User governance is a crucial aspect of IT Security management, and not just during times of pandemic-level crises (although admittedly, the COVID-19 pandemic is driving more of us than ever to work remotely, giving IT admins and Security officers unprecedented headaches on global scale.) Simply put, getting user governance right ensures that business-critical data stays under the organization’s control and simultaneously, that employees are empowered for the entirety of the employee lifecycle to perform to the best of their ability within a given IT infrastructure.
The growing need for robust user governance capabilities when working in the cloud, especially for larger businesses, comes down to multiple factors: the amount of cybersecurity attacks are exponentially increasing in frequency and sophistication, human error is still the highest source of data breaches, and on top of that, data protection regulations are increasing in number and complexity with every year. With more and more companies moving their content collaboration and workflows – in some way or another – to the cloud, businesses need to be able to monitor and control what files individual employees have access to, to be able to track the source of any security events and provide an audit trail for compliance requirements.
Given the current (and constant) importance of this topic, we decided to explore the main challenges IT administrators and security officers face when it comes to user governance, the best practices and governance tools available to mitigate those challenges, and the overall benefits this approach provides for organizations as a whole.
1. The ‘too-many-tools’ problem
Businesses usually start out with a few collaboration tools and the best of intentions when it comes to aligning workflows between departments. But as time goes on, people come and go, leadership changes occur and inevitably, different departments and functions start to use completely different tools, for similar purposes. As a result, it becomes difficult – if next to impossible – to store all the information in the same place and have one ‘source of truth’, meaning that IT administrators and infosecurity professionals struggle to get a birds eye view of collaboration activities as a whole.
The solution: Use a content collaboration platform which has functionalities that suit all your different departmental needs, and stick to it as a company rule. When you go with one that is end-to-end encrypted with zero-knowledge protocol, you can exchange files internally and with external partners with peace of mind, knowing that all your business-critical documents are protected.
2. A lack of centralized monitoring
Back to the issue of the bird’s eye view. Ideally, businesses should use a content collaboration platform that comes with an easy-to-use interface, providing admins with a high-level overview of collaboration activities as well as the ability to drill all the way down to a file and user level to see more detail about specific events. This kind of centralized dashboard should also shed light on user roles, responsibilities and access levels. Without an easy way to oversee this kind of information and activities, IT admins often struggle to track events that occur and to extract insights from them, which makes it particularly hard to create an audit trail and comply with data protection regulations.
The solution: In an ideal situation, there is a form of centralized monitoring dashboard or interface, which allows administrators to track down the source of cybersecurity events, avoiding the financial and reputational damage that comes with data breaches. It should be easy to use, visually process, and to translate the observations into data for analytics and reporting purposes. This will make it significantly easier for the business to conduct forensic research and create an accurate audit trail.
3. Wanted: more user authentication
User authentication and authorization is another aspect of governance that needs to be centrally managed – otherwise, administrators have no oversight of who can access what, and how much they should be able to access in the first place. Given most businesses handle business-critical files with differing levels of confidentiality, and that many data breaches happen due to either accidental or intentional employee misuse of information, it is extremely important to properly manage user accesses and rights. Then administrators can guarantee data confidentiality and make sure that users do not access and interact with files they shouldn’t be able to access.
The solution: First off, you’ll need a central user directory in place which defines which users are allowed to access which tools, including the content collaboration platform you’ve chosen to use across departments. It is super helpful if you can also directly integrate your central user directory with said platform. Next, to make sure users stay in their lanes while collaborating, admins need to have the ability to determine their rights and privileges on an individual and group level. According to the Principle of Least Privilege, you should aim to make sure that users only have the absolute necessary minimum amount of rights they require to fulfill their daily obligations, and no more. A robust content collaboration platform will allow you to manage user rights all the way down to a folder and file level.
4. Balancing flexibility and security
Content collaboration tools need to strike a fine balance between empowering employees to work with each other and external partners, while keeping business data safe. As they are often by everyone in an organization in order to cooperate, IT admins need to be able to support the entire employee lifecycle through the platform. Projects and roles change and evolve frequently in organizations. If the in-place solution doesn’t allow admins to keep up with those changes, employees soon feel stifled and blocked from completing their work, which leads to a significant amount of dissatisfaction, delay, and ultimately negatively affects the company’s bottom line.
The solution: This type of change management is supported by content collaboration platforms which allow for the quick adjustments that accompany the employee lifecycle, also known as the ‘Joiner-Mover-Leaver’ model. Depending on the employee’s status, admins need a tool which allows them to carry out rapid provisioning and deprovisioning processes, granting employees the relevant accesses and rights that they need for specific parts of their journeys. This also applies to working with external partners, third party providers and contractors, in the sense that businesses need to be able to grant them access to certain areas and remove them just as quickly when the project comes to an end.
5. Juggling internal policies
Companies develop organization-wide, department-specific and project-related security policies in order to protect the confidentiality and integrity of their data. The problem is not so much coming up with the policies, but rather that many businesses find it hard to enforce said policies with their in-place content collaboration systems. Losing control of your policies and not being able to issue and withdraw them in rapid succession, can result in creating vulnerabilities when it comes to secure content collaboration.
The solution: It is preferable to use a content collaboration platform which allows you to establish policies based on specific user groups. If you can determine different rights and responsibilities within the platform, then you can also enforce them on an organizational, departmental and team level. On top of that, if you can apply user grouping, then you have multiple policies apply to individual users and at the same time, allow mass policy governance for administrators. This means admins would be able to set up groups and either add or remove individuals or a large number of uses easily, making policy enforcement an easier task overall.
And there you have it. When it comes to user governance in enterprise organizations, these are the main challenges IT admins will find themselves facing, and the capabilities they should look for in a content collaboration platform as a solution. Following these recommendations, businesses will be able to stay in control of what happens to their data while creating a collaboration infrastructure which allows their employees to succeed at their jobs.