IT’S NO NEWS FLASH that Microsoft Office 365 offers a powerful suite of enterprise productivity applications and is fairly easy to deploy. Less widely acknowledged are the often formidable data governance challenges the system introduces.
“Because Office 365 applications hold data in so many different places, a business can easily wind up with information sprawl,” observes Ro Kolakowski, founder of business consulting firm and Microsoft SharePoint specialist 6th Street Consulting, of Redondo Beach, Calif. “There can be significant information floating around in emails, Skype, SharePoint, Yammer, and other places.”
That condition, in turn, can lead to heightened regulatory and security risks. To get a handle on and fully protect their clients’ data, channel pros must not only deal with the general challenges related to information access and authorizations, but hone in on specific issues too, such as how customers manage email messages and Microsoft Flow data when canceling an ex-employee’s account.
Only a comprehensive data governance and management framework can address such needs, according to Amie Seisay, founder and CEO of Arlington, Va.-based technology consultancy and SharePoint expert Seisay IT Solutions. “Every company needs to have an Office 365 data governance strategy in place, along with the appropriate protections,” she says.
According to Kolakowski, the integrated security and regulatory controls included in Office 365 won’t get the job done alone, either. “People may find ways to share information both inside and outside the organization, often in violation of policy or intent,” he says. “If you have the front door fully secure, but you leave the side door open, it does no good.”
Excessive utilization of built-in controls can also push users into adopting unauthorized methods and tools, including so-called “shadow IT” deployments, Seisay notes. Organizational change, new roles and responsibilities, and “a lack of understanding about what people are supposed to be doing and what they shouldn’t be doing,” she adds, can compound such problems.
To mitigate those issues for your clients, start by assessing their data-related needs, challenges, and risks. “Problems and breakdowns often occur not because of Office 365 controls, which are fairly robust, but because the necessary reviews haven’t taken place,” Kolakowski says.
A data discovery exercise can be useful as well, Seisay suggests, as it will help you identify where all of a customer’s bits and pieces of business information are stored within various Office 365 applications, tools, and repositories.
Kolakowski echoes that advice: “You have to fully understand where data resides and how that information is being used to establish effective policies and controls.”
Making the Rules
With that knowledge in hand, you can move on to setting clearly defined policies for potentially risky issues such as account access in SharePoint and Active Directory, or what happens when employees take on different roles or leave the company. Shutting down their Exchange inbox or Flow data store is imperative, but making sure irreplaceable company information isn’t deleted in the process is critical as well.
Standardizing how different groups work and share information is also important. Governance policies should ensure that the parallel SharePoint sites inside Microsoft Teams obey the same rules as the rest of a customer’s SharePoint sites, for example.
Remember, too, that well-set policies are only part of the answer. Educating users on proper data management and security practices is an essential, yet commonly overlooked, best practice that enables channel pros to serve their customers better and collect incremental revenue all at once.
The challenges of effectively managing Office 365 data aren’t likely to disappear anytime soon. As information volumes swell, so does the risk of losing valuable information. “Having a good governance plan goes a long way toward ensuring data is safe and secure,” Seisay stresses.