Microsoft: Automating information governance

“Just as an example, in [Microsoft] Teams, if you invite people into a meeting, they will still have access to the chat even after leaving the meeting…if you are using Teams to discuss information about people, there are General Data Protection Regulation (GDPR) impacts and, in these remote workdays, how do you ensure that information that people are working on doesn’t leave the boundary of the organisation?”

Atle Skjekkland, speaking at PrivSec Global last month, outlines just some of the information governance and data protection issues companies should be thinking about when employees are using email, video conferencing and other applications.

Skjekkland is the Chief Executive of Infotechtion, an independent consulting firm that advises businesses on how best to manage information in the Microsoft Cloud to meet business or regulatory compliance requirements.

Skjekkland sets out his Microsoft 365 governance checklist, including whether people can find the information they need and trust it to be complete. He says controls are needed to reduce operational risk and costs, including checks to see if Microsoft 365 is compliant with business requirements and regulations such as the General Data Protection Regulation (GDPR) and checks to ensure you can identify, capture and classify information.  

He says that Microsoft now has a new solution to the problem- Microsoft Information , Protection and Governance. He says this is “a unified approach to automatically, discover, classify and label information”.

He sets out how the tool can allow businesses to apply automatic policy-led actions to retain and protect information, how it can be used to gain compliance insights for proactive monitoring to prevent information leakage and how it offers a broad range of solutions to help transition to Microsoft Cloud.

He says that even a seemingly simple, single interface like Microsoft Teams has data going into different components.

“If it’s a chat it is stored in Exchange, if it’s a file shared in the chat it goes into OneDrive if it’s a file shared in a channel that goes in to Sharepoint online, and so on,” he says.

Therefore what is needed is a way to ensure information shared is protected. 

He explains, with the helps of organisational charts, how Microsoft 365 has advantages in protecting data.

Unlike in a hosted system, says Skjekkland, with Microsoft 365 there is no need to buy multiple systems to ensure compliance, such as enterprise content management systems, archival records management solutions, network shared drives and file servers. 

This single platform provides an architecture on which all the features of Microsoft Information Protection & Governance can be built on.

Skjekkland races through the plethora of automation features offered by the platform, including in such areas as classification of data, information protection, records management, data loss prevention, compliance for migrations and more.

As businesses across the world continue to grapple with the challenges of a distributed workforce, solutions such as Microsoft Information Protection and Governance are going to play an increasingly vital role in ensuring compliance requirements are met and Skjekkland, Infotechtion and Microsoft are in the vanguard.