Digital Communications Meets Schrödinger’s Cat
- By:
- George T. Tziahanas |
- August 2, 2023 |
- minute read
Each day, our global economy generates ~350-billion pieces of that legacy form of communication we call email.[Email Statistics Report, 2022-2026. Radicati Group] Perhaps it is a little facetious to label email as akin to the Pony Express, but the combination of broadly deployed devices and numbers of applications has led to many new forms of communication.
The modern workplace is really an integration of technologies that delivers traditional phone-calls, virtual meetings, content collaboration, email, and all types of “chat” related interactions. Individuals work in hybrid environments, sometimes in an office, perhaps work from home, or travelling. Cloud-based solutions provide the integration necessary to support different working models and highly collaborative environments, now referred to as Digital Communications.
Unified Communication providers enable and create the interaction environments such as Microsoft, Slack, Zoom, Google, RingCentral, and similar - business critical applications for most organizations today. Relevant statistics include an estimated:
- 6.2 billion chats/day in TEAMS in 2022
- 280 million active TEAMS users by February 2023
- 24% of the collaboration market is based on Microsoft SharePoint (recall that many M365 workloads rely on SharePoint as its management layer)
- A billion user/minutes per workday in Slack; and
- 43 million active daily users in Slack
- Over 3.3 trillion annual meeting minutes in Zoom
- Nearly 45 billion minutes of webinars hosted on Zoom annually.
These are representative statistics and focus primarily on enterprise use cases. The innumerable interactions in SMS and direct messaging applications, which are “mixed use” for business and private communications, only expands the unified universe.
Whitepaper: Unified Communications Governance & Archiving
A guide to reducing risk, boosting performance, and optimizing eDiscovery spend by consolidating communication records from disparate systems into a single repository.
Schrödinger’s Cat and Digital Communications Explained
It might seem a little strange to use this classic thought experiment to understand and manage Digital Communications, but it provides a useful model. Schrodinger was a famous physicist, trying to explain a difficult concept. He proposed an experiment where a cat was placed in a box for an hour, and based on the equal probability that an isotope decay would trigger release of a poison (or not). This meant that until the box was opened (observed) the cat is considered both dead and alive.
This model is useful in Digital Communications because observation, or use of the communications after it is created, becomes a critical element for organizations. Enterprises face limited ability to prevent communication or collaboration, even in the most regulated environments. The state of communication from an insight or governance perspective largely flows from its creation. As a result, companies should consider what they should or must do with information once generated.
Lessons from the Box
Does the Cat Need to go into the Box?
The most important consideration is whether organizations want to place the cat into the box in the first place. The systems generating interactions and collaboration often have some level of retention controls (what goes in the box), perhaps not always understood when first deployed. Unless an organization has an affirmative obligation to retain these interactions or can demonstrate some value in deriving insight that outweighs risk, they should limit what goes into the box.
There is no shortage of horror stories from the casual nature of email interactions that led to sanctions, regulatory fines, cyberthreats, and negative headlines. Now consider the number of interactive channels that are considerably more casual than email, and it is obvious to keep the cat away from the box unless otherwise compelled.
One interesting analogue was adoption of governance solutions for social media interactions when those channels became prevalent. Several well-designed applications were introduced, and remain in use today, which moderate and capture this communication into corporate systems and archives. However, these were deployed at fractions of the scale originally estimated, because organizations realized official channels could be limited, and nobody wanted to moderate or save anything not absolutely required.
Today we see a similar wave where the Digital Communications providers, or niche solutions, argue they can capture video, audio (transcribed), and put all types of other communications in the box. In most instances, there are limited affirmative regulatory or other obligations to do so. Do yourself a favor and keep the cat out of the box unless necessary. [listen to latest in EU privacy regulations in this podcast episode]
When People Like Dogs Better Than Cats
It is exceedingly difficult to control what people say within a given communication channel, but organizations have a level of control over which channels employees use. Many financial services firms have specific regulatory retention requirements across designated communication channels. They require employees to only use channels (groups of cats) that are subject to retention, and potentially undergo supervision/surveillance to meet these obligations. Unfortunately, employees across numerous firms violated these policies, and started using channels such as WhatsApp, Telegram, or other unauthorized end-end encryption applications (groups of dogs). These firms were collectively fined nearly $2 billion by regulators between 2021-2022.
To the extent possible, organizations should establish permitted communication channels, even on personal devices, and require employees to attest to compliance for business purposes. Whether using mobile device management (MDM) or returning to corporate issued devices, enterprises are best served by staying as cat people.
People Want to Steal Your Cat
When the time comes, remember a lot of people want to steal the cat once placed in the box. Internal communications are one of the most targeted areas by threat-actors. Law firms have been targeted because of the central role they play in mergers and acquisitions; enterprises are targeted to steal everything from trade secrets to embarrass corporate executives.
Ransomware attacks present a challenge likely not contemplated by Schrödinger but is a way to steal the cat without physically taking possession. Instead, a new lock is placed on the cabinet without permission, and the cat can only be retrieved after receipt of Bitcoin for the key. This requires multiple levels of protection and considering different boxes as your cat (or cats) ages.
When created, your cat(s) will often live in the original source or operational systems. This is likely sufficient to a point, but probable to create risk over time as these data are not used regularly or provide limited value and these systems are not designed for longer term security or preservation. This is where choosing the right box is important to safeguard your cat, especially as it ages. [read more about the standard for data security in this Archive360 blog]
Do Not Load the Box with Cyanide
For Unified Communication, our intent is never to kill the cat in the box. Understanding how we might observe the cat (data) once in the box is important for any governance system.
The intent is to provide an environment that applies appropriate policies and controls, while still allowing access so organizations can derive insight. It also recognizes that as data ages, a different box might be required, and ultimately lead to the end of its natural (e.g., retention) life.
Many systems are laden with various poisons, lacking adequate controls, protection, or allow unnecessary levels of access. They lead to premature death, theft, or a cat that becomes feral to its owner. Give your data the environment necessary for all stakeholders to meet their objective, while avoiding added toxins.
Summary
Unified Communication environments create unprecedented levels of interactions daily, across ever increasing channels. These capabilities create new business models, allow organizations to operate at unprecedented scales, and bring teams closer together even when bridged across oceans. Schrödinger’s model to describe quantum states with a cat, turns out to have relevance in guiding how we approach modern interactions across cyberspace. It also allows us to deliver solutions that keep the cat protected and alive.
Archive360’s Digital Communications governance platform enables organizations in the public and private sector to reduce the costs and risks of collecting, managing and accessing data from different communication sources including email (such as Microsoft Exchange, Outlook Online, Gmail, SMTP), collaboration tools (such as Microsoft 365 Teams, Slack, WebEx, Zoom, and many others), text messages (such as AT&T, CellTrust, Verizon, WeChat, and WhatsApp), and document management applications (such as Microsoft 365 SharePoint, OneDrive, OneNote, Documentum, FileNet, and IBM OnDemand), as well as data from legacy archives (such as Enterprise Vault, SourceOne, DigitalSafe, and many others).
George Tziahanas, AGC and VP of Compliance at Archive360 has extensive experience working with clients with complex compliance and data risk related challenges. He has worked with many large financial services firms to design and deploy petabyte scale complaint books and records systems, supervision and surveillance, and eDiscovery solutions. George also has significant depth developing strategies and roadmaps addressing compliance and data governance requirements. George has always worked with emerging and advancing technologies; introducing them to address real-world problems. He has worked extensively with AI/ML driven analytics across legal and regulatory use cases, and helps clients adopt these new solutions. George has worked across verticals, with a primary focus on highly regulated enterprises. George holds an M.S. in Molecular Systematics, and a J.D. from DePaul University. He is licensed to practice law in the State of Illinois, and the U.S. District Court for the Norther District of Illinois.