3 steps to close Microsoft Teams compliance gaps

  • Posted on March 10, 2020
  • Estimated reading time 3 minutes
3 Steps to Close Microsoft Teams Compliance Gaps

Business across all industries are looking to new collaboration tools, technologies and best practices to create a competitive edge – but the journey forward might not be so simple. While 65 percent of executives say moving from hierarchical working environments to ones built on teamwork is critical for success, only 7 percent say they have the tools and confidence to adopt new solutions to do it. In our own practice, we increasingly see clients in highly regulated industries, such as financial services, cautious about adopting new tools such as Microsoft Teams, even though they know it might be a game changer for productivity. The obvious question here is: What’s the hold up?  

It’s not security, but compliance 
If you guessed security concerns were holding back Teams adoption, you would be half right. Platforms such as Office 365 and products such as Teams are extremely secure “out of the box,” and partners such as Avanade have a wealth of proven solutions to overcome specific concerns. The friction seems to be more related to compliance, which, unlike security, is more about how your own people and systems are handling data, rather than preventing an outsider attack. In fact, nearly 55 percent of corporate data is “dark data” – meaning there is no way to monitor or govern it. With regulations such as GDPR and now CCPA creating enormous pressures to stay compliant, protecting and governing corporate data has become priority #1 for businesses seeking to modernize their workplace.  

That’s why Microsoft is making compliance a priority 
Nowhere is this growing concern clearer than with new product developments and feature rollouts for Microsoft Teams, the fastest-growing collaboration solution of its kind. Microsoft appears to be aware that organizations are growing more concerned about compliance, as an issue separate from security. Perhaps this is why Microsoft recently released a separate Compliance Center and a new Compliance Score to compliment the already popular “Secure Score” and Security Center tools. There has also been a flurry of compliance features turned on for Teams and Office 365, such as data sensitivity labels, more granularity and controls, e-discovery capabilities and keyword monitoring for suspect behavior (such as insider trading). 

The right way to approach compliance when it comes to Teams  
In the meantime, organizations are still struggling to find the time and resources needed to deliver compliance. While there is a lot you can do with native compliance features in Teams and Office 365, businesses must still seek to identify and close gaps present in their unique situation. Otherwise, you can create a few nasty problems: uncontrolled Teams creation sprawl, no clear lifecycle management, no insight into what data is being exposed or how sensitive it is, and so on. We suggest three steps to overcome these challenges.  
Step 1: Assess  
Before you continue or start to rollout Teams, hit the pause button. Even if you’ve already begun to release it to users, it’s never too late to clean up your practices. Take a few weeks to gather essential data and insights, observing how users across departments are already using tools and sharing information. Do this with a cross-functional team, including the CIO, Data Protection and Governance leads, HR, as well as the CISO and key stakeholders from business lines. At the end of this process, give your organization a compliance strength score (from non-existent to well managed and documented) across data classification and management.  
Step 2: Build  
Next, you will start to determine which compliance issues you can solve with existing and newly released capabilities from vendors such as Teams, and where you might need to fill in the gaps. Take the time to use what you learned in Step 1 to create profiles and use cases for data classification and management scenarios. Then, investigate how you can automate and configure settings to meet those requirements. If needed, you might need to work with a partner to develop additional customizations to strengthen or automate the configuration process. In this step, start small and prove the process works on specific groups within your organization, such as departments or user types.  
Step 3: Improve  
Once you’ve proven you can effectively configure, using tools and automation, it’s time to scale this out to the rest of the business. As you proceed with an implementation roadmap, you will inevitably lead to new challenges and requirements as user groups change. New tools and capabilities are also continually being released, which you will need to monitor and adopt into your Teams lifecycle, by going back through Steps 1 and 2 again. This period of monitoring, expanding and optimizing is an ongoing process, one that must be improved and optimized overtime. 
Getting compliant to drive collaboration and Teams adoption: 
While security remains a concern for businesses pursuing a modern workplace experience, its closely-related cousin, compliance, is quickly becoming a major roadblock. As our dependence on data grows, this complication will only get more severe. To overcome, organizations should assess existing flaws in data governance and protection, monitoring how employees are working with existing applications, today. From there, they need to combine a knowledge of the tools and capabilities available, with the expertise and solutioning of partners such as Avanade to close the gaps and drive continual improvements.  
To learn more about what Microsoft Teams can do for your business, visit our Teams resources hub here. I also invite you to explore our holistic enterprise security solutions here.

Rob Grover

Nice blog thanks for sharing this content

April 12, 2022

Avanade Insights Newsletter

Stay up to date with our latest news.

Share this page
Modal window