- April 20, 2023
Whitepaper: Unified Communications Archiving
A guide to reducing risk, boosting performance, and optimizing eDiscovery spend by consolidating communication records from disparate systems into a single repository.
Schrödinger’s Cat and Unified Communications Explained
It might seem a little strange to use this classic thought experiment to understand and manage Unified Communications, but it provides a useful model. Schrodinger was a famous physicist, trying to explain a difficult concept. He proposed an experiment where a cat was placed in a box for an hour, and based on the equal probability that an isotope decay would trigger release of a poison (or not). This meant that until the box was opened (observed) the cat is considered both dead and alive.
This model is useful in Unified Communications because observation, or use of the communications after it is created, becomes a critical element for organizations. Enterprises face limited ability to prevent communication or collaboration, even in the most regulated environments. The state of communication from an insight or governance perspective largely flows from its creation. As a result, companies should consider what they should or must do with information once generated.
Lessons from the Box
Does the Cat Need to go into the Box?
The most important consideration is whether organizations want to place the cat into the box in the first place. The systems generating interactions and collaboration often have some level of retention controls (what goes in the box), perhaps not always understood when first deployed. Unless an organization has an affirmative obligation to retain these interactions or can demonstrate some value in deriving insight that outweighs risk, they should limit what goes into the box.
There is no shortage of horror stories from the casual nature of email interactions that led to sanctions, regulatory fines, cyberthreats, and negative headlines. Now consider the number of interactive channels that are considerably more casual than email, and it is obvious to keep the cat away from the box unless otherwise compelled.
One interesting analogue was adoption of governance solutions for social media interactions when those channels became prevalent. Several well-designed applications were introduced, and remain in use today, which moderate and capture this communication into corporate systems and archives. However, these were deployed at fractions of the scale originally estimated, because organizations realized official channels could be limited, and nobody wanted to moderate or save anything not absolutely required.
Today we see a similar wave where the Unified Communications providers, or niche solutions, argue they can capture video, audio (transcribed), and put all types of other communications in the box. In most instances, there are limited affirmative regulatory or other obligations to do so. Do yourself a favor and keep the cat out of the box unless necessary. [listen to latest in EU privacy regulations in this podcast episode]
When People Like Dogs Better Than Cats
It is exceedingly difficult to control what people say within a given communication channel, but organizations have a level of control over which channels employees use. Many financial services firms have specific regulatory retention requirements across designated communication channels. They require employees to only use channels (groups of cats) that are subject to retention, and potentially undergo supervision/surveillance to meet these obligations. Unfortunately, employees across numerous firms violated these policies, and started using channels such as WhatsApp, Telegram, or other unauthorized end-end encryption applications (groups of dogs). These firms were collectively fined nearly $2 billion by regulators between 2021-2022.
To the extent possible, organizations should establish permitted communication channels, even on personal devices, and require employees to attest to compliance for business purposes. Whether using mobile device management (MDM) or returning to corporate issued devices, enterprises are best served by staying as cat people.
People Want to Steal Your Cat
When the time comes, remember a lot of people want to steal the cat once placed in the box. Internal communications are one of the most targeted areas by threat-actors. Law firms have been targeted because of the central role they play in mergers and acquisitions; enterprises are targeted to steal everything from trade secrets to embarrass corporate executives.
Ransomware attacks present a challenge likely not contemplated by Schrödinger but is a way to steal the cat without physically taking possession. Instead, a new lock is placed on the cabinet without permission, and the cat can only be retrieved after receipt of Bitcoin for the key. This requires multiple levels of protection and considering different boxes as your cat (or cats) ages.
When created, your cat(s) will often live in the original source or operational systems. This is likely sufficient to a point, but probable to create risk over time as these data are not used regularly or provide limited value and these systems are not designed for longer term security or preservation. This is where choosing the right box is important to safeguard your cat, especially as it ages. [read more about the standard for data security in this Archive360 blog]
Do Not Load the Box with Cyanide
For Unified Communication, our intent is never to kill the cat in the box. Understanding how we might observe the cat (data) once in the box is important for any governance system.
The intent is to provide an environment that applies appropriate policies and controls, while still allowing access so organizations can derive insight. It also recognizes that as data ages, a different box might be required, and ultimately lead to the end of its natural (e.g., retention) life.
Many systems are laden with various poisons, lacking adequate controls, protection, or allow unnecessary levels of access. They lead to premature death, theft, or a cat that becomes feral to its owner. Give your data the environment necessary for all stakeholders to meet their objective, while avoiding added toxins.
Unified Communication environments create unprecedented levels of interactions daily, across ever increasing channels. These capabilities create new business models, allow organizations to operate at unprecedented scales, and bring teams closer together even when bridged across oceans. Schrödinger’s model to describe quantum states with a cat, turns out to have relevance in guiding how we approach modern interactions across cyberspace. It also allows us to deliver solutions that keep the cat protected and alive.
Archive360’s Unified Communications governance platform enables organizations in the public and private sector to reduce the costs and risks of collecting, managing and accessing data from different communication sources including email (such as Microsoft Exchange, Outlook Online, Gmail, SMTP), collaboration tools (such as Microsoft 365 Teams, Slack, WebEx, Zoom, and many others), text messages (such as AT&T, CellTrust, Verizon, WeChat, and WhatsApp), and document management applications (such as Microsoft 365 SharePoint, OneDrive, OneNote, Documentum, FileNet, and IBM OnDemand), as well as data from legacy archives (such as Enterprise Vault, SourceOne, DigitalSafe, and many others).