Gone are the days when collaborating at work meant blocking out free time in the conference room, sending a quick chat to your colleague, or posting a file to your agency intranet or extranet. Today, collaboration for government is on the move, with a mix of employees collaborating across the country or often from home; and while solutions like Microsoft 365, driven by the adoption of Microsoft Teams, aim to interconnect employees, the path to security is less clearly defined.
As the manager of your agency’s IT initiatives, what do you need to do to ensure the same level of security for your data as when the information was clearly protected by physical security and isolated networks? And what do you need to consider with one of your cloud service providers (CSPs) to advance the mission?
Below are four areas to consider when creating your plans for a new secure collaborative approach.
1. IRAP-accredited cloud service providers
Whether you’re a federal or state agency or local council, you need to worry about whether your cloud solutions are IRAP-licensed.
When you select an IRAP-certified Cloud Service Provider (CSP), you can leverage their solutions with confidence knowing that they have gone through a rigorous process to ensure a secure platform. The IRAP assessment covers people, products and services against the requirements of the ACSC Information Security Handbook (ISM).
You’ve no doubt heard of Essential 8. If so, consider IRAP the Essential 8 on steroids. Instead of 8, there are more than 1200 controls needed to meet IRAP standards.
AvePoint received its BET official assessment on May 19, 2021 and are currently passing the “IRAP Protected assessment” for all cloud solutions. To learn more about our IRAP assessment, read our Press release.
2. Confidentiality of Access and Disclosure of Information
Although collaboration solutions have made working more organic in and out of the office, ensuring the right people are accessing and sharing appropriately has become a challenge. Consider that many agencies are consolidating previously disparate divisions into one central tenant while requiring different levels of security and capabilities after realizing that managing a tenant with multiple needs can be a nightmare.
As an IT manager, you need a solution that will support the deployment of different information governance policies. From access controls to provisioning and lifecycle management, it’s essential to meet the unique needs of each division that uses your tenant. Recently, our Product Manager, John Peluso, hosted a webinar on securing agency collaboration. On-demand recording can be found here.
3. Integrity against modification or destruction
Government employees want to complete their mission successfully, but they are also prone to over-sharing, deleting or accidentally modifying key data. This puts your agency at risk of failing compliance checks with federal privacy, security, or records management mandates (e.g., The Privacy Act 1988, Information Privacy Act 2014 (ACT) Health Records and Information Privacy Act 2002 (NSW), Privacy and Data Protection Act 2014 (VIC)) or local laws.
IT’s job is to provide an environment that automates the security and integrity of your content while giving users access to the tools they need and avoiding long waits for manual management and cycle processes. of life. It’s also important to guide your users on the right path, not just with training and education, but by providing mission-driven use cases and examples throughout the solution, reinforcing how and why users should use them instead of going alone.
4. Maintaining Information Integrity in a Flexible Environment
Ultimately, your employees won’t use the tools you provide if they offer more obstacles than solutions. Your IT department needs to balance controls and security with collaboration and flexibility, and to do that, you’ll either need staffing to support manual processes or a way to automate those processes into workflows. predefined work.
Note that “keeping your data in an environment you can protect” means not only striking that balance, but also providing a way to identify any exceptions to the process over time. Managing these collaboration solutions is not a one-time job, but requires ongoing planning and change. Recently, our Product Manager, John Peluso, spoke with Federal News Network to discuss the transition to Microsoft Cloud.
Listen to AvePoint’s Microsoft 365 Government Call
Check out our monthly Microsoft 365 Government Call LinkedIn series where we partner with industry and government experts to discuss the tools and techniques available to ensure your modern collaboration environment is designed to protect your data and empower your employees. . You can subscribe to view past events and stay up to date with future happenings and join us live for our monthly broadcasts.
If you want to know more about Secure Collaboration, contact us here
Originally Posted HERE