Microsoft’s Office 365 hit 100 million users earlier this year – that’s a lot of businesses using a lot of cloud computing. It also means that there’s a pressing need for good cloud governance. All those millions of employees working for all those hundreds of thousands of companies need an effective cloud governance policy to ensure their environment is managed safely and professionally.
If your organization has migrated from an on-premises environment to Office 365, the governance policies you had before won’t be appropriate for the context of the cloud. Let’s look at why cloud governance is important, and what you can do to ensure it is implemented correctly.
What is governance?
Governance defines the responsibilities and processes that ensure an IT platform is managed securely and in an organized manner. It defines who is accountable for what, when and how content will be stored, the level of permissions that will be implemented and the defining of document retention guidelines. On-premises and cloud governance have a lot in common on a high level. However, certain aspects of Office 365 (outlined below) make governing the platform quite different.
What’s different about cloud governance?
Microsoft is constantly making new features available
Office 365 is updating on an almost daily basis. This means new features are frequently added to the platform, and sometimes entire new products are introduced overnight. You will therefore have to manage this constant flux in a way you didn’t have to on-premises. You will have to decide which new products and features you will use as they are rolled out (see the Office 365 Roadmap here), and will also have to decide on a training plan for new features.
Different licensing arrangements
On-premises, you paid for a fixed number of licenses. However, because Office 365 is subscription-based, the dynamic is totally different. You’ll need to prepare for the flexible increase and decrease in the number of licenses you use. For instance, it’s easy in Office 365 to add or remove users. The problem is, many organizations forget to delete accounts that are not being used and end up paying too much.
External sharing is easier
A great feature of Office 365 is that it’s easy to share content externally. But in terms of cloud governance, that’s potentially a big risk. You need to have a plan to track and watch what people are sharing, and also to decide what is or isn’t permitted.
New approach to add-ins and customization
Customizations are also very different in the cloud. Certain kinds of (more dangerous) customizations are simply not permitted in the cloud, which is great because it means most businesses are safer. However, there are also new risks. Some third party apps introduce security problems, and unsafe add-ins built in-house will also produce problems.
4 steps for better cloud governance
In many respects, cloud governance is similar to on-premises. But differences like those listed above underscore why you need to fully educate yourself around governance in the cloud to make sure you are compliant in your new environment. Let’s look at our four key steps for better cloud governance.
- Content approvals
You need to set up a process where all changes to the architecture around content are approved. You need to have an approval process where new libraries and even Sites in SharePoint Online are signed off by experienced members of staff who can decide what your information architecture will be.
- Customization approvals
Office 365 lets you introduce new customizations in several ways. You can produce your own in-house customizations or implement add-ins from third parties. Good governance is all about managing these customizations, and so it is highly advisable to test the quality of any code you deploy in Office 365.
- Content and customization deletion
Over time you will amass a lot of documents, files and customizations. Oftentimes, these will have been relevant once, but rarely – if ever – used any more. You therefore need to set up a cloud governance policy which ensures they are deleted or archived somewhere cheaper.
- Updated security
The final stage in cloud governance is security. You need to implement a governance policy that defines clearly what data is stored where, and who has permission to access it. You need to record and track who accesses content and how they share it externally. Part of your process should involve monitoring any unusual external sharing to ensure staff are only sharing documents that they are allowed to.
Cloud governance is essential
While Microsoft takes the responsibility for managing some of the infrastructure capabilities of Office 365, it doesn’t mean you can forget about cloud governance. To be successful in the cloud, you should aim to develop policies which reflect the changing tools and features of Office 365 and which also fit around the needs of your organization and your users.
Next Steps
Your organization’s employees depend on the applications they use every day. However, if those applications are not governed correctly, they will become a liability and have a negative impact on productivity.
Rencore assessments combine powerful insights through our award-winning software and comprehensive advice delivered by our experts. We provide best-in-class analyses, reports, and action plans for you to stay in control of your SharePoint and Office 365. Feel free to get more information or book an assessment by clicking the button below.
