Balancing collaboration and information governance

Enterprises need to maintain a secure regime of information governance when collaborating with external parties.

In this era of digital transformation, there is an urgent and growing need for regulated industries and government agencies to work more collaboratively to deliver better outcomes for their stakeholders. This ‘collaboration imperative’ is being driven by a range of factors, including the growing need for cross-agency collaboration, the use of outsourced service providers and increasing digital engagement with customer and citizens. It is also being driven from highest levels of government, including the Digital Transformation Office.

Expanding digital collaboration, however, presents serious challenges for regulated industries and government agencies that are the custodians of confidential personal records and highly sensitive information, and must manage a complex set of risks. For example, governments have access to personal information such as a citizen’s tax file. This information can cause serious privacy breaches or financial loss if it were to get into the wrong hands. Government agencies and other regulated industries also hold highly sensitive information that informs policy decisions and large commercial investments.

To maintain the integrity of this sensitive information and to protect citizens, stakeholders and their own reputations, enterprises have developed and honed robust information governance frameworks over many years. This includes huge investments in document and record management systems that ensure there is a complete record of how the information is managed. These systems not only track usage, but also enforce access permissions, life cycle and archive (or destruction) policies, guaranteeing the security of the information and maintaining a ‘single source of truth’. It is important to note that this is not just ‘best endeavours’ — good information governance is something that government agencies and other regulated industries are benchmarked against.

For all of these reasons, information governance cannot and should not be sacrificed simply to facilitate working with people external to the organisation.

The risk of inaction

In the meantime, collaboration must and will go on — and if the CIO doesn’t find a solution, the business users will. Unfortunately, in the absence of an easy-to-use and secure collaboration solution provided by the organisation, many are resorting to uncontrolled systems (or ‘shadow IT’) that erode information security and auditability — and expose their organisations to considerable risk.

For example, when people take information out of controlled systems and share it via email, thumb drive or consumer-based file sharing systems, all transparency, visibility and auditability over that content is lost. It essentially bypasses information governance, meaning that security and regulatory compliance cannot be guaranteed. It creates multiple repositories of information, resulting in an absence of a single source of truth, making any sort of audit impossible and ultimately hampering the collaboration efforts.

The risks of inaction are immense. In addition to the significant impacts on productivity and the integrity of the decision-making process, the privacy and security risks posed by this uncontrolled collaboration cannot be overstated. A solution that balances the need to collaborate externally while maintaining a secure regime of (cost-effective) information governance is needed.

Most solutions aren’t working

As organisations around the world grapple with this issue, a number of different approaches are being investigated, with limited success:

• Stand-alone collaboration tools are often ‘consumer grade’ file sharing applications that lack the security required for sensitive data. They pose a massive risk, as there is no oversight and or administration capability. They also don’t integrate with existing systems, meaning there is no transparency and accountability and no single source of truth.
• Built-for-purpose solutions are expensive to develop and maintain and are often difficult to scale to external stakeholders, other divisions or processes. In addition, licensing costs, staff training and the need to involve IT regularly cause bottlenecks for those looking to collaborate.
• ‘Universal systems’ designed to facilitate collaboration between related agencies miss the need to collaborate now. These are often abandoned in planning because of the cost and the time to implement. Those waiting for a perfect, ‘whole of enterprise’ system, for example, will be waiting a long time.

Balancing competing imperatives

When working with anyone outside of the organisation, an enterprise must find a solution that effectively balances the three competing imperatives of collaboration, governance and cost.

Collaboration. Collaboration can be a highly complex, fragmented process. Any solution must support all aspects of the collaborative process, providing complete context and transparency in a single, secure location — more than just simply sharing files. A collaboration solution must be easy to use and minimise training requirements, as stakeholders, internal and external, are included in the collaborative process. It must also have the ability to scale multiple processes.

Information governance. The problem for regulated industries and governments is that during the current uncontrolled collaboration process, there is no information governance. If audited, there is no way to prove that the collaboration process was secure and compliant with regulatory requirements. It is therefore vital that any collaboration platform used is not only secure, but also integrates with the existing information governance framework. This integration must facilitate the synchronisation of documents with the existing document and records management system, updating both the content and audit trails.

The collaboration solution must also inherit, rather than replicate, the access permissions, life cycle and destruction policies that are governed by the existing document and records management system. Without this integration, the information governance that today provides auditability and transparency is lost.

Cost to provision. The cost of implementation is also a major factor to be considered when delivering a collaboration platform. The licensing model of the platform must support the ‘fluid’ nature of the collaboration process, whereby new stakeholders, internally and externally, are continually added and removed without additional cost or restriction. The human costs must be also taken into account. Any solution must be simple to use and cost-effective to provision. Each instance where collaboration is required should be initiated by the user, rather than IT.

In summary, as our Prime Minister, Malcolm Turnbull, has said: “The key to our future prosperity is to be faster, leaner, more productive, more innovative and more collaborative.”

And herein lies the challenge for enterprises: on the one hand, there is an imperative to be more flexible and collaborative with those outside the organisation. On the other, a secure regime of simple and cost-effective information governance must be maintained — one that manages the many legal, regulatory, privacy, intellectual property and security risks.

More information: objectiveconnect.com/collaboration-challenge