Office 365 is a rich platform, allowing users to enhance their business productivity and communication. A by-product of such optimization means, among many things, businesses and employees can reap the benefits of the modern workplace – flexibility in working, opportunities to take ownership of streamlining in-departmental business processes, and beyond.
As a great prophet once said or was it Spiderman “with great power comes great responsibility”, and it’s someone’s responsibility to make sure that all practices are governed, from the developer, all the way to the business user. Here are 5 ways to improve Office 365 governance.
1. Understand cloud governance fundamentals
Whether on-premises or in the cloud, governance establishes a parameter for user activity compliance. With the correct protocols and rules in place, organizations can manage their IT platforms securely without ambiguity. However, as we look deeper, there are certain factors to consider when dealing with cloud governance, and we can see how a separate governance approach is needed in comparison to on-premises.
Microsoft MVP, and Head of Technical Operations, Tobias Zimmergren explains: “External content sharing is easier in Office 365, but in terms of cloud governance, that’s potentially a big risk. You need to have a plan to track and watch what people are sharing, and also to decide what is or isn’t permitted.”
Furthermore, Office 365 is a SaaS, unlike on-premises. You must consider that licenses will flex, and therefore you must adjust accordingly – see the latest changes to Power Automate, previously known as Microsoft flow, regarding what is now a premium connector, as an example. Organizations could have costly bills overnight without anyone noticing.
Office 365 is also updating on an almost daily basis. That means new features and products can also be introduced to your environment overnight. Thus, having to manage differently to on-premises, ensuring adoption strategies for the new features and products you would like to roll out.
2. Establish governance stakeholders
It’s safe to say that almost everyone is a stakeholder in the organization when it comes to governance – but in terms of clarity – who is responsible for what, it becomes less clear. I think we can identify administrators as responsible for enforcing governance, platform managers or owners managing governance, and management team up to C-level as accountable for IT governance on an organizational level.
A telling prediction of the continuing and rapid need to address or improve Office 365 governance is that by 2023, 50% of the G2000 will name a Chief Trust Officer overseeing departments such as security, finance, HR, risk, sales, production, and legal. Enterprises are taking action to get a handle on trust factors in-house.
It is also worth reading the 2019 report: : Improving Governance in Office 365, which is based on research conducted by CollabTalk LLC and the BYU Marriot School. It sheds light on governance practices within organizations at a time when moving from on-premises to the cloud is increasingly common.
By looking into the day-to-day practices, pain-points can be identified, and decisions can be made on additional tooling to support governance efforts, aligning with Microsoft’s latest product and support focus. This research benefits administrators, platform owners, CISOs, CEOs, COOs, and IT executive management.
3. Understand how to stay compliant
Before you start strategizing or beginning to improve Office 365 governance for your organization, you have to consider the rules and regulations that you, as an institution, must comply with, and that can vary and fluctuate depending on the sector you operate in, geographical location, to name a few.
GDPR is a common and easy example to state here when citing an example of data use, but there are many more you should research, too. At least being aware of the greater compliance umbrella that covers your organization and market means you can tailor your own governance strategy accordingly.
4. Define an Office 365 Governance strategy
You’ve had a stark realization that your organization’s Office 365 governance isn’t up to scratch. Here’s strategy 101:
Confirm C-level support
This reiterates point 3 above. Identify the hierarchy and accountability, and make sure you have the support of the management chain all the way to the top. Communication will be crucial when needing to enforce policies and getting all stakeholders to comply.
Get the band back together
You need to establish a team dedicated to Office 365 governance so you can create a governance plan, review and adjust policies in accordance with varying users – remember, the most effective policies are ones that are tailored where appropriate and possible. A blanket approach contradicts the very nature of how Office 365 optimizes business communication and productivity.
Document your strategy
Have a central location for creating your governance plan and developing your governance strategy. Once you are ready to roll and communicate instructions for compliance, create an easily accessible knowledge base for all stakeholders to access – intranet, for example.
Identify and use tools including 3rd party
Using all Office 365 tools available is a given, for example, Secure Score. Also, acknowledge any gaps you have and whether employee resources or cost is an issue. What can easily be scaled? It’s worth seeing which third-party tools can help you drastically improve Office 365 governance.
5. Automate Office 365 Governance
Automating the process of defining and monitoring of policies, the discovery of any violations against them, and communicating who should act on them will optimize the way you enforce governance in Office 365. You will be able to operate a robust governance strategy at scale, taking back control, while giving users the permissions necessary to use Office 365 in the way they fit to do their jobs effectively. I recommend checking out Rencore’s Governance Automation solution if this interests you.