The last few months have been an interesting time for all, I am certain we have all experienced several changes as it relates to this new, accelerated (for some) working from home paradigm. When working from home, we are forced to use new ways to communicate and collaborate, tools which until now have been used in very different ways.<\/p>\n
For example, take Microsoft Teams which lots of organisations saw Teams as a simple replacement for Skype for Business, somewhere to exchange instant messages and maybe have the odd conference call. Most however, had Teams on the roadmap at some point and possibly did not understand how it could be used to radically improve collaboration and increase productivity.<\/p>\n
The numbers speak for\u00a0themselves;<\/p>\n
Quote<\/a>\u00a0\u2013\u00a0\u201cDuring\u202f<\/em>Microsoft’s Q3 2020 earnings call<\/em><\/a>\u202fon Wednesday, CEO Satya Nadella dropped some impressive numbers\u00a0concerning\u00a0the company’s own workplace communication app Teams. Just six\u00a0week\u00a0after reaching 44 million daily active users in late March, Microsoft Teams is now being used by more than 75 million people each day.\u201d<\/em><\/p>\n Which is insane right?<\/p>\n With this many new users on the platform, there are going to be teething problems or some things which are not fully understood when adopting technology to simply \u201cenable\u201d people to work remotely, and implemented at a rapid pace, or simply thrown out there.<\/p>\n It is fair to say, some organisations have had to rush to this new way of working and will likely revisit security as things start to settle down. However, it is unlikely things will go back to the way they were. We will see a \u2018new normal\u2019, where some businesses will have successfully made the requisite changes and adopted new, secure ways of working, others however, may have fallen victim to some kind of data breach or event and will now be scrambling to get controls in place.<\/p>\n One of the biggest concerns is information security and governance. As more and more people collaborate, create and share, new storage locations are introduced, and the structure of information quickly gets messy. Think about a nicely structured SharePoint site on day one, and then as information is shared and moved around, it does not take long to lose control over where information is stored, and how it is being shared with who and why.\u00a0 Therefore, as things get more and more out of control risk is introduced into the business.<\/p>\n In Teams, as users create Teams, modify, and communicate, there are situations where users reside in Teams they should not be in, information (Links) or files are shared directly in a chat window or channel.\u00a0 When documents are uploaded in Teams, they are stored in SharePoint. When the document is uploaded, it is shared with the individuals in the included in the session, however, there is no way of capturing \u201cwhy\u201d the information is being shared, and\/or the duration it should be shared for. The result of this action is the information remains in the chat history or channel including the link and is not removed. If additional people are invited to the channel, they will have access to the link and document. Can you be certain all members of the team \u201cshould\u201d have access to this information? Or even worse, be able to access private or sensitive information which could be included in the link or document? This also leads to the randomness of stored files in SharePoint, which\u00a0is\u00a0a significant problem in itself. Now, if you assume each person in an organisation has around 15-20 interactions like this per day, you can see the scale of the problem and how quickly it all gets out of control<\/p>\n Now we understand the magnitude of the problem and introduction to\u00a0how\u00a0modern collaboration\u00a0paradigms\u00a0are making information governance and security a headache, we can look to ways in which we can alleviate and reduce the risk of data loss, breach, or potential financial penalties. Gaining insight into who \u201chas\u201d access, \u201cshould\u201d have access, and more importantly \u201cwhy\u201d they have access will help make decisions around team membership, which in turn will reduce exposure to sensitive information where it should not be allowed or granted.<\/p>\n When looking at information governance, you could consider a phased approach, from Average, through Good, to Best. Increasing governance maturity as you step through each phase would allow for gradual and controlled introduction of the required tools and policies. If we consider this\u00a0approach,\u00a0we could have the following three scenarios:<\/p>\n 1. Average – Teams Governance & Retention Policies<\/strong><\/p>\n To get a good hold on\u00a0Teams sprawl and other issues, it is best to have a policy set\u00a0up which users can reference. This could just\u00a0be a one-page document\u00a0which\u00a0details what Teams should be used for, possibly a naming convention, and some guidance around\u00a0external parties and data usage. This document is a good start, but\u00a0you can go to the next level (assuming you have the\u00a0licensing<\/a>) and\u00a0you\u00a0can enforce some of these things. One of the best ones when you are starting out,\u00a0is restricting who can create Office 365 Groups \u2013 note: this has implications beyond Teams, so it may be best to ease this restriction when you have the correct governance in place.\u00a0The other point here is Retention, we prefer to just recommend all businesses run a Retention Policy in Office 365 which retains all data, forever. There are storage implications here, but\u00a0it\u00a0isn\u2019t\u00a0a big deal normally\u00a0\u2013 the same can be done for chats as well.<\/p>\n Here are the ones we cover in our Teams Governance\u00a0FastStart\u00a0\u2013 note: specific licensing is required as above.<\/p>\n 2. Good – Add Azure Information Protection<\/strong><\/p>\n Adding Azure Information Protection (AIP) to the deployment gives you some extra controls\u00a0–\u00a0not just for the individual documents\u00a0–\u00a0but you can now classify Office 365 Groups, Teams and SharePoint sites (at time of writing, this feature is still in preview).\u00a0By turning on this feature, setting up some sensitivity labels and applying them to Teams or\u00a0SharePoint sites you can force a group to\u00a0be\u00a0Private or Public,\u00a0prevent or allow guest access and\u00a0limit or prevent\u00a0access on unmanaged devices (Conditional Access is also required for this one).\u00a0Pretty cool stuff.<\/p>\n Of course,\u00a0you should also make\u00a0classification available to users for individual documents or emails\u00a0as classifying a Team or SharePoint site\u00a0doesn\u2019t\u00a0classify the documents in the site, which adds more functionality.\u00a0Adding Data Loss Prevention (DLP) and\/or Azure Information Protection P2 (automatic labelling) adds additional\u00a0capability around preventing data leakage.\u00a0Rolling out AIP the correct way\u00a0can be\u00a0a reasonably detailed undertaking for\u00a0which we have developed a methodology\u00a0that could include Shadow IT assessments, taxonomy definition, scanning of environments and more.<\/p>\n 3. Best – Add Torsion Information Governance<\/strong><\/p>\n By adding\u00a0Torsion<\/a>\u00a0to the mix and connecting it to your 365 tenancy, you can see how information is being accessed and who has access.\u00a0See\u00a0who\u00a0has\u00a0access to\u00a0anything and\u00a0why <\/strong>for any file, folder, library, or site. As information is created,\u00a0Torsion captures reasons as you go, so wherever anyone has access to something, you can also see the business reason why they have access.<\/p>\n Further to this, Torsion (through machine learning) can automatically determine who \u201cshould\u201d be the owner of data locations and content based on interaction and access. From there, Torsion can set data ownership and manage access on an ongoing basis.<\/p>\n If we apply this to Teams, very quickly, you can see\u00a0how many people the team is shared with\u00a0through a new tab in the team called \u201cSharing and Security\u201d. You can also immediately see if security problems exist within any given team. For example, a user has access to the information contained in the team which they should not have access to. Once a security issue is identified, an alert is sent to the data owner for resolution.<\/p>\n An important and very powerful thing to note; Torsion understands and honours information protection classifications and labels – I referenced AIP earlier. When implemented, AIP classifications are adhered to when Torsion is looking at information access, if a user tries to share a file to a team which has a classification set, Torsion will prevent sharing the file to the team, and alert the team\/data owner of the attempt to share. The combination of having visibility over who has access and why together with the power of information protection changes how collaborators view information and resulting behaviours dramatically reduce the potential for breach of compliance policy or data loss through misuse of sharing.<\/p>\n For more information, discover Insentra\u2019s Modern Workplace.<\/p>\n","protected":false},"excerpt":{"rendered":" The last few months have been an interesting time for all, I am certain we have all experienced several changes as it relates to this new, accelerated (for some) working from home paradigm. When working from home, we are forced to use new ways to communicate and collaborate, tools which until now have been used… Continue reading Remote Working, Information Protection and Teams Governance<\/span><\/a><\/p>\n","protected":false},"author":55,"featured_media":5489,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[20],"tags":[],"class_list":["post-1693","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1693","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/comments?post=1693"}],"version-history":[{"count":2,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1693\/revisions"}],"predecessor-version":[{"id":15661,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1693\/revisions\/15661"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media\/5489"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media?parent=1693"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/categories?post=1693"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/tags?post=1693"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Collaboration \/ Teams data challenges, sprawl, new locations, sharing, etc.<\/h3>\n
Solving the problem<\/h3>\n
\n