You're driving along, participating in a
teleconference back at the office about your new
strategy...on your cellphone? Some corporations forbid
participants from using cellphones in any
teleconference, no matter how benign the subject. Others
haven't even considered their exposure.
Collaboration is about unfettered sharing of
relevant information; security is about sharing
information only with people who have a legitimate
need to know. They're diametrically opposed ends of
a spectrum. If security's too tight, collaboration
dries up because it's too cumbersome, and that
means much important work can't get done. If
collaboration is too broad, on the other hand, you may be
exposing sensitive information.
Success Strategies
|
 |
Divide And Conquer — Assess the kinds of
topics and information you exchange, with whom,
and how; assess the risks,
|
| |
Chose Your Media — For each risk you can
afford to take, determine which media are
appropriate, and
|
| |
Get Everyone Involved — Once you've got a
plan to balance collaboration and security, make
sure everyone adopts it.
|
| Divide And Conquer
| Assess your risks. If there's juicy material
your competitor, a hungry lawyer, or the press would
love to know, you've got to safeguard communications.
On the other hand, a meeting to disseminate the
latest corporate policy (especially, if it's on a
public website) doesn't deserve elaborate security
precautions. Take a page from the Homeland Security playbook.
Assess the risks into five groups, like the
Advisory System:
|
| |
Red — Use only the most secure media. For
voice, adopt digital scramblers, for digital data,
make sure everything is encrypted at all times.
Prevent use of home computers and laptops.
Orange — Use secure phone lines, make sure
data is encrypted whenever it is transmitted over
lines to other sites. Control access to computers,
and encrypt data on computers outside the security perimeter set by your company's walls and gates.
Yellow — Use passwords to protect access to
information; make sure your teleconferencing has security features (like confirming each
caller's phone number).
Blue — Keep conversations private (close
the door), and limit copies of documents circulated.
Label sensitive information with a
"Confidential" cover. Make sure only authorized people can
gain access.
Green — No worries, mate. Just let
everything be freely shared.
|
|
Chose Your Media
Match your media to your security needs. You
may not have to be so Draconian as to rule out
certain tools (like cellphones) for
everything, but it's wise to think through what you should encourage, what
you should discourage.
The biggest risks are laptop computers and
other devices (like ubiquitous Palm Pilots). Think of
the most sensitive data on board each computer,
and treat the entire box at that level of security.
How your team communicates should be
influenced by the need for security of the content.
Get Everyone Involved
Security is a team effort. Make sure the
security categories you define are well-publicized and
understood by the people who work on the data and
with each other. Occasionally include agenda items
in periodic meetings to review and reinforce good
security practices.
Find out where failures of collaboration have
occurred due to security restrictions, and decide the
best ways to handle them in the future. When
someone "didn't get the word about your project" find out
if security was the reason, and reevaluate your policies.
As we discovered on September 11th, 2001, you
must revisit these issues often, because the boundary
between comprehensive collaboration and sound security will
be constantly shifting with changes in technology,
in people, in threats, and in your own business needs.
|
|
|
This article was originally published in the 
newsletter, June, 2002
and is available to our subscribers on our website, http://www.net-working.com.
|
|
