The promise of instant communication and collaboration at any time, from anywhere with anyone on any device is a powerful UC marketing message, but for a large number of enterprises, it’s the kind of message that keeps compliance, regulatory, and IT security departments up at night.
Healthcare, financial, and many other institutions have a complex regulatory labyrinth to navigate. Global organizations must be aware of differences in local and regional privacy and telecom laws (has anyone figured out how to legally deploy a hybrid VoIP solution in India yet?) Every enterprise has some degree of intellectual property concern and risk. Figuring out how to balance these concerns with the undeniable benefits that come along with deploying UC capabilities is not a one-size-fits-all proposition. It takes careful planning and, as with any IT transformation, comes down to people, process, and technology.
"With good planning, strong policies, and the right tools in place, any organization can reap the benefits of UC"
Who needs to have input into the ways employees can communicate? It’s likely not solely an IT decision.
- Does the communications team need a seat at the table to make sure users aren’t posting cat videos to the social intranet?
- Facilities/physical security personnel will need a say if there are UC integrations with their systems.
- How will users be trained to ensure UC tools are used in a compliant manner? No matter how many technological safeguards are in place, there is always a way around them.
- What’s the culture of the organization? Building a corporate culture that emphasizes compliance will go a long way toward creating users who take pause before sharing a potentially sensitive document or collaborating with a vendor outside of approved channels.
A comprehensive set of data governance policies and procedures is critical. Getting the right team together and hammering out the fine details for a governance model is not a quick nor a painless process, but it will become the foundation which will drive UC (and all IT) strategy and design decisions as they relate to data protection and compliance.
- How are different types of data classified, and how can each be shared?
- Is there an email retention policy in place?
- What forms and approvals are necessary to enable Skype federation with an outside party?
- How does a department set up a Sharepoint site to collaborate with a business partner?
- How much visibility and access will contractors be allowed?
These are just a few examples of questions that should be answered in an effective data governance model.
Most UC platforms allow for some control over how users communicate, but unfortunately, it’s usually not enough.
- Is there a need for a 3rd party “ethical wall” product to allow for more granular control over UC platforms than is available out of the box? For example, when a user is part of a policy which allows Skype for Business federation, they will be federated with all configured and approved partners, not just the ones with whom they need to collaborate. An ethical wall solution can help with this scenario.
- Which software products will be enabled for use by employees? Will they be allowed to use a web browser client on a personal PC? What limitations will be imposed and how?
- How will user activity on UC systems be logged and monitored?
- How will peer-to-peer file transfers using UC tools be managed?
- What tools are available to monitor and manage communication on mobile devices?
In an ideal world, these decisions can be made, and policies be written, before a UC deployment happens, but it’s more likely that many of these considerations will be made in an existing UC environment. They will need to regularly evolve to accommodate a changing regulatory and technology landscape. While the dream of a wide-open collaboration utopia will remain just that for most organizations, there’s no reason that with good planning, strong policies, and the right tools in place, any organization can reap the benefits of UC while maintaining a secure and compliant environment.