 "Collaborative Business Environment Needs Sound Risk Mgmt")
In today’s world, business is no longer between companies, but between networks of companies. A network that consists of customers, employees, suppliers, business partners, ad agencies, consultants, or even university scientists. How do you ensure the same rigour for security compliance when you have so many stakeholders that may not directly, or even indirectly, be in your sphere of influence? This becomes a bigger issue for the ‘front-end’ companies that are directly faced with the end-customer, because they are the ones ‘visible’ to the customer, regulatory authorities, competitors, etc – the one throat to choke should there be any breach of security.
Charting Out A Security Strategy
First and foremost, while caution makes good sense in a collaborative business environment, suspicion does not. Mistrust only exacerbates the situation when it comes to multiple people dealing with multiple other people at multiple levels and forums, day after day.
The starting point of course, is a strong non-disclosure agreement (NDA), the tenets of which must be read and acknowledged by all stakeholders in the partnership – not just the lawyers. An NDA is no longer a mere formality, but a mandate that guides the collaboration. I strongly believe that any violation of the NDA, by any member should be taken up in the strongest possible way, perhaps in termination of the partnership. Most often, violations happen through trivial media – like communication around the coffee-machine, chats or posts in the social media, etc.
A collaborative environment also calls for more guarded behaviour on part of the members of the business network. After all, as Kahlil Gibran said, ‘if you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees’. Strict ‘need-to-know’ has to be the norm, not exception in a collaborative business environment.
Investing millions of dollars on information security apparatus - including processes, tools, and policies - and then bringing in a partner who is not able to align with it owing to various factors like conflict or incompatibility, is guaranteed to cause trouble. No NDA is going to help here – it has to be established prior to the engagement through detailed and uncompromising due-diligence.
The biggest risk to reputation and revenues in a collaborative model come from breach of regulatory or legal norms by any of the partnering entities. The primary enterprise has to guard at all costs against legal and regulatory exposures. No law in the country absolves you (as the primary business enterprise) against breach by your partners. Accept this, and only then proceed with a partnering engagement.
Indeed, there are many strategic benefits of a collaborative business model, and I strongly subscribe to this model. But it would be imperative for the enterprise to adopt sound and responsive risk management practices for effective oversight, due diligence and management of risks arising from such interworking.