News / Security /

What you need to know about collaboration security

Enterprises that have embraced UC&C and UCaaS during the pandemic are now on the hunt for collaboration security solutions. Here are five things enterprises can do right now to make their collaboration platforms more secure.

Share this article:

collaboration security

If you want to predict the Next Big Trend in enterprise IT, just follow the VC money.

Based on the $50 million just raised by startup Theta Lake, collaboration security is heating up.

Theta Lake is developing AI-based compliance and security software specifically for UC and UC&C platforms. In a news release on its VC windfall, the company said it uses ML, DL and NLP “to capture, archive, detect and surface risks across video, visual, voice, chat, document and email content.” (More on this multi-channel model later.)

Enterprises that have embraced UC&C and UCaaS during the pandemic are now hunting for ways to make collaboration more secure. This is fuelling demand for all collaboration security solutions, not just Theta Lake’s. By 2025, Gartner predicts that:

  • 45% of enterprises in highly regulated industries will “conduct supervision” of audio and video content to meet compliance standards, up from less than 10% in 2021
  • 36% of enterprises will archive workstream collaboration and meeting solutions for non-regulatory requirements (i.e., security), an increase of more than seven-fold from 2021

You can address collaboration security well before 2025. Metrigy Research president Irwin Lazar says there are five things enterprises can do right now to make their collaboration platforms more secure. Here are the five tips he presented at IDC Canada’s recent Future of Information Security Summit.

1. Use a collaboration security platform

Metrigy polled 400 enterprises in North America, Western Europe and Southeast Asia during Q3 of 2021. It teased out two types of collaboration groups: organizations with a high ROI on their collaboration investments and those with a low ROI. (Metrigy calculated that ROI based on improvements in variables like revenue, cost reduction and productivity.)

Metrigy found that organizations with a dedicated security platform specifically for collaboration achieved higher ROI than those without one: 33 per cent of high ROI firms had one vs. just 25 per cent of low ROI companies.

Interest in collaboration security platforms is rising. Metrigy reports that in Q3 of 2021, 64 per cent of organizations had a dedicated collaboration security platform or planned to adopt one, up from 53 per cent in Q1 of 2021.

2. Collaborate on collaboration security 

Metrigy data suggest the CISO or CSO may not be the best person to lead collaboration security:

  • only 33% of companies achieved high ROI on collaboration when their collaboration security was led by a CISO or CSO
  • more firms (40%) achieved high ROI when their collaboration security efforts were steered by internal collaboration teams

“We find often that CSO/CISO teams might not truly understand what the collaboration environment looks like,” Lazar explained. “If you’re a CSO, obviously you have ultimate responsibility for collaboration security. But you also want to work with the collaboration teams to either delegate ownership of, say, managing day-to-day security operations to those folks, or working with them to get input into what the risks are and what are the possible mitigation techniques.”

3. Monitor emerging channels

collaboration security

Lazar said traditional cybersecurity simply isn’t designed to monitor risk on the video, SMS and live chat communication channels featured on modern collaboration platforms.

“A lot of the compliance, security and governance approaches that have been focused on email—and maybe on legacy instant messaging—need to evolve to support the fact that not only might you have a team collaboration app, you might have more than one,” Lazar said. “This is a critically important part of a collaboration strategy going forward and, unfortunately, one that a lot of companies haven’t gotten up to speed on.”

Hence the buzz around Theta Lake’s stated efforts to target risk “across video, visual, voice, chat, document and email content.”

Metrigy revealed that while 65 per cent of surveyed companies were either monitoring or planning to monitor their collaboration channels for “improper words and sharing of information,” a large number (one in five) had no plans whatsoever to monitor their collaboration channels for such risks.

4. Don’t forget about toll fraud 

Although more hackers are turning their nefarious attention to videoconferencing and chat channels on collaboration platforms, Lazar pointed out that $29 billion in UC toll fraud is still committed every year.

“Don’t think that, just because you might be moving to a cloud provider for calling, you’ve absolved yourself of any risk,” Lazar warned. “As (companies) move to cloud for calling platforms, they’re still owning the connection of their cloud platform to the public phone system through carriers that they have contracts with. That means they’re still responsible for protecting against toll fraud and, again, working with their carrier partners.”

5. Adopt SASE or zero trust

Irwin advocates SASE and zero trust as models to manage collaboration security risk. He said key components of collaboration security could include:

Ultimately, Lazar concluded, companies should aim to increase collaboration security without sacrificing too much in terms of business functionality or user experience.

“You want to balance what your needs are with what your (security) requirements are. You want to give somebody the ability to dial in to a meeting if you’ve turned on end-to-end encryption,” he said.

According to Metrigy’s research, nearly 25 per cent of organizations have no strategy in place for collaboration security at all, and don’t ever plan to develop one. That means a quarter of enterprises remain skeptical that collaboration requires a new or dedicated approach to security. They may be right. I just hope their skepticism won’t be put to the test in the form of a hijacked video meeting or ransomware attack.

Images: sesame/iStock; andresr/iStock

Share this article:
Comments are closed.