Unlock Exclusive Cybersecurity Insights
Complete the form below to be redirected to CDW's exclusive proprietary research report on Cybersecurity. Once the form is submitted, you’ll be opted into our Security email stream.
Collaboration Platforms May Open the Door to Sensitive Government Information
To protect sensitive information, state agencies should prioritize safeguards for meeting access and shared data.
For state governments, collaboration platforms have become essential to productivity, but they also introduce new security challenges.
As file-sharing, messaging and collaboration tools become more widespread, so do concerns about data access and content retention.
Government agencies now need solutions that can detect sensitive data, protect it through tokens or masking, and provide real-time visibility into how it’s shared. To do this, IT leaders are turning to multifactor authentication, role-based access control and integration with data security tools such as data loss prevention and insider risk management.
“Collaboration is all about the security of your content and access privileges,” says Jennifer Glenn, research director for IDC’s security and trust group.
Glenn advises agencies to seek out risk dashboards offering broad visibility, and complement that with simplified, automated tools for rule creation, monitoring and alerts. Agencies should consider tools that evaluate whether shared content is still necessary, she says, and identify severe risks that need urgent attention.
These capabilities can help states stay secure without being overwhelmed.
End-to-End Encryption
Roopam Jain, vice president for information and communication technologies at Frost & Sullivan, says state governments should be concerned about unauthorized access and the privacy of data shared in meetings.
“Today’s meeting platforms have come a long way in offering advanced features that assure users and IT managers that their meetings are fully secure and compliant,” Jain says.
Options such as end-to-end encryption, waiting rooms to control who joins the meeting, password protected meetings and two-factor authentication all add an extra layer of security.
“These capabilities ensure that collaboration platforms provide a secure environment for meetings, protect sensitive business information and maintain privacy,” she says.
Today’s meeting platforms have come a long way in offering advanced features that assure users and IT managers that their meetings are fully secure and compliant.”
Roopam Jain Vice President for Information and Communication Technologies at Frost & Sullivan
The Right Security Features
Heidi Shey, principal analyst at Forrester, says while popular tools such as Microsoft Teams, Webex and Zoom are “secure for general-purpose use,” the level of security required depends heavily on how the platform is being used.
“A lot of employee communications could contain sensitive information,” Shey says. This could range from strategic plans to routine coordination, and the sensitivity of that information shapes an agency’s risk profile.
“It comes down to what that use case is and what information is being conveyed and stored within these platforms,” she adds.
Ensuring correct configuration of features, such as MFA or encryption of data at rest, is critical, Shey adds: “That’s the other side of the responsibility of making the best use of what you are purchasing.”
10%
The percentage of industry leaders surveyed who said they were using more than 100 security tools across their enterprise
Source: cdw.com, CDW Cybersecurity Research Report, 2024
Managing Security Risks
Collaboration platforms carry a range of security risks that state agencies can’t afford to overlook. As data volume grows exponentially, so does the attack surface.
“Too much data makes it harder to detect violations,” Glenn says.
Insider risks — both accidental and malicious — remain a growing issue, compounded by the potential for compromised accounts and external threats such as ransomware.
“Collaboration platforms need to adapt to organizational fluidity,” Glenn says. “Otherwise, sensitive data can end up in front of the wrong eyes.”
If access controls are weak or misconfigured, collaboration platforms can become gateways for data loss, she says.
DIVE DEEPER: Identity and access management’s role is changing in the age of AI.
Complex Threat Landscapes
The collaboration threat landscape is also growing more complex, and state IT officials need to be aware of the evolving risks that come with that.
“Enterprises of all sizes are generating so much data, and attackers are using this to their advantage,” Glenn explains.
Complicating matters, she says, is the issue of “tool overload.” While having the right tools is essential, Glenn warns that many organizations are struggling under the weight of too many disparate solutions.
“This can lead to incorrect configurations, inconsistent policies and just general confusion,” she says. “It opens the door to preventable vulnerabilities.”
Click the banner to sign up for the StateTech newsletter for weekly updates.
Generative artificial intelligence is also reshaping the threat landscape. While GenAI promises efficiencies, it brings real security challenges.
“Malicious prompts designed to exfiltrate or access confidential or regulated data will go up,” Glenn cautions.
Ultimately, AI will improve the quality of phishing and social engineering attacks, increasing the risk of account compromise. And in some cases, data may not be encrypted appropriately as it moves through the AI pipeline — from source to model to output — creating new points of exposure.
RELATED: AI governance bodies are key to mitigating the technology’s risks.
Best Practices for Security
To boost collaboration platform security, state government agencies should focus on both access controls and data management, Shey says, emphasizing that MFA remains one of the most effective defenses against unauthorized access.
Equally important is information lifecycle management — establishing clear guidelines for what should and shouldn’t be recorded or stored during meetings.
“That’s an easy way to generate a lot of sensitive information that’s not being managed appropriately,” Shey says.
Putting these policies in place early can simplify compliance and reduce long-term risk. This means actively reviewing shared content to determine what needs to be available and what can be retired.
Foundational data hygiene practices are also critical, including discovery, classification, posture and mapping. Glenn touts the importance of tagging data with the appropriate classifications so privacy and security tools can function effectively.
“Make sure the organization understand exactly who has access to what,” she says. “This will help limit insider risks.”
gahsoon/Getty Images
