Project Description
Introduction
Think back to March 2020, when everyone was suddenly forced to work from home. Companies quickly enabled staff to work remotely. They broke best practice and opened file access so staff could still do their jobs.
The issue I’m now seeing is company information being saved in a wide variety of places. Possible locations include your company server, OneDrive, SharePoint, Google Drive, Dropbox or one of the many other online file sharing solutions. Do you really know where all your company’s data is stored?
What’s at risk?
Unfortunately, information in a lot of these spaces is not controlled by your company. In many instances, the company may not even know of its existence. While this problem is more widespread than companies would like to admit, the question remains: how can you take back control of your data and manage it going forward?
Information for a lot of companies may contain intellectual property, client information bound by the privacy act, GDPR compliance requirements – just to list a few. Before we can resolve the problem of disparate data storage, you need to understand how much it affects your company.
Matt Bourne-Solutions Architect
Survey staff
Most staff during the pandemic were just trying to get on with their job as best they could. I’d suggest speaking to your staff in an understanding and blame-free way. Send out a quick survey, to get a better understanding of how widespread your data storage now is. Follow up with discussions around potential places staff stored information. Some of these locations may still be in use now.
The next step is to accept that working will likely include a hybrid, work-from-home component for the foreseeable future.
Once you have a better understanding of how widespread your data is and accept that remote work isn’t going away, you’ll need a strategy that works for your staff and your company.
Engage a specialist
In most cases, I’d recommend getting in a consultant to help strategise the best solution. This could be as simple as “Going forward all company files are stored and accessed through SharePoint online and managed by the internal team.” Sounds simple, right?
Unfortunately, life is not quite that simple. However, there are great solutions out there to help make data consolidation a reality. To really enforce it, consider some key technologies. Many may already be available in the Microsoft license you currently hold. (For example Microsoft 365 Business Premium includes the features listed below).
Security by design
When thinking about the new environment, security by design should be considered at every step. This is to help protect your information from external and internal threats.
With security, I always recommend using the principle of least privileged access. In simple terms, you only give someone access to what they need to complete their job and nothing more. Gone are the days of general permissions to simplify things. Granular permissions are here to stay.
Now if you have access to the files, such security does not stop a user from moving the files to Dropbox or Google Drive, which is outside of the company’s control. This is where some other products come into play.
Microsoft Purview Data Loss Prevention (commonly known as DLP).
The main function of DLP is to stop sensitive information from leaving your environment. This could be via an algorithm that monitors for things like client numbers or credit card information. Or it could be through a tag placed on sensitive files that blocks download or external file sharing.
Microsoft Purview Information Protection (formerly Microsoft Information Protection).
This product works hand in hand with DLP. Its main function is to protect data if you allow it to leave your environment. It does this by encrypting files and requiring a login if accessed from outside of your company network or devices.
Summary
Along with implementing security by design, both Microsoft products will help reign in company information spread during the pandemic. Vitally, they still allow staff to work from anywhere.
The final point I want to make, is that these changes and designs are only as good as the people using them. Invest in your staff and bring them along for the ride. Use change management and undertake regular staff training to show staff that they are not losing their freedom. You are just protecting both the company and staff from breaches and data loss.