Buyer’s Guide to Enterprise

Collaboration Solutions
Buyer’s Guide to Enterprise
Collaboration Solutions
This buyer’s guide exists solely to help you select the most appropriate collaboration
solution for your company. It was written with the guidance of subject matter experts
from a variety of relevant technical, compliance and security fields. We hope it helps
you make the best selection for your enterprise.

Table of Contents
Securing Business Beyond Boundaries ..........................................................2
Burdens, Budgets and the Cloud ..........................................................................2

What are the Risks to You and the Organization? ................................................3

What You Should Demand from Your Solutions Provider ....................................4

Choosing the Right Solutions for your Organization ......................5

Underlying Platform Infrastructure ........................................................................5

Application Security ..............................................................................................6

Infrastructure Security ...........................................................................................8

Process Security ...................................................................................................9

Integration, Usability and Content Management ................................................10

Mobile Devices .......................................................................................................12

Information Rights Management .........................................................................13

Compliance Reporting ..........................................................................................14

Support Requirements ..........................................................................................15

Conclusion .............................................................................................................16

1
Securing Business Beyond Boundaries
The nature of work keeps evolving. Once, work meant being in the office interacting
with colleagues, face-to-face, from 9 to 5. Now work happens 24/7/365, anywhere,
anytime, across corporate boundaries and time zones, in virtual meetings with business
partners, contractors and colleagues; at home, on the road or at a client site across
continents. In the past, work tools meant a desk, phone and computer. Now, our work
tools include multiple computers, laptops, smartphones, tablets and other mobile
devices — both personal and company-issued. Users are also turning to Software-as-
a-Service (SaaS) providers to fill in functional gaps and boost their productivity.

To stay competitive and relevant, enterprise must enable end users to collaborate
virtually — and seamlessly — in more creative and complex ways. By 2017, Gartner
predicts, a chief marketing officer will spend more than the chief information officer on
IT.* Although enterprise CIOs and CTOs seem to be losing authority and budget sizes,
their IT departments are still mandated to enforce corporate governance guidelines.
Rather than business end users or managers procuring their own information
technology without official IT guidance, an option must be available for end users to
work freely…but still within their corporate IT ecosystem.

Burdens, Budgets and the Cloud

As business processes change and the regulatory environment adapts accordingly,
new ways to access our collaboration systems emerge. These changes foster an
opportunity for added risks: With the opportunity for content to become unmanaged
and unhinged from the corporate infrastructure during collaboration, highly valuable
corporate information can leak outside (some would say it is actually in danger of
“hemorrhaging”). To complicate matters, different departments and partners can
become prone to solving their sharing discrepancies using disparate solutions, making
it harder for the enterprise to govern the security of their content.

A recent survey from Harris Interactive indicated that 46 percent of respondents (all IT
executives or influencers) thought their corporations’ data were leaving the enterprise
because of the unmanaged use of file-sharing products. **

Companies today also face:

• Lack of standardized best practices for secure content and data management
• Inadequate security training
• Increasing government security regulations
• The constant threat of hackers

• Strained IT budgets

To meet these challenges companies need a collaboration solution that provides the
highest levels of security, compliance and risk management capabilities.

For highly regulated industries, the collaboration risks keep growing. Certain industries
must demonstrate compliance with an ever-evolving array of regulations. For instance,
in healthcare there are strict HIPAA guidelines about protecting the privacy of patients
or test subjects. There is a rigid need to guard information and keep it confidential to
meet regulatory compliance requirements.
*Please see citation for the Gartner webinar: http://my.gartner.com/portal/server.pt%3Fopen%3D512%26objID%3D202%
26mode%3D2%26PageID%3D5553%26ref%3Dwebinar-rss%26resId%3D1871515

**Please see: https://www.intralinks.com/sites/default/files/file_attach/via14_65324_email_harrispaper_v1.1.pdf 2

Similarly, companies must also protect intellectual property — for example, when
partnering with contract offshore firms to manufacture products. Likewise, financial
services and law firms (particularly when performing international work) also must
preserve their clients’ confidential information – and, at the same time, be able to share
data with regulators or auditors.

Adding to the challenge is that a company must manage data that can exist in a variety
of forms: The content and data may be structured and formatted — or unstructured,
and embedded in emails or various files.

Companies must strike a balance between protecting their content both inside and
outside the firewall, while providing their people with a freedom to share content in
a smooth, seamless way. Fortunately, robust and secure enterprise collaboration
platforms exist. They can enable companies to perform work more quickly and easily
despite continuously evolving data privacy regulations and other challenges.

What are the Risks to You and the Organization?

With headlines of data breaches on the scale of the SONY incident becoming almost a
regular occurrence, your organization needs the proper tools to mitigate risk. In fact, a
report from the security consultancy Ponemon Institute* reveals that 64 percent of data
breaches were the result of simple human or system errors.

So, how do you collaborate today? Is your team sending email attachments, using FTP
sites, or providing access to internal sharing systems like SharePoint®? Worse yet,
is your team using unapproved or blacklisted products? What does your existing (or
potential) collaboration solution provider do to reduce these technical and human risks?

With all of the virtualization and SaaS technologies available, the platforms and
processes underlying corporate enterprises are evolving constantly and unpredictably.
The risks involved with file and data sharing will only increase. We are seeing more
complex hybrid IT infrastructures – those that comprise both in-house applications
and hardware, supplemented by various cloud-based services. Steadily changing
regulations trigger internal changes to maintain compliance. Simultaneously, IT budgets
shrink, forcing CIOs, CTOs — and even IT departments — to do more with less.

An enterprise collaboration solution should help reduce any human and technology
gaps, while enabling IT decision-makers to better control and predict their costs.
Use your existing governance framework to evaluate if a potential provider’s solution
meets your security standards — without inhibiting user productivity and data
collaboration processes.
*Please see: http://www.symantec.com/about/news/release/article.jsp?prid=20130605_01

3
What to Require from a Content Collaboration Solution
When seeking a collaboration platform, security and ease of use are not mutually
exclusive. Protecting your data and ensuring your processes aren’t interrupted are
mission-critical priorities. Your provider should:

Be a trusted partner: Always remember that your success in sharing and protecting
data and content may come down to the quality and dependability of the technology
partner you chose. Your provider should demonstrate it can solve your basic business
problem, but also be a fully functioning partner in a successful relationship. Ideally, you
will only do business with a company that has actually earned it.

Such a firm will have a verifiable track record of servicing multiple businesses of your
size and industry. It will be a company with a positive brand perception and a global
presence. It will have a reputation for standing by its promises and its clients.

Ensure security: Be sure the provider has experience in managing secure file-sharing
and enterprise collaboration in heavily regulated industries — such as life sciences,
financial services or health care. Ask your potential provider for a list of its active and
recent clients.

Look for similarities between your situation and how the provider supports and
protects its existing clients. If good comparisons exist, the provider is likely to have
been audited or penetration-tested by some of its clients, as well as by third-party audit
and testing firms.

Accommodate mobility: Enabling and managing mobile access for smart phones
and tablets cannot be an afterthought. You need full audit tracking and compliance
reporting, and the ability to lock the saving, copying or printing of sensitive content
and data.

Besides that, the provider must offer more than a data repository — it must support real
work activity. Can you use the solution to support your workflows? Learn if the platform
will enable such tasks as running a sales presentation from a tablet. Will it let you
amend and submit a contract?

Promote collaboration: Your provider’s platform must have capabilities and rules for
working with the data associated with your business processes and, most of all, for
managing sensitive data. The tool must also be streamlined enough for the average
end user to adapt to easily and work with comfortably. Collaboration means more than
having a shared work area — it must comprise all the processes needed to complete
projects. For instance, learn if the solution will do things such as track changes and
comments, and help actually make processes work more efficiently.

Enable integration: You should select a provider that can leverage your existing
enterprise IT investments to reduce costs connected with secure collaboration.
Remember, security and ease of use are not mutually exclusive. Consider your
provider’s ability to enable users to work within familiar technology environments, such
as Microsoft Outlook® or SharePoint®.

Ask if the provider supports a variety of workflows — simple, complex, ad hoc,

structured, public or confidential — while maintaining a transparent and compliant
information flow. Can it automate workflow based on content metadata? Are there out-
of-the-box application connectors for you to easily configure? Is there a professional
services team available to get you up and running?
4
Promote compliance: Can the solution support your internal governance? Understand
what reporting capabilities are available – particularly those that show audit trails and
demonstrate compliance or identify gaps before a breach occurs. Will there be visibility
into these capabilities over the lifetime of any given document?

Be financially stable: Before entrusting your data to any company, you must do your
homework about its business stability. Your provider should have identifiable revenue
streams. You should be able to verify that it is stable and going to be capable of
remaining your partner for the long term.

Achieve outside-the-firewall accessibility: External end users and business partners

should be able to easily leverage the solution as well.

Choosing the Right Solutions for

your Organization
This document offers guidance to help you select a secure collaboration solution
that provides organizational control over your content within — and beyond — your
corporate boundaries. The guide is divided into separate requirement categories and
outlines key criteria for you to consider before, during and after your evaluation.

No two enterprises will have the exact same requirements. Review the guide, and
then pick and choose the different requirements that will describe the most appropriate
solution for your organization.

Underlying Platform Infrastructure

The platform supporting an enterprise collaboration solution must enable secure
content sharing. For peace of mind, you want confidence in the stability of a provider’s
infrastructure and architecture. Partner with a solutions provider that has a proven track
record in global regulatory compliance.

Such companies will be able to reference existing clients whose needs resemble your
own. For extra protection, there are valuable technologies, such as Information Rights
Management (IRM), which offer access and protection at the document level through
the file’s entire lifecycle. And, for an even greater guarantee of privacy in the cloud,
customer-managed encryption keys (CMKs) prevent even the cloud provider from
accessing content unless the customer permits access to the keys.

5
Application Security
Approaching secure data sharing is a process with multiple dimensions. But first, it must have security technology capabilities that
govern access to the application.
Desired Capability
Strict ID and password protocol
Secure data transmission and storage
Encryption
Permissions and visibility
Document locking and protection
Dynamic watermarking
Description
Prevents users from sharing
passwords.
Protects data in transit and at rest,
while ensuring compliance with local
data regulations.
Makes data unreadable without access
to decryption key.
Supports existing business governance
processes and workflows, giving
users access and/or control only on
a need-to-know basis. This means
one person may have control in one
business process, but read-only access
in another.
Prevents saving and forwarding files
in the open (unencrypted) to reduce
access and the risk of accidental
disclosure to unauthorized individuals.
A watermark is an image or text
superimposed over an original base
document, for permanent identification.
It discourages unauthorized sharing.
Questions to Ask a Provider
• Does your system detect and prevent a
single-user ID from logging in from multiple
locations simultaneously?
• Does your data encryption support the
commercially available ciphers, such as
256-bit keys and standard algorithms?
• Does your encryption scheme use NSA-
standard algorithms?
• By default, are your data encrypted at
all times, no matter where they reside, in
storage and in transit?
• How strong is the encryption?
• Are the encryption keys managed by the
service provider or by the content owner/
customer?
• Does the solution provide a mechanism for
key rotation? If so, is time-consuming re-
encryption required after rotation?
• Does your system provide near real-time
reporting of who’s looking at what content
and when?
• Do you support role-based permissions,
based on business processes?
• Can you revoke access rights to my
data from your own (i.e., the provider’s)
employees? If so, does this include support
personnel and system administrators?
Can any of these employees undo the
revocation?
• How do I maintain control once content has
been shared with external partners?
• Do you offer watermarking?
• Can users define the content, positioning
and format of watermarking?
• Can you digitally shred the document after
the end user has downloaded it?
6
Desired Capability
Multi-factor authentication
Cloud storage of structured and
unstructured data
Description
Provides a higher level of security to
the exchange of critical information. It
enables administrators to define a set
of rules and user challenges to verify
identity prior to accessing the shared
content.
All these formats have challenges and
strengths. They also offer varying levels
of security, costs, and different benefits.
Questions to Ask a Provider
• Does your solution provide multi-factor
authentication of user accounts?
• Does your solution support classifying
information by sensitivity and offer
appropriate protections?
• Does your solution implement any type of
risk assessment profiling for user accounts?
Do you allow the application of multi-factor
challenges based on data sensitivity and
the user’s assessed risks (for example, by
end user’s device parameters, geo-location,
IP address, time of access, etc.)?
• If available, can multi-factor authentication
be implemented at login as well as at the
project level?
• Are custom-tailored policies available?
• Can the solution provide domain range and
IP address range filtering at login?
• Will my data be housed in a public cloud
service, such as Amazon Web Services, or
in your own data center?
• Are the data limited to specific servers?
• If public, how are multi-tenant environments
secured?
• Who controls the cloud stack — your file-
sharing service provider or the hosting
facility?
• Do you perform onsite assessments of your
primary providers?
• Have your clients audited your operational
controls, procedures and technology for
fitness within their security standards?
• Have you done viability assessments of
your primary providers?
• If you go out of business, what happens to
my data?
7
Infrastructure Security
You need to be able to trust your provider’s capabilities to protect your confidential data. You must know that this partner maintains the
integrity of its data center, using virus scanning, firewalls and other standard technologies and processes.
Desired Capability Description
Customer-managed keys Provides the most secure commercially
Hardware-Software Customer- available encryption and is robust
Managed Encryption Keys (CMK) enough to shield against brute force
solution attacks by high-capability adversaries,
such as state security agencies.
Certifications Ensures that the processes controlling
the creation and management of an
online information exchange are of the
highest industry standards.
Personnel security Guarantees the integrity of the people
supporting your information exchange.
Questions to Ask a Provider
• Who holds the encryption key — the
provider or customer?
• Is there only a single encryption key? Or is
there a unique key for each file?
• Is a multi-layer key management system in
place?
• Who has access to the encryption key(s)?
• How robust is the encryption algorithm?
• Is the encryption key randomly generated
for each file? Or is the key generated using
a template that includes known information,
such as the user’s email address?
• Do you offer encryption at the file level?
• Which third-party validations, certifications
and audits do you possess?
• Do you perform annual SOC 2 Type 2
audits?
• Do you comply with FDA 21 CFR Part
11 (electronic records and electronic
signatures used in FDA-regulated
environments)?
• Do you undergo regular, independent
third-party penetration tests and application
vulnerability assessments?
• Can you share your recent audit and
penetration test reports?
• Can you share your historical audit and
penetration test reports from as far back
as 10 years?
• Do support personnel undergo background
checks, and are they bound by
confidentiality agreements?
• What training, examinations and
certifications are support personnel
required to undergo? Must they be
periodically recertified?
8
Process Security
An excellent provider sees to all details around security and business continuity. So, besides application and platform security, this
partner must also observe best practices during its application or service upgrades. It also must offer a proactive disaster recovery
plan, with redundant and mirrored data centers (in geographically separate locations) that perform daily data backups.
Desired Capability Description
Change control Prevents the introduction of new
vulnerabilities during a product release
and increases infrastructure stability.
Multiple independent data centers Ensures additional protection of critical
data under all disaster scenarios.
Business continuity/disaster recovery Ensures reliability and uptime.
Enterprise-scale implementation and Ensures system stability, availability,
operational processes reliability and integrity. Reduces the
risks of business disruption.
Restricted access by Ensures additional security by
provider personnel preventing the provider’s personnel
from accessing your sensitive data.
Questions to Ask a Provider
• Does your organization follow strict change
management processes, such as ITIL, or
similar IT best practices?
• How are product releases obtained by (or
distributed to) end users?
• Are product releases backward compatible?
If so, to what extent? That is, will the
release of new functionality require every
user to update?
• Are the servers that house client information
located in geographically separated data
centers?
• Is a failover mechanism between the sites
in place? Is it tested regularly?
• Do the servers use real-time replication?
• Are the servers continuously monitored with
proactive tools, such as virus scanning and
intrusion detection apps?
• Do you produce daily backups? Are
they stored offsite in a geographically
separate location?
• Do you test the data centers’ disaster
recovery plans, and, if so, how often?
• How do you ensure that providers comply
with your quality management practices?
• How do you assess your
providers’ processes?
• Do you monitor your providers’ service
level agreements?
• How closely do your software providers
align their product changes —
functional and new release timing —
to your business?
• Who within your organization has access to
my data?
• Is an audit log of such access maintained?
Is it available for review (either self-service
or on-demand)?
9
 Desired Capability Description Questions to Ask a Provider

Single Sign-On (SSO) Integrates with your existing corporate
identity management tools, such as
Active Directory®, and enables users
to sign in using existing corporate
credentials instead of a separate login.
• Do you offer SSO without modification to
the SaaS application or integration with
SAML/OAuth?
• Can your system easily de-provision users
by updating their corporate identity using
tools such as Active Directory?

Integration, Usability and Content Management

No collaboration solution should demand that you rip out and replace your existing IT assets. In fact, integration with existing
applications and processes is crucial for a collaboration and data-sharing platform. But writing custom application programming
interfaces (APIs) internally is difficult, costly and should be avoided.

Invest in a solution that comes with pre-existing connectors into common applications, such as Microsoft SharePoint, Salesforce.com® or
content-centric enterprise applications. For example, your IT team should be able to use your existing identity and access management
system. And your end users should be capable of leveraging existing tools and workflows with the new data-sharing applications.

Desired Capability Description Questions to Ask a Provider

Web services-ready API Provides developers with a broad set • On what architecture are your APIs built?
of functionalities to manage and control
content, users, sessions and system
administration, and can be used with
your own custom applications.

Connector Integrates with the APIs of other
enterprise software systems to extend
access beyond the enterprise firewall
to external customers and business
partners.
• Do you offer XML-based communications
between your service and external
systems?
• Does your solution enable data integration
without hand coding?
• Does it shield developers from underlying
complexities?
• Does your solution extend access beyond
the enterprise firewall?
• Does your solution include integration with
file transfer, permissions, reporting and
workflows for existing enterprise software
systems?

10
Desired Capability Description
Single point of control Ensures visibility and control across
the platform for all sharing use
cases – simple to complex, ad hoc to
structured, and public to confidential.
Desktop tools Streamlines integration and workflow
with familiar user-level tools, including
Microsoft Outlook and Office, and
Adobe Acrobat.
Content management Limits file sharing, approval and audit
trails to the context of a project and
collaboration group. Enables file
assignment and tracking.
Version control Ensures the latest version is in use and
retains a trail of document versions.
Questions to Ask a Provider
• How will your solution provide reporting if
there is an audit?
• How can we know what information has
been shared?
• Do you provide self-service access reports?
• Do you provide training?
• What is the support lifecycle for
compatibility testing with operating
systems and other productivity
applications, such as Office?
• Can I leverage your file-sharing app to
assign people and tasks for document
approvals?
• Does your solution allow users to set up
a project and monitor content within that
project?
• Does your solution have the capability of
creating workflows for document approval?
And are those workflows auditable?
• Are file versions maintained?
• Are file versions easily accessible by users
and administrators?
11
Mobile Devices
Make sure smartphones, tablets and other mobile gear carry security that is comparable in strength to that protecting the enterprise
network. Only consider a provider with proven experience in rapidly and seamlessly provisioning and de-provisioning internal and
external mobile users. The provider must also be capable of securely handling sensitive data accessible to mobile networks.
Desired Capability Description
Mobile device support Enables the mobile workforce to
collaborate easily and securely.
Data removal Removes or deletes shared content
from lost, stolen or de-provisioned
mobile devices.
File synchronization Allows for policy-based file
synchronization, to prevent compliance
violation arising through disparate data
residing on multiple devices.
Questions to Ask a Provider
• Can I prevent mobile access to some data
by default and ease restrictions based on
content type?
• Which devices are supported?
• Can devices remotely access core
applications, such as Outlook, via a
browser? Or are plugins needed?
• How do you prevent users from saving/
copying sensitive data locally on to their
devices?
• Can mobile collaborators easily comment
on or edit PDF documents?
• Can you allow administrators to prevent
access to the shared content?
• Can the shared content be deleted even
when the device is offline?
• In a deletion, is the file destroyed or is its
access revoked?
• Does your solution encrypt content (both in
transit and at rest) on mobile devices?
• How do you handle a compromised device?
• Are passwords required for data removal?
• Is there full support for information rights
management (IRM)?
• Are files synced in real time?
• Can files be configured to sync at intervals
determined by my administrators?
• Does the data sync across end-point
devices?
• Does your solution allow administrators to
set policies for file synchronization?
• Can data be synced selectively?
• Can your solution set who can and cannot
synchronize?
12
Information Rights Management
Information rights management (IRM) provides file-level control and audit trail capabilities. It supports lifetime access control over the
viewing, copying, printing and alteration of content. IRM can enable enterprises to manage the content, protect intellectual property,
prevent data loss and meet regulatory requirements. In this way, it makes content itself the new security perimeter.
Desired Capability Description
Role-based permissions Enables administrators to better control
various capabilities, such as reading,
printing, editing and copying content,
based on permissions assigned to
end-user roles.
Document-level IRM Enables granular control of documents
within and beyond the firewall.
Lifetime control of content Enables control of information
even after it has been shared and
downloaded on a computer or device.
Questions to Ask a Provider
• Can users have various roles, depending
on what phase of a project they are
working in?
• Can I revoke access to a mistakenly shared
document even when the document is
outside the firewall?
• Can access to a shared document be
assigned an expiration date?
• Does your solution provide lifetime control
at the document level?
• Does the rights management policy stay
with a document even if someone accesses
the document with an application different
than your solution?
• What file formats are supported?
• What happens if I revoke access to a
document saved on a PC?
• Can administrators apply rights
management to specific content in a given
folder without affecting all the content in the
folder?
• How do you enable projects or processes
where the individual files involved carry
differing security policies?
• What happens to content after it has been
emailed or shared outside of your solution?
• Can you tell if emailed content has been
viewed?
• Can you destroy emailed content or prevent
it from being viewed?
• How do you alert me when sensitive
information was shared or viewed?
• What is your recommended solution when
information is accidentally shared?
• How do you secure content that employees
can access simultaneously with multiple
devices?
• How easy is this to deploy?
13
Compliance Reporting
Does your organization manage compliance? Make sure your IT staff is prepared to support the compliance teams with policies
and reports that address any changing regulatory requirements. How will IT teams ensure that a proposed solution supports their
company’s compliance requirements? How will users know if they comply?

The most effective way to address compliance issues is to embed the necessary policies, relevant rules of corporate governance and
workflows into the proposed solution. These will ensure compliance across all information-sharing activities and that such processes
are tracked for each user.

Another way to maintain thorough compliance with data regulations is to select a provider that gives you the choice of managing your
own data and content encryption processes.

Desired Capability Description Questions to Ask a Provider

Access, retention and Ensures appropriate access and that
destruction management all records are securely retained in
case of an audit or legal review, and
that records are destroyed according to
company policy.
• What data and events are recorded?
• What reports are available?
• Can I limit access to potentially sensitive/
confidential information to a specific user
(i.e., my compliance officer) who has been
given explicit approval to access this data?
• Are the reports available via self-service?
Can they be exported to Microsoft Excel®?
• How do you configure retention
and destruction policies to meet my
requirements?

Future-proofing Ensures the solution remains current • How do you remain current with my
with the complex and dynamic industry’s regulations?

regulatory environment. • Which regulatory bodies do you actively

monitor?
• Which regulatory body causes you the most
challenges?

Granular and comprehensive audit
and compliance
Ensures compliance visibility across all
sharing activity.
• How do you know who is authorizing and
giving access to my data? How is this
tracked?
• What is your process for recording and
reporting on content moving within and
beyond my organization?
• How do I retrieve the required granular
document and user-level records in the
event of an audit?
• How do I ensure that access is revoked
when an internal or external participant
leaves or changes departments?

14
 Desired Capability Description Questions to Ask a Provider

Compliance for highly Ensures provider has a solid history • How long have you served regulated
regulated industries in strictly regulated industries and industries?

understands complying with their • Who are your clients in these regulated
industries? What types of content are they
requirements.
sharing?
• Has your solution been validated by
your regulated users for 21 CFR Part
11 (Electronic Records and Electronic
Signatures) compliance?
• Will you support an onsite 21 CFR Part
11-based validation assessment?
• If I am audited by the FDA or MHRA, will
you provide supporting evidence while the
audit is underway?
• Are the vendors in your solution’s
ecosystem also compliant?
• Does the vendor offer customer-managed
keys (CMKs) as a way to prevent any
unauthorized viewing of the
customer’s data?

Support Requirements
Ideally, your collaboration solution should be relatively easy to deploy, both behind and beyond your firewall. However, even the most
rapid rollout will require preparation. So remember that thorough support and training are still essential to boosting end-user adoption
and making the deployment a success.

What are your resource capacities? Depending on your deployment, you may need to verify that your internal IT staff and help desk
personnel can support external users. Many companies have IT support operations that are at capacity, are outsourced, or are
chartered to only support internal users. Consider a provider that can reduce your internal IT support group’s burden, not increase it.

The provider should help in the training and orientation of your internal users, as well as those of your business partners and
stakeholders. The provider’s support staff should offer assistance in local languages, as well. Also, you should validate that after
deployment, your provider offers 24/7 live service and support for users.

Desired Capability Description Questions to Ask a Provider

24/7/365 multilingual support
Ensures that the customer
organization’s IT department does not
need to provide global, multilingual
end-user support for the solution.
• Do you offer global around-the-clock
support personnel? How many languages
do you support? Do you offer phone, email
and chat support options?
• What is your average time to answer the
phone?
• What is your average time to resolve an
issue, and is there an escalation process
in place?

15
 Desired Capability
Support all users, including business
partners
Functional support and user training
Service Level Agreements (SLAs)
intralinks.com
Reach your closest Intralinks office:
intralinks.com/mylocation
211161 DM
Description Questions to Ask a Provider
Ensures that all users within — and • Will you extend support to my external
external to — the organization business partners who use the solution?
collaborate efficiently and securely
when and where needed.
Ensures that the solution is rolled out in • How quickly can you train and orient my
a manner that is most effective, based internal team?
on your organization’s structure and • Do you provide additional training online
and/or through self-directed online training
employees’ roles and responsibilities.
programs?
• Can you provide evidence that my users
received training?
Ensures accountability for your • If my business partner has a problem with
extended enterprise. your solution, whom do they call?
• Do you provide SLAs for system availability,
recovery time, recovery point objectives and
call center requests?
Conclusion
Sharing data carries inherent risk to your firm’s reputation, brand and bottom line.
But today, your employees must collaborate, internally and externally, to compete, to
stay productive and to drive your business forward. With these high stakes, you need
assurance that your enterprise collaboration solution will keep your sensitive content
safe. Your solution should provide lifetime control of every document that is shared —
and the ability to revoke access, even if the document is shared beyond your firewall.
Use this guide during your discussions with potential providers and vendors to help you
perform proper due diligence. The checklists inside are part of a virtual holistic security
framework — one that ensures you have end-to-end visibility of your data and content.
It also will support you and help you pass even a rigorous regulatory audit.
Only when you have peace of mind about your data can you fully focus on succeeding
in your core business.
© 2016 Intralinks, Inc. To learn more about Intralinks® and its trademarks please visit intralinks.com/about-us. 16