whether in the office or remotely.