Security and Collaboration

By David Colman

Security and collaboration do not have to be in conflict, but rather you can develop infrastructure that can support both behaviors. Traditionally, the most used tool for collaboration (1-to-1 or 1-to-many) is e-mail. One of the major analyst firms estimates that there are over 30 billion e-mails a day (and I bet 20 billion of them are spam). What is worse is that e-mail is not secure.

OOPS!

A few months ago a CEO of a software company sent me a letter asking me to review and comment on their sales forecasts for 2003. I saw from the content of the e-mail (of course I read it) that it was really for another "David" and that he had highlighted the wrong line and sent it to my address by mistake. He later called, when he realized his mistake, and asked me to ignore the message (which I did) but it was embarrassing for him and a security blunder of the first order. In addition, the attachment, an Excel spreadsheet, was also available for me to see.

So neither the e-mail nor the spreadsheet were secure, yet billions of these private communications wiz around the globe everyday. One of the things we need to balance this risk against is the reward. Our communication gets to the other person faster than snail mail, so the cycle time for many (collaborative) processes is cut. This is a big benefit, and cycle times can be cut even further with IM (Instant messaging) and chat, which fall into the real-time collaboration category (an collaborative interaction occurs within 5 seconds).

I Chat, You Chat, We all Chat

IM was originally designed as a forum (for groups) or for a quick personal chat (1-to-1) but as it evolved from the consumer sector, it is being used more and more (with ITs blessings or not) within the enterprise. What’s even worse is that IM is following the same course of adoption that e-mail did, but much more quickly. This has some dire consequences, one of which is being overwhelmed by IM’s while online. The other is that since most IM is not secure it adds another security hole. Through IM someone hostile to you could even take over your desktop, and from there move throughout your corporate network. Other collaboration technologies, any of those video conferencing tools that use a T120 stack (which is notoriously bad with firewalls) also can produce security issues.

But how fast is IM being adopted in business organizations? Matt Cain of the Meta Group estimates that by 2007 90% of knowledge workers worldwide will use some form of IM. This is compared to only 10% who use IM with IT approval today. IDC also estimates the rapid adoption of IM from 65 million users today to 260 million by 2007.

Secure e-Meetings

So with all these collaborative technologies making Swiss Cheese out of your corporate security how can you sleep at night? Well there are some answers. Many of the vendors of collaboration technologies are aware of the increased importance on security, and have taken steps to support this. Through encrypted e-mail and IM’s new collaboration vendors are architecting their products for end-to-end security. Companies like Viack, and Linqware (which builds its security on top of Citrix) have moved into a new market space that we call e-meetings. The characteristics of e-meetings and what makes them different from other collaboration technologies are:

• Small online meetings
• High levels of interaction between all meeting participants
• Persistence- the ability to store documents involved in interactions in a secure workspace
• Presence- that ability to see who is online and what their status is (busy, can talk, etc.)
• High level of security
• Support both real-time and asynchronous interactions
• Support both ad-hoc and scheduled meetings

Plug That Hole!

Most e-mail vendors and other collaboration vendors will tell you they have adequate security. However, often on closer inspection it is clear that the content of the interaction is at risk at one or more points along its transportation path, and that the vendor’s current level of encryption only deals with part of the problem. Stronger encryption (up to 1024-bit) on top of SSL and utilizing the Advanced Encryption Standard (AES) ensure that files, IM’s and other content in a collaborative interaction are secure from the time they leave the author, through the server, and to the receiver (who uses a public key to decrypt the message).

The upshot of this is to have you (the user) take a look at what types of content you collaborate about. If you are in regulated industry like financial services, medical services, or an industry based on confidentiality (legal, medical, consulting) then security is critical to you, as is collaboration. An audit of critical processes that have a collaborative component, and the corresponding security to support them is a great idea. Collaboration is only going to get more intense (currently CS estimates that only about 12% of companies use real time collaboration technologies (supported by IT) on a regular basis.

No Substitute For You

None of these collaboration technologies do we believe take the place of in-person meetings, but they are good technologies to augment such meetings. The reason is that an initial meeting is best in person, as you need to establish trust with the other person (or people) before you are willing to share (and collaborate) with them. As humans we pick up 75-80% of the information about another person from visual, olfactory and other cues (animals pick up 100% of their information about each other that way) and it is easiest to get this (often unconscious) information in person. Once the relationship has been established, then it is much easier to continue on electronically, with e-mail, IM or other collaborative technologies.

So when you can’t be there in person, collaboration is the next best thing, but do it safely and securely and the benefits and rewards are great!    

In attending the KM World conference this month, and also seeing Verna Allee’s new book The Future of Knowledge: Increasing Prosperity through Value Networks I began to wonder what the future would bring to the KM market. I bet many of you are probably wondering this also. At the conference I had a chance to get briefed by 7-8 vendors and asked each what they thought the future of KM was. Interestingly, every vendor started out with the definition of KM, which no one seemed to be able to agree on.  

David Coleman is the Founder and Managing Director of Collaborative Strategies LLC and the editor of "Inside Collaboration". He is the author of two books on groupware, and many of the monthly Hot Tips on the collaborate.com Web site as well as this newsletter. When he is not consulting for vendors or users of collaboration technologies, David is often engaged in both in-person and Web-based presentations to educate all types of organizations about the benefits and successful techniques for collaboration. He is also working on a new book on e-collaboration. He welcomes your comments, questions, and requests, and can be reached by e-mail at davidc@collaborate.com, on AOL Instant Messenger at davidc121, or by telephone at 415/282-9197.

Collaborative Strategies makes every effort to bring you timely, accurate information on collaboration and knowledge management. However, we are part of a rapidly evolving market ourselves and events occur during the publication of this newsletter every month that we do not become aware of or that happen post-production. If you know of such events please contact us at davidc@collaborate.com so we can note these key events in the next edition of this newsletter.