Online collaboration has revolutionized the way technology can help organizations leapfrog their competition. But how do companies reap the rewards of online collaboration while avoiding risk? Business users are more comfortable than ever with acquiring collaboration applications - with or without IT's approval. In fact, the biggest security risk may be dedicated employees who don't understand the potential for data leakage and loss of control over intellectual property, personally identifiable information, financial information, or other sensitive documents. Risk and compliance issues are compounded by the pervasiveness of electronic documents; sharing is quick and easy, dramatically increasing the potential opportunities for misuse or loss of control.
It's time for companies to face the fact that end users must share information in ways that aren't protected by the current corporate infrastructure. The future is here; no amount of resistance will make it go away.
How can top-level IT and compliance managers protect their companies from the risks of online collaboration without becoming known as "The Department of No?" This paper outlines the steps IT and compliance must take to join forces and provide a high-productivity collaboration environment that supports document confidentiality, integrity and availability.
Must reading for anyone who wants to use IT and compliance to create competitive advantage for their company!
About the author: Corporate Integrity founder Michael Rasmussen, J.D., CCEP, OCEG Fellow, is an internationally recognized pundit on governance, risk management, and compliance and is noted as the "Father of GRC" - being the first to define and model the GRC market.
WW HHIITTEE PPAAPPEERR - M A N AG I N G I N F O R M AT I O N R I S K I N T H E E X T E N D E D E N T E R P R I S E 1/6
Managing Information Risk
in the Extended Enterprise
Managing Information Risk in the Extended Enterprise: Why Corporate Compliance and IT Security Must Join Forces
BUSINESS BOMBARDED BY RISK TO DOCUMENT SHARING AND COLLABORATIONThe early stages of a paradigm shift can introduce a period of ignorance that quickly moves to fear, uncertainty, and doubt. Organizations ? nd comfort in the old way of doing things, but must move forward and begin to leverage new approaches to stay competitive.
Seamless collaboration with electronic of con? dentiality, integrity, and avail- The good news: Organizations can documents is one of those business ability of critical business information? provide employees with a secure online practices that may completely document collaboration environment. revolutionize how technology creates With an onslaught of regulations It's time to stop ? ghting collaborative value for companies. Thanks to a wealth impacting security, this concern has processes that end-users have so avidly of new tools, document collaboration continued to grow. embraced, and objectively look at has become much easier and more securing online document collaboration accessible to business users. This makes across extended business relationships, employees more productive and gives to take full advantage of its bene? ts. companies agility that helps them succeed in a complex, dynamic, and Legions of compliance obligations and distributed business environment. risks to informationThe information within electronic However, new methods of collaborating documents faces a bombardment of risk using online or other electronic means and compliance challenges from every introduce serious risks. Documents direction. IT security has been in reactive shared outside the enterprise aren't mode, tightening down access using protected by perimeter security, enter- enterprise rights management, prise rights management and other perimeter security, laptop encryption, infrastructure measures. These new but has not addressed the issue of how approaches require organizations to information is used outside the extend security beyond the ? rewall. enterprise. Meanwhile, business users are sharing documents completely How does business take advantage of unprotected, often using online the wealth of bene? ts that online collaboration platforms, because it document collaboration promises, makes them more productive.while avoiding the compromise W H I T E PA P E R - M A N AG I N G I N F O R M AT I O N R I S K I N T H E E X T E N D E D E N T E R P R I S E 2/6
The onslaught of risk and compliance . Collaborations on strategy: Work controls. Any employee with access to issues related to information sharing with management consultants, board sensitive documents can put them at risk includes: members and investors requires sharing by sending email attachments, using information on business strategy, unsecured online collaboration tools, or . Intellectual property and trade execution, and partnerships. In fact, the through of? ine communication such as secrets: Technology licensing and more sensitive a document is, the more shipping documents on CDs, USB drives collaboration can put intellectual likely it will need to travel outside the or even as hard copies.property at risk through intentional or enterprise, increasing the risk of inadvertent exposure. Biophar- exposure. The distributed nature of documents maceutical outlicensing, in which compound riskpotential bidders review product . Personal information: The onslaught Risk and compliance issues are com-dossiers, is a good example of this. of privacy laws mandating security, pounded by the pervasive nature of encryption, authentication and audit electronic documents. Individuals and . Sensitive customer information and trails impacts documents shared with HR departments can quickly set up online data: Communication with vendors, administrators, insurance and payroll collaboration portals and share docu-external auditors and customers need to providers, 401(k) administrators, and ments inside and outside the organiza-be secured, not only to protect others. Additionally, privacy tion, increasing the number of people con? dential customer information, bu... [download for more]