Sunday, December 22, 2024

Collaborative Information Security Next?

Share

Have anyone ever been on the phone with a client after the job, where the client wants more information, needs a copy of the report, or just wants to spend some time discussing the implications of the report that the company generated for them?

The files are usually spread across some file share somewhere, and unfortunately the search mechanism that comes with windows, or even Google desktop search sometimes is not enough.

With all the clients that we have, we have two ways of serving the clients, through self-service via the company portal, or depending on who is grabbing information internally, access to reports, cost accounting, payment status and other information is all stored within a portal system. We do use share point portal for this process because it ties into Active Directory, and all sorts of other ways of giving permissions to people to have access to their own accounts. This is not a discussion of share point through, but rather how we use share point to service our customers and ourselves.

The key to this is that each customer has his or her own permission schema within one share point system that is forward facing on the internet. Each customer can have as many accounts as they want to have, but only one or two people can authorize the accounts, and those authorizations are faxed in, scanned, and then dumped into the groups share point portal so that they know who was authorized. The customer is then contacted via phone to provide user name and password. This process takes less than a day, depending on how hard it is to fax something. We want to upgrade that process to a fully on line self-service process, but have yet to really work out the personnel attribution of the process. Therefore, we are looking at something like RSA via Aventail to make that happen. The process is collaborative with our customers because they can really have access to what they are allowed to have access to within the system.

This also allows us to segment the data into customer buckets, and depending on the services that they bought, expands the systems that they have access through via share point. Most of our customers like it because it works just like being on their own internal LAN, with an extra login, which they are used to already.

The other side of that is that we do the same thing internally when the customer calls. Depending on what they needed, the sales person can bring up the whole account, the engineers can bring up all the survey and security data we have on the company, senior management can bring up everything on the customer, and accounting can bring up all the financial details on the client. That segmentation internally helps us collaborate with each other and the customer to deliver the best possible services. As well, if the account is one year old, we know to contact the customer if they are on an annual network survey and arrange new business, while scheduling the engineer, sales, and other people that will be ended for the job. All of this is done on one screen using share point as the focus of the collaborative effort within the company.

The collaboration of all the groups in the company to deliver best service, provide information back to the customer, have time to talk to an engineer or sales person, as well as timeouts on when the customer might want to have new services really streamlines the business, and really opens up the collaborative efforts of the company. At general meetings, everyone has access to the company’s data that we are discussing, and can make go no go decisions based on what we have, and the history of the client. The interesting part is that the initial adoption of this process is very difficult for new employees, however, once they get the hang of it, efficiency, and ability to respond to customer needs shows a dramatic and marked improvement. The real major hurdle is getting people to upload data in a timely manner.

A lot of data stays on individual computers, but share point also allows us to synch data and add new data references from computers that are on the network, and that alleviates some of the tedium of sending data into the system. Our customers love it because every one at our company is on the same page, and anyone who has access to the information can answer most questions competently. That puts us way ahead of the power curve when dealing with clients, difficult ones, and easy ones.

The collaborative information security environment has definite advantages, and while we use share point it is not the only solution out there. Many CMS systems and other collaboration platforms will allow people to do the same thing in their own company. The process though is well worth investigating, because there are very definitive cost advantages to working collaboratively rather than having data scattered around the network.

Tag:

Add to Del.icio.us | Digg | Reddit | Furl

Bookmark Murdok:

Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security
, and is an active participant in the
ITtoolbox blogging community.

Table of contents

Read more

Local News