Developing Compliance Criteria for Team Workspace Evaluations
IT organizations considering team workspace platforms should examine how granular access and data retention work.
With so many team workspace applications on the market, companies have a lot of choices, so finding solutions with the right mix of features and support for a range of work styles should be easy. For IT, finding solutions that support strong security and integrate with existing systems should also be relatively easy. Meeting compliance requirements is where things can be more difficult, and may require some creativity to address all needs.
Look for solutions with granular access rights that allow organizations to work with external partners without giving up too much data access. While most solutions provide this level of control, look specifically for those that offer object-level permissions. For example, a team workspace should allow a manager to provide access to a single folder or application rather than the entire space.
Reporting on active users and changes to users should be a critical requirement. Many workspace applications license external users in large groups based on subscription level. For example, an enterprise license may allow for 1,000 external users. Being able to get a report on these users and the workspaces they have access to will be critical for assessing security risks (not to mention license compliance).
A high level of integratability with other applications is also important. This will increase productivity and can considerably lighten the load for IT if integration can be done in a relatively low-code way. Furthermore, integration with the right enterprise content collaboration platforms can help an IT organization ensure that workspaces meet regulatory requirements even if the team workspace application doesn’t have the necessary change management and reporting features an organization may otherwise need.
From an enterprise architecture standpoint, it may be necessary to restrict who has the ability to perform these integrations so that changes to non-workspace applications don’t cause support issues.
For organizations that have at least the file sync and share components of an enterprise content collaboration platform (such as Dropbox), direct integration with these platforms can help IT mitigate some of the data retention and audit shortcomings a team workspace application may have. Unfortunately, the embedded group and individual chat in a workspace could be an area where IT will have to be creative to ensure it meets data retention and audit needs.
To work around these issues, you could look for solutions that support replacing embedded chat with a third-party chat platform (such as Slack). This isn’t likely to be an option, however, so you could also see if the team workspace platform can provide regular reports that break down chat by workspace. Change logs associated with workspace wiki documents are another feature to look for.
Failing these options, look for flexible vendors that embrace the spirit of partnership. For example, a vendor may be willing to share regular platform backups, even if for a fee. Of course, this option would necessitate developing scripts to break down the resulting BLOBs to perform audits or e-discovery, but it may be worth it.
About the Author
You May Also Like