4 Considerations for Collaborating Securely in the Public Sector
Gone are the days when collaborating at work meant either blocking time off in the conference room, sending a quick chat to your co-worker, or posting a file on your agency’s intranet or extranet. Today, collaboration for the government is on-the-go, with a mix of employees collaborating cross-country or often from home; and while solutions like Microsoft 365, driven by the adoption of Microsoft Teams, aim to interconnect employees, the path towards security is less clearly defined.
As the leader of your agency’s IT initiatives, what do you need to do to ensure the same level of security for your data as when the information was clearly protected through physical security and air-gapped networks? And what do you need to consider with any of your cloud service providers (CSPs) to keep the mission moving forward?
Below are four areas to consider when building your blueprints for a new secure collaborative approach.
1. IRAP Authorised Cloud Service Providers
Whether you’re a federal or state agency or a local council, you should care if your cloud solutions are IRAP Authorised.
When you select a cloud service provider (CSP) that’s IRAP Authorised you can confidently leverage their solutions knowing they went through a rigorous process to ensure a secure platform. The IRAP assessment covers people, products and services against the requirements of the ACSC Information Security Manual (ISM).
No doubt you have heard of the Essential 8. If so, think of IRAP as the Essential 8 on steroids. Instead of 8, there are over 1200+ controls needed to meet the IRAP standards.
AvePoint received its IRAP official assessment in 19 May 2021 and are currently going through the “IRAP Protected assessment” across all cloud solutions. To learn more about our IRAP Assessment read our press release.
2. Confidentiality of Information Access and Disclosure
While collaboration solutions have made it feel more organic to work within or out of the office, ensuring the right people are accessing and sharing appropriately has become a challenge. Consider that many agencies are bringing previously disparate divisions together into a central tenant while still requiring different levels of security and capabilities after realising that running one tenant with multiple needs can be a nightmare.
As the IT Leader, you need a solution that will support the deployment of different information governance policies. From access controls to provisioning and lifecycle management, supporting the unique needs of each division that utilises your tenant is a must. Recently, our Chief Product Officer, John Peluso, hosted a webinar on securing an agency’s collaboration. The on-demand recording can be found here.
3. Integrity Against Modification or Destruction
Government employees want to successfully meet their mission, but they are also prone to accidentally oversharing, deleting, or modifying key data. This puts your agency at risk to fail compliance checks with federal mandates for privacy, security, or records management (e.g. The Privacy Act 1988, Information Privacy Act 2014 (ACT) Health Records and Information Privacy Act 2002 (NSW), Privacy and Data Protection Act 2014 (VIC)) or local laws.
IT’s job is to provide an environment that automates the security and integrity of your content while enabling users with access to the tools they need and avoiding lengthy waits for manual management and lifecycle processes. It is also important to guide your users down the right path, not only with training and education, but by providing mission-focused use cases and examples throughout the solution, reinforcing how and why users should use them instead of going off on their own.
4. Keeping Integrity of Information Within a Flexible Environment
Ultimately, your employees will not use the tools you provide if they offer more roadblocks than solutions. Your IT department must balance controls and security with collaboration and flexibility, and to do this you’ll either need the headcount to support the manual processes or a means to automate these processes into predefined workflows.
Note that to “keep your data in an environment you can protect” means not only finding this balance but also providing a means to identify any exceptions to the process over time. Management of these collaboration solutions is not a one-time job but requires ongoing planning and change. Recently our Chief Product Officer, John Peluso, sat down with Federal News Network to discuss how to transition to the Microsoft Cloud.
Listen to AvePoint’s Microsoft 365 Government Call
Check out our monthly LinkedIn series Microsoft 365 Government Call where we partner with industry and government experts to discuss the tools and techniques available to ensure your modern collaboration environment is designed to protect your data and enable your employees. You can subscribe to view past events and stay up-to-date with future events and join us live for our monthly broadcasts.
If you would like to know more about Secure Collaboration contact us here
Originally published HERE