Groove's "Duh" Security Precaution
With all of these technological marvels for assuring a Groove sessions' integrity, there is however, a much more obvious one. In any Groove session, a list of those attending or accessing data is always available. My solution for working with sensitive data involves the obvious: Call the people up. Say, "Hey, Bob, is this really you?" Now, I've talked to a lot of folks about this, and the answer is always, "Well, if you're going to call them up, why have the Groove session?" The Groove session is NOT just for chat. It's to share data, to share thoughts, to...well, to share. Phone calls work well in a one-on-one environment. They can also work with three-way calling. But once a teleconference gets up to five, 10, or 20 people on it, the teleconference becomes less and less productive. It becomes a one-way vehicle for disseminating information, not a two-way communication medium. Although Bob might be able to join a meeting he wasn't able to attend, a teleconference in the real world is almost always a manager telling subordinates how something is done, should be done, or might be implemented. Everyone gets the information immediately, but one person - or two or three at most—usually end up participating. The rest are all just ears in attendance.
Groove is for the exchange of data, not its dissemination. There are other—better—means for posting universally released information.
Groove's security is devilishly simple. It uses a key-based encryption technology to prove that you are you and that they are they. But passwords (Groove always calls them "pass phrases") are only as secure as the individual who created them. Someone could assume someone else's identity. And the obvious solution is so obvious that mistakes shouldn't be made (but will be.) Again, this is a matter for the company security person (which also often is the IT manger, too) to train the troops to guard against. It is the usual instructions: Change your password frequently, create long—character and numeric—passwords, never share your passwords with anyone, and don't write your password down. But, you and I know that won't happen. It's just easier to remember your wife's birthday or the name of your oldest kid. But the most obvious and foolproof method can be implemented with Groove: Invite only the people you want, and go outside of Groove to verify their identity.
Folks on the Internet will not be able to uncover your data. Now, folks on the Internet could, presumably, be able to imitate an invitee, but common sense will solve that issue if you implement it. Most stuff that your office will exchange across Groove will be low-security stuff. But remember that you are putting these people together because you want the firm to grow from the potential synergy. To do that, you mustn't implement procedures that inhibit the very ease that you are creating. I caution you to train your clients, but not to restrict them too much with unnecessary rules. In all likelihood, if a truly confidential issue is being raised, someone in the Groove session will quickly identify it as a "confidentiality issue," and will come to you to ask about security. At that point, tell your clients how to run the session confidentially—and instruct them to verify attendees by audio, video, or other verifiable means (the "duh" approach.) They'll appreciate your wisdom, and you'll be glad you thought this through in advance of it being an issue.