Can IT managers ensure the security of their social software?
Join the DZone community and get the full member experience.Join For Free
Enterprise social software is high priority for IT departments today, as professionals expect to have access to the best of the consumer tools they use in their personal lives at work. These include social networking, simple file sharing and cloud storage, all available on their mobile devices. However, there is a belief that social tools like these can cause additional security risks, which probably comes from risks associated with public social networking. This concern is well founded as using a public social or file sharing tool like Facebook or Dropbox for business-related communications does cause some unique risks.
When it comes to security, use of Facebook for messaging or chatting can easily result in a compliance violation. And the ease with which information can be inadvertently exposed to the entire internet can easily put sensitive company data at risk. Add in the growing use of malware and phishing in networks like Facebook, and there are certainly risks for business use. In order to translate these functionalities to the enterprise, business tools need to establish a balance between an intuitive user experience and enterprise grade security.
So what can IT departments do to mitigate against these risks?
The best thing they can do is choose a collaboration platform with enterprise-grade security features. This shouldn’t be too hard; when it comes to enterprise collaboration software, the privacy and security of data should be paramount concerns anyway. For this reason, one of the major differentiators of enterprise cloud solutions and consumer-grade cloud tools is security. The best enterprise cloud vendors build their platforms with the best security features from the ground-up, and host in private data centres with single tenant architecture.
The reason many enterprise collaboration software providers did this has become clear in recent years. After the shock of Edward Snowden’s NSA leaks, many companies became hyper aware of the privacy of their own and their clients’ data. This has led them to seek out the most secure solutions for hosting information, particularly when it comes to cloud collaboration platforms where the most sensitive data about companies and clients is stored.
For those cloud software providers whose platforms were already built with security in mind, like ours at HighQ, they have begun to reap the rewards of their early investments. They had no need to retrospectively adapt their applications to meet the enhanced security needs of enterprises in the post-Snowdon era. Instead, they could use this development time to add even more security features to strengthen their offering, rather than having to enhance their product to bring it up to the high security standards that businesses came to expect.
But even the best security measures can’t protect against everything.
But more revelations about the US government’s insistence on gaining access to digital data has come to show that it doesn’t matter how secure a cloud product is if the cloud provider is based in the United States. In April 2014, a federal judge ordered Microsoft to release a customer’s information from their Dublin data centre. This showed that it doesn’t matter whether the data is physically held outside of the United States if the hosting vendor itself is a US-registered company.
This has raised major concerns about data sovereignty for customers of cloud hosting providers across the world. In fact, the only way for non-US businesses to ensure the security of their data from the potential intrusion of the Patriot Act is to choose a cloud provider that is based outside of the United States and hosts its data outside of the United States.
What’s the best course of action?
The challenge of enterprise social collaboration tools comes from establishing a balance between the functionality of consumer-grade tools and ensuring the utmost security of their users’ data in the face of an increasingly challenging digital environment. Like anything, you must look at all the options and choose the best that you can. Do your research. Ask your data hosting company the important questions, such as are they audited? Look for providers that are ISO27001-accredited which will ensure the highest level of security.
Carry out further due diligence by understanding the host country’s data legislation. You can find this out by investigating data protection laws in the country that your data may be hosted in, checking first that the country has data protection laws at all, and delving deeper to check who these laws apply to, and what access the government has or allows to other countries’ governments.
Once you know what you’re up against, deploy and enforce a robust cloud data location and jurisdiction policy to protect your interests. Make sure you choose a cloud provider that offers hosting in your country of choice, but also make sure you investigate the country in which the provider is based as this can affect the security of your data.Remember, though – there isn’t anything inherently insecure about using enterprise collaboration software or enterprise social tools. If you choose the right provider and implement the platform correctly, enterprise social software can help with significant cost savings, increases in efficiency and a better working environment.
Opinions expressed by DZone contributors are their own.