Risk Management of Groove
- Groove's Built-in Security
The idea behind Groove is to bring the creative talents—your true intelligence people—together without having to physically meet. In any organization, there are diverse personalities that each contribute very differently to the whole. Some corporate cultures allow that diversity to work for them, whereas others tend to discourage individuality in a desire to produce uniformity.
But in all organizations, there need to be thinkers. They may be in accounting, or marketing, or sales, or production, or management, or with physical facilities. But when you allow them to collaborate, those creative minds can work wonders.
And one of the neatest aspects of Groove is that it goes beyond your organization without risking your firewall. An outside consultant can be safely brought into a single Groove project, or an entire advertising agency, or an off-shore manufacturer—or all of them together.
And they can see each other's work, suggestions, ideas. You can send drawings, color schemes, ideas, spreadsheets, legal notices, marketing ideas—the intelligent part of the network we call our organization can all share needed information.
You could have done this, too, but not provide the security that Groove provides. Only the invited can attend the party. Groove acts as a firewall and bouncer to the knowledge party.
Life for the IT managers just got easier!
Groove's Built-in Security
If so much information created by the best minds of our entity is allowed to leave the firewall, the potential for leaking the information grows with every new person added to Groove. Security becomes an issue any time we allow two people to talk. Groove can't help that people will talk. Although the product allows you to selectively bring people inside a single Groove network, it cannot prevent a member of that network from exposing secrets to the outside—much like your internal security can't keep a Board Member from selling stock on bad news presented in the Board Room. Leaks will happen, and normal corporate procedures must be implemented so that only trusted people are invited into a Groove session.
But with that potential for a leak effectively eliminated by managerial control, Groove provides the encryption technology to make sure that "prying" eyes (or spying eyes) don't have a means of acquiring data that wasn't meant for them.
There is an encryption technology inherent in all distributions of Groove. In the Premium edition (the one you have to pay for), the encryption goes much further. Because as an IT manager, you want to push the product across your system, you'll buy the Premium edition. Be aware that individuals may connect to Groove through a home computer—and they may download the "free" (read "minimally encrypted") version that might allow some level of espionage. There is a "Message Authentication Code" embedded in all things sent across a Groove discussion group. As long as all members are valid, they can safely share data without fear of compromise.
The greatest level of security supported by Groove calls for a Diffie-Hellman key agreement. Under that scenario, each user is assured of the identity of the other through pair-wise keys. In future releases of Groove, the Public Key Infrastructure exists so that IF that digital fingerprinting method becomes standardized, Groove will be ready for it.