Using document collaboration tools and secure web portals to enable collaboration without compromising security.
All businesses need to be able to collaborate effectively with employees, clients and their supply chain. There is nothing new here, this has always been the case. However, in today’s interconnected world this collaboration needs to be electronic, over the internet and preferably mobile device accessible.
This creates a problem for information managers and data protection officers because the more information shared, the greater the risk of compromising the security of that data. Data breaches, intellectual property theft, hacking and internal vulnerabilities all threaten the security of sensitive business information.
The problem is, the more effort that is expended in securing the data the less accessible it becomes. When asking the CISO or IT Manager how best to secure data they will often respond on the lines of “unplug the server from the internet!”
Security vs Usability
This is the dilemma facing many businesses today and can be illustrated by the diagram below.
Does this mean collaboration and information security are mutually exclusive?
Not necessarily, but if you’re in a regulated industry like financial services, you need to ensure you employ the best techniques to maintain data security.
It might help to ask yourself the following questions:
- How does collaboration impact network and information security?
- What reasonable levels of risk can we accept?
- How much shall we risk in terms of security for the sake of the enhanced productivity collaboration delivers?
- Or, turning this around, how far shall we go in preventing collaboration with our clients and partners to maintain security?
There are a wide variety of complex issues involving collaboration in a secure environment. Who needs to access the information from what types of devices for example, demand a much broader approach than simply protecting the boundaries of the network. There is also the need to provide a secure seamless experience to users no matter where they are or what device they are using.
Once you have accepted the need for, and benefits of, collaboration you can then start to look at the security measures you need to put in place.
Achieving the balancing act
Security measures do not need to be overly complicated. Business-level security does not need to obstruct usability, but that is not to say that it shouldn’t exist altogether.
The best way to assess your organisation’s security needs is ultimately to assume that they have already suffered a data breach and implement measures accordingly.
Over complicating security will only obstruct workflows, but measures like data encryption, correct access privileges and worker education are all ways of striking the fine balance between usability and security.
To strike this balance between security and usability in your business, you need to implement solutions that support the way your staff and your clients work.
In the rest of this article I am going to consider two types of collaboration solution that are popular with the clients I mainly work with, which is private wealth management, trust companies and corporate services providers.
One of the most common use cases for collaboration between client and service provider is around documents; think application forms, account opening forms, self certification forms etc.
Without a collaboration tool we resort to email, or worse, snail mail! Neither of these options is practical and we end up with the nightmare of managing versions and merging changes into master documents. That’s without the inherent security risks of many email and messaging systems.
The increasing need to collaborate with external parties as well as internally can be evidenced by the success of tools like Microsoft Office 365 and Google’s G-Suite. These tools provide an easy way to share information with third parties, but they can be difficult to control and there is a very real risk of ‘data leakage’. These risks are often too much for a regulated financial services firm to consider.
To increase security, we come to dedicated solutions that provide a secure repository for all parties to access where documents can be encrypted and shared with those having the ‘key’.
These services, often referred to as ‘data rooms’ or ‘deal rooms’ are very popular with the legal profession for sharing specific information as part of a disclosure exercise and for collaboratively working on contracts. One party will own the data room and provide access only to the people who need it. Each separate case or matter will have its own room created, which will usually be extinguished at the end of the deal /case.
Products that I have worked with in this category include SafeLink Data Rooms and Objective Connect. Both provide secure central repositories on a cloud server and can be cost effective ways to manage collaboration. SafeLink has proved very popular with law firms and regulated financial services businesses, whilst Objective Connect came from a public sector law enforcement and health care background.
However, what about when sharing documents is not enough, or the process you are trying to collaborate on is not related to a single document?
Transactions are likely to be more complex, involving multiple stages with different players involved. Controlling this workflow through a data room can be overly complex and we are back at the bottom right of the security vs ease of use graph.
In these situations a secure web portal is required which permits two way communication, workflow and access to data as well as documents.
Secure Web Portals
In many organisations and business sectors web portals are now common place. Can you imagine transacting with your bank without the ability to use an e-banking portal or mobile app?
We buy travel and car insurance either via a comparison site or directly through a portal provided by our insurer or broker. There are many examples where we use portals without really thinking about what’s behind them. Is it just an intelligent website that is accessed by clients and service provider alike, or is the technology behind it a true portal into the back office systems of the service provider?
It is the latter I am most interested in for use in private wealth management, where portals are not yet as widespread as some industries.
Whilst many organisations see a portal as a commodity which can be purchased off the shelf from many IT vendors, others consider it a vital and unique part of their infrastructure. A portal can be considered the shop window through which your customers will make a decision on whether to enter or go elsewhere. It is important therefore that the portal design accurately reflects your business.
Reliability is also an issue. Would you continue to use your bank if its online systems were not adequate or reliable? Issues with the unreliability of online banking systems was raised in the UK parliament last year, as reported by the BBC in October.
If you want to provide a portal into the services of your business but don’t want to compromise on quality or security and want it to reflect your identity, what are your options?
You could ask your website designer to build you a portal, or commission a software developer to create a portal to exactly match your requirements. However, this is a big risk and is likely to be expensive and time consuming.
Sirius Portal from Vega Solutions
My recommendation is to work with a respected portal provider who focuses specifically on providing customised solutions for your industry. In the private wealth management and banking sector the provider I work most closely with is Vega Solutions based in Hampshire, UK and their Sirius Wealth Management Portal. (Yes, I do have a commercial interest with Vega, but this was after careful consideration of the market.)
Sirius is built on the established secure web development platform that Vega have been working on and improving for the past 20 years. They have delivered secure portals to private banks, wealth and asset managers, trust companies and pension providers, many of which are still in use today after providing many years of trouble free service.
The Sirius portal can be customised to meet service providers requirements and incorporates document collaboration, secure messaging, workflow and integration to a back-office administration system through its middle-ware database.
Most recently Sirius has developed native mobile apps for iOS and Android with password-less login. This is a great demonstration of how the right technology can help address the security vs usability dilemmas mentioned earlier in this article. You can read more about this on Vega’s website here.
In this article I have hopefully demonstrated that it is possible to manage the collaboration dilemma, of providing easy to use but secure systems to third parties, through the use of well-designed document collaboration tools and secure web portals.
To collaborate effectively any system being used both internally and by third parties needs to be integrated effectively. If the portals are not integrated they will create more work negating the benefits of collaboration.
Consider the options carefully but if you’d like our input and advice into your own situation then get in contact in the normal way, either directly by email or using the contact form below.