Collaboration Apps Mean New Security Concerns
Sure, it's cool to aim at joining the Enterprise 2.0 crowd, but it opens up your business to security problems.
As enterprises implement collaboration applications to increase staff productivity and cut costs, they are increasing the risk of security breaches, according to a survey conducted for Rohati Systems that was released today.
The 117 respondents, all high-level IT executives from enterprises of various sizes, have deployed applications such as Web-based Intranet portals, Web 2.0 applications, Common Internet File Systems, IBM (NYSE: IBM) Lotus Notes, content management systems and Microsoft (NASDAQ: MSFT) SharePoint to communicate and collaborate internally and with external partners.
Seventy-one percent of the respondents said their organizations have not implemented adequate security to protect data in a collaborative environment.
"Collaboration is necessary to drive productivity and revenues, but you need to ensure that you understand who is accessing what," Shane Buckley, CEO of Rohati, told InternetNews.com. "It's amazing how many enterprises don't know that and are just making assumptions."
Once they know who is touching what application, enterprises must put controls in place. "Controls don't exist in collaboration applications, which, by their very nature are almost viral," Buckley said. "You must either get developers to recode your applications, which takes millions of dollars and up to 24 months, or you put in something like a datacenter firewall on steroids."
Basic authentication, consisting of the user name and password, was used to secure collaborative applications by 79 percent of the respondents' companies. Another 31 percent used secure sign-on applications such as Kerberos; 26 percent used enhanced authentication and authorization systems such as tokens and smart cards.
Despite this, the respondents were bothered that IT cannot exert enough control over collaborative applications to ensure security.
Forty-nine percent of the respondents said their greatest concern is that they cannot enforce consistent access policies across all the applications and data. Another 16 percent were worried about their inability to audit and report on access and usage to meet compliance requirements, and 13 percent feared the lack of visibility into users' actions.
Even more to worry about
Unauthorized user access to applications, data and information bothered 40 percent of the respondents. Another 29 percent feared data losses or breaches, 14 percent were concerned about unauthorized or malicious user of files stored in information repositories, and 13 percent feared that users would make unauthorized changes to data.
When it came to who might get unauthorized access to sensitive data, 50 percent of the respondent cited employees. Respondents were more concerned about domestic contractors than foreign contractors -- 33 percent worried about domestic contractors and 28 percent were concerned with foreign contractors.
Partners were also an area of concern, with 29 percent of the respondents fearing partners might get unauthorized access to sensitive data.