If your organization has migrated from an on-premises environment to Office 365, the governance policies you had before won’t be appropriate for the context of the cloud. Let’s look at why cloud governance is important, and what you can do to ensure it is implemented correctly.
What is governance?
Governance defines the responsibilities and processes that ensure an IT platform is managed securely and in an organized manner. It defines who is accountable for what, when and how content will be stored, the level of permissions that will be implemented and the defining of document retention guidelines. On-premises and cloud governance have a lot in common on a high level. However, certain aspects of Office 365 (outlined below) make governing the platform quite different.
What’s different about cloud governance?
Microsoft is constantly making new features available
Office 365 is updating on an almost daily basis. This means Microsoft can and will add new features frequently to the platform, and sometimes introduce entire new products overnight. You will therefore have to manage this constant flux in a way you didn’t have to on-premises. You will have to decide which new products and features you will use as they are rolled out (see the Office 365 Roadmap here), and will also have to decide on a training plan for new features.
Different licensing arrangements
On-premises, you paid for a fixed number of licenses. However, because Office 365 is subscription-based, the dynamic is totally different. You’ll need to prepare for the flexible increase and decrease in the number of licenses you use. For instance, it’s easy in Office 365 to add or remove users. The problem is, many organizations forget to delete accounts that are not in use and end up paying too much.
External sharing is easier
A great feature of Office 365 is that it’s easy to share content externally. But in terms of cloud governance, that’s potentially a big risk. You need to have a plan to track and watch what people are sharing, and also to decide what is or isn’t permitted.
New approach to add-ins and customization
Customizations are also very different in the cloud. Certain kinds of (more dangerous) customizations are simply not permitted in the cloud, which is great because it means most businesses are safer. However, there are also new risks. Some third party apps introduce security problems, and unsafe add-ins built in-house will also produce problems.
4 steps for better cloud governance
In many respects, cloud governance is similar to on-premises. But differences like those listed above underscore why you need to fully educate yourself around governance in the cloud to make sure you are compliant in your new environment. Let’s look at our four key steps for better cloud governance.
- Content approvals
You need to set up a process where all changes to the architecture around content need approval. You need to have a process in place that requires experienced members of staff who can decide what your information architecture will be to sign off on new libraries and even Sites in SharePoint Online.
- Customization approvals
Office 365 lets you introduce new customizations in several ways. You can produce your own in-house customizations or implement add-ins from third parties. Good governance is all about managing these customizations, and so it is highly advisable to test the quality of any code you deploy in Office 365.
- Content and customization deletion
Over time you will amass a lot of documents, files and customizations. Oftentimes, these will have been relevant once, but rarely – if ever – used any more. You therefore need to set up a cloud governance policy which ensures timely deletion of archiving to somewhere cheaper.
- Updated security
The final stage in cloud governance is security. You need to implement a governance policy that clearly defines storage locations for certain types of data, and who has permission to access it. You need to record and track who accesses content and how they share it externally. Part of your process should involve monitoring any unusual external sharing to ensure staff only share documents that they are allowed to.
Cloud governance is essential
While Microsoft takes the responsibility for managing some of the infrastructure capabilities of Office 365, it doesn’t mean you can forget about cloud governance. To be successful in the cloud, you should aim to develop policies that reflect the changing tools and features of Office 365 and which also fit around the needs of your organization and your users.
Over to you
Your organization’s employees depend on the applications they use every day. However, if governance of those applications is not up to speed, they will become a liability and have a negative impact on productivity.
Rencore Governance is our award-winning tool that helps you keep track of what is happening in SharePoint Online, Teams, Power Platform and Azure. It continuously monitors your tenant (or farm), runs all activity against standard or tailored policies and reports on all violations against those policies. Rencore Governance will then allow you to take necessary steps to manually or automate actions to solve those issues.
Do you want to learn more about how Rencore Governance will help you stay in control of Office 365?