2A) Collaboration Tools

Given I write about collaboration frequently, it would obviously be a front-burner topic that needs investigation and understanding in a new role. You need to understand how your employees are working together to share information, work on projects, communicate with each other and generally get things done. This would include the following topics:

  1. Review the health and status of the email eco system. Is it appropriately robust, secure and reliable? Is SPAM filtering effective? How is the system protected from malware? If a locally hosted system is it secured and is it relatively up-to-date on patches? How is the uptime on the service?
  2. Look at other collaboration systems. This might include Sharepoint, wikis, instant messaging/chat services, and Yammer, etc. How are these tools being used and ask similar questions to the email service. Are your employees using these tools? How much overlap between tools do you have?
  3. Telepresence/Video Services. What tools are you using and how are they being used? Are the appropriately secured? Are they being used? Is the technology up-to-date? Are they easy to use?
  4. Partner Connected Tools. For the above tools, are they being used to connect with customers and suppliers and if so, do you have the proper policies and security setup? If email is the only option for your folks to connect with partners, then you might want to consider alternatives since there is not a lot of control on email.
  5. File Sharing. How are files routinely being shared between internal work groups and then with external partners? Is the proper security in place and at the same time are the tools and services easy to use?
  6. Other Tools. After reviewing the above tools that are supported by your company, what other tools are being used that are not supported? For example, if your IT team doesn’t support Dropbox are your employees using it anyway to store files and to share with 3rd parties? Lots to think about here. Depending on your business you might need to put some restrictions in place or roll out a supported platform and steer use to the supported platform.
  7. Social Platforms. And then what about services like Facebook and Twitter and the like? Are you allowing or blocking and if so why or why not? I’m not recommending one way or another, but you need to have a discussion on it and be purposeful in your direction.
  8. Mobile. I’ll likely write more on this later, but how can all the services above be accessed by mobile workers.

There is a huge inventory of topics on this one post and they are complicated with lots of interdependencies and lots of security implications. Your collaboration services are inherently in conflict with your security needs so you’ve got to understand both sides of that coin for these services. The point of listing this for new CIOs is to make sure these topics get carefully reviewed.

What have I missed on this topic?

5 thoughts on “2A) Collaboration Tools”

  1. Hello Mark,

    One more item for the list: Open Innovation and Crowdsouring.

    Open Innovation and Crowdsouring are collaboration activities at the internet scale. And like any other form of collaboration, there are elements of open innovation and crowdsourcing activities that are in conflict with corporate information security practices.

    Security controls for preventing unintended disclosure that worked in conventional outsourcing do not work in open innovation and crowdsourcing. While protecting IP is important and more so in the open innovation and crowdourcing, it is not feasible to have an Non-disclosure agreement (NDA) with all the participants in an open innovation challenge. In a typical outsourcing pattern, everything is shared after an NDA is in place. Even though not everything shared needs to be covered by the NDA. Good examples are standard configuration templates, deployments templates, app templates / themes, directory schemas and other type of schemas. These don’t contain Intellectual Property(IP), however they are treated as IP in the outsourcing pattern because all communication is covered under NDA.

    Requiring an NDA for non-IP assets makes crowdsourcing and open innovation very challenging. I think new information protection patterns should be developed to address unintended information disclosure in the crowdsourcing and open innovation engagements. Non-IP assets should be allowed to be shared with the open innovation participants after the identifying data has been anonymized and sanitized.


    1. Great points Saqib. As business models evolves, so must the processes and procedures that are there for our and our companies protection.

    1. Saqib,
      Yes, good post. Thanks for sharing. I think I re-shared it to others and posted a copy to look at again later.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s