Jay Leask, director of federal strategy for AvePoint’s (Nasdaq: AVPT) public sector business, said government agencies looking to establish a digital collaborative space to carry out its mission while protecting that space from cyberthreats should establish policies at the workspace level.
Leask wrote that “it is essential to ask questions about the expected use and desired security for a workspace based on the data type that will exist there.”
“By focusing on the workspace level instead of the file level, we can identify high-risk areas and, on the flip side, make it easier to collaborate on non-sensitive information,” he added.
Leask noted that agencies should have policies in place when using guest access to ensure data security and that there are three factors they should consider when providing guest access or tailoring permissions for external users.
These factors are considering multistage processes when onboarding into the workspace an external user, creating a guest monitoring program to gain visibility into any suspicious activity and scaling policy enforcement through automated rules for settings, access and other configurations based on Microsoft 365 groups.
“It might feel counterintuitive to allow sensitive information into a collaborative solution while staying within the zero trust principles. After all, there is no better way to secure your network and application than by restricting access to only a select few,” Leask said.