Managing the risks of cloud collaboration in business today

Gartner predicts that cloud office systems will account for 33 per cent of the overall office market by 2017. This is a big step considering a few years ago collaboration in businesses typically involved emails, phone calls, and perhaps a few instant messages (IM) exchanged within the company.

However, nowadays the arrival of cloud computing and all the remunerations that come with it have shaped the path for collaborative cloud-based services, which is reforming how businesses work over the internet. Many collaborative services offer a specific business need, such as social networking, productivity apps, storage, or good old fashioned email.

However, whilst collaborative cloud-based services offer a whole range of benefits to businesses of all sizes, they also can pose a number of risks if not appropriately integrated into the corporate sphere. When using the messaging and conference call applications within the cloud, users need to be aware that the same rules associated with data privacy should also apply to this. Companies need to ensure that the “data” transferred over these systems cannot be captured by someone trying to maliciously record the call or video, and that there is an audit trail on how this messaging is done within these interactive sessions, so it cannot be detained by unwanted users.

Even if employees are exchanging corporate messages privately, organisations need to make sure that there is a higher degree of security around the confidentiality of that data. This is simply because it could be severely compromising in a situation where cybercriminals hack into a corporate collaboration system and start to make private company details public. This has been seen already in the infamous phone hackings of company voicemails, so it is imperative that organisations ensure there are appropriate security measures in place which are resilient, as well as a Service Level Agreements (SLA) which will provide a high degree of compensation if the systems are breached and the company is compromised.

The big question companies need to ask themselves is will the in-house IT department do a superior job at protecting the corporate collaboration system, or is this a responsibility which you place offsite with a cloud provider. Nowadays, SMEs in particular are taking the view that this task is best managed off premise with a provider which they trust and pay to manage their cloud collaboration systems for them. This approach has many benefits - providing the company forms a relationship with a trustworthy vendor. It is imperative that before handing over the responsibility of managing and storing company data, organisations check the track record of their cloud provider and ensure that there have been no former breaches of confidentially.

It is also wise for companies to try and understand the technology the provider utilises in its own data centres, and the tools they use to make the service more secure. One of the key examples of this is to check if the sessions that run between the organisations and the service provider are encrypted. This means that the data, such as voice messages, are encrypted within a VPN (Virtual Private Network) and the resulting file that is used to record the call is also encrypted and can only be played back by authorised users.

Another risk which has emerged into the ever-connected world of business is Bring Your Own Device (BYOD). By enabling a BYOD program, enterprises permit employees access to corporate resources from anywhere in the world, however, securing these devices and supporting different mobile platforms can create complex issues for IT departments. Companies need to lay down careful policies on the security required, how this data should be handled and how employees are expected to behave – including security awareness of the dangers of insecure networks and over-sharing in social networks.

One of the specific areas of concern to be addressed is the mobility of data and how to capitalise on the benefits while securing the company. Firstly, security policies must be revised to reflect the changes in working practices. It's no longer possible for IT departments to defend the traditional network perimeter. Instead, they must apply a security 'wrapper' around every employee - so that they are protected wherever they work and whatever device they use.

As well as a focus on technology, organisations need to better educate their employees. It’s essential that employers understand the risks involved with using mobile devices and communicate this effectively with employees.

They also need to put in place robust security processes to reduce the risk of any data breaches or leaks occurring. This means deploying anti-malware apps, controlling the applications that employees have access to, and also being able to block access to, and where necessary, erase sensitive data stored on a lost device.

The relatively recent purchase of AirWatch by VMWare shows how enterprise software vendors are adding additional functionality to compliment the services already offered by the mobile device operating systems, and in this way providing additional levels of control.

Nigel Moulton, EMEA CTO at VCE