Jeff Schumann, Aware: "legal teams now have to worry about data governance for a remote workforce"
The pandemic has pushed almost every business to adopt new digital technologies. Due to the sudden hit, not every firm managed to adjust by allocating a budget to cybersecurity. As a result, many corporations using popular communication platforms found themselves prone to data leaks.
It’s clear that software-related security vulnerabilities can open paths for cyberattacks. But what’s worth mentioning is that unmonitored communication channels can also become a weak link for an accidental data breach.
Cybernews reached out to Jeff Schumann, the CEO and Co-Founder of Aware to talk about effective solutions for data governance, risk, and compliance.
How did the idea of Aware come to life? What was the journey been like since your launch?
In today's diverse, hybrid workplaces, organizations are frequently turning to internal messaging and collaboration tools to meet the growing need for efficiency and knowledge sharing. However, legacy vendors weren’t designed to handle the operational and data governance complexities of these platforms associated with the modern workplace.
I started with a vision of enabling collaboration across the enterprise after struggling with the red tape while he worked to implement communication tools for regulated users at a Fortune 100 company. Today, Aware solves these legal and compliance use cases and removes barriers to the adoption of modern collaboration tools.
Can you tell us a little bit about what you do? What challenges do you help navigate?
Aware is a collaboration governance platform that makes sense of conversations and human behavioral data to transform the workplace of the future. Aware’s platform can access, analyze and uncover organizational insights from unstructured data across applications, such as Slack, Microsoft Teams, Zoom, Yammer, and Workplace from Meta. From employee sentiment to toxic language detection to theme extraction, businesses now have a real-time pulse of their workplace culture, even in a remote environment. The platform also provides data governance, eDiscovery, and compliance monitoring in one unified view to help legal and IT teams mitigate potential compliance risks from employees while staying within regulations, such as GDPR, CCPA, and industry-specific legalities, like HIPAA, FINRA.
What technologies do you use to enhance digital workplace communication?
Leveraging proprietary models, our platform can identify languages used, the presence of code, and apply rules to images using computer vision models (including OCR, not-safe-for-work image detection, and software screenshot detection), as well as machine learning and natural language processing for sentiment and toxic speech. Proprietary sentiment and toxicity KPIs also offer an aggregate and ongoing understanding of your employee’s feelings.
Do you think the pandemic affected the way people approach data security?
Data security has become a great concern for businesses during the pandemic, as IT and legal teams now have to worry about data governance for a remote workforce leveraging new technologies. With the sudden adoption of tools like Microsoft Teams, Zoom, and Slack, IT and security teams are left with a blind spot of potential risky communications – particularly as these tools rolled out quickly without typical security training or change management processes. Employees use these tools to efficiently conduct business but are often unaware of the potential risk of a data breach or accidental information sharing with unauthorized audiences.
What are some of the worst things that can happen if an enterprise fails to manage its communication data?
Companies that don’t have visibility into their communication data not only risk proprietary or sensitive information potentially being leaked, but also do not have a way to access the communications for internal investigations or eDiscovery processes.
Why do traditional data governance and compliance solutions fail to do the job anymore when it comes to collaboration data?
When it comes to data governance and compliance, companies in highly regulated industries typically have some sort of solution to monitor more traditional platforms such as email. However, data found in collaboration apps is unstructured and difficult to process with legacy vendors. These messages contain several variables not found in emails, including edits and deletions, message location, visibility, and surrounding conversation context. Conversation context is especially critical when it comes to data governance and compliance as communications on these platforms are often chatty and informal – it can be especially difficult to identify potential risks without understanding the surrounding messages for context.
As remote work is becoming the new normal, what security issues accompany this development?
Many customers who implemented modern collaboration in a hurry as a result of the pandemic did not have the luxury of time to adequately vet and plan for these technologies. As a result, IT teams now face the task of identifying gaps and creating risk mitigation plans. Many collaboration platforms do not offer the out-of-the-box enterprise-grade governance and compliance controls that legal, compliance and IT teams require. Instead, they offer a robust partner ecosystem to satisfy these use cases but these gaps were often not identified in the initial urgent rollout.
Additionally, legal and IT teams need to consider strategies for handling multi-company or guest access to these tools, like Slack Connect. These features are highly valuable for work efficiency, but require an added level of security due to the exposure to other companies or non-employees interacting in the workspace.
Talking about average Internet users, what security measures should they implement as we move into 2023?
If employees are using collaboration platforms, like Microsoft Teams or Zoom, and using them to have meetings and communicate with outside contacts, make sure these meetings are password-protected, so unwanted visitors can’t hijack the meeting.
Implementing controls for data governance and compliance across tools, like Zoom, Slack, and Microsoft Teams is a must-have. Companies need the ability to create an immutable archive for eDiscovery and internal forensics, as well as to preserve important conversation context, while also limiting the surface area risk by systematically purging data via ongoing retention policies. Finally, real-time compliance monitoring is incredibly important for these tools – conversations proliferate quickly, so IT and information security teams need to understand immediately if sensitive information is shared or other compliance policies are violated.
Would you like to share what’s next for Aware?
We are continuing to build out and improve the insights portion of the Aware platform to help companies identify themes and trends amongst their employees to identify issues early and provide the best workplace culture possible. Since many businesses are still remote or hybrid, it's important for colleagues to feel connected and heard by employers and our platform can help do just that.