Compliance for Microsoft Teams – Reclaim the Driver’s Seat

by in Information Management & Governance

 The Global Pandemic Fueled Microsoft Teams Adoption

With due acknowledgement of the disease’s tragic impact, the COVID-19 outbreak proved a boon for Microsoft Teams. Microsoft Teams users soared from 20 million to 145 million between November 2019 and April 2021.[i]

There’s little doubt that Microsoft’s strategy to integrate multiple components of Microsoft 365 with video, voice, instant messaging, and group functionality, and to offer it as a standard part of its Enterprise 365 packages has paid off handsomely. As stated in a recent Osterman Research white paper, Archiving and Data Protection with Microsoft Teams, “Users are drawn to the collaboration feature set in Teams, along with its integration into the wider productivity toolset in Microsoft 365.”[ii]

In short, Microsoft holds many of the advantages that come with its dominance of the productivity suite segment, and Teams is a serious threat to competitors like Slack and Zoom.

Compliance Professionals Relegated Subordinate Status?

One disclosure in the Osterman Research study is the finding that compliance professionals played a relatively minor role in the decision to adopt Microsoft Teams. According to the white paper, compliance professionals and legal staff were two of the three least influential groups in the decision to adopt Teams. The three most influential groups in the decision to adopt Teams were IT professionals, cybersecurity professionals, and senior executives.[iii] Compliance professionals and legal staff ranked 5th and 7th, respectively, on the list of influencers.

Why does this matter?

The finding is both significant and troubling for organizations in industries where employee communications and conduct are strictly regulated. These organizations need to monitor electronic communications to safeguard against unlawful or inappropriate behavior. While the electronic communications subject to regulatory oversight have historically constituted email, the recent rise in social collaboration tools like Teams makes this notion obsolete. Yet unfortunately, many of the compliance tools in use among highly regulated organizations lack the ability to monitor social collaboration content effectively or efficiently.

New Challenges to Compliance Management

As posted in several previous blogs on this site, the challenges of safeguarding compliance in The Social Collaboration Era are many and distinct. For starters, each tool brings its own mix of data formats and conventions, the latter including varying support for stickers and emojis, group and channel formation, and connotative cues, such as GIF support and text formatting. These variations typically lead to “compliance solution sprawl,” with organizations deploying point solutions. These siloed deployments tend to proliferate in lockstep with new tool adoption, compounding complexity and resourcing issues.

As Microsoft releases enhancements to Teams in its bid for market supremacy, compliance teams can be thrown into firefighting mode, with established workflows undermined and the risk of critical data loss raised.

Microsoft 365-Native Archiving Lacks Rigor

What about the compliance capabilities built into Microsoft Teams?

Unfortunately, these native capabilities fall far short of what regulated organizations need. As documented in the Osterman Research white paper, Microsoft 365 lets administrators archive Teams workspaces by locking them from further activity. This feature – intended for use when a project or initiative has ended – doesn’t prevent workspace owners or Microsoft administrators from violating retention rules enforced by SEC, HIPAA, and other regulations by permanently deleting workspaces and all associated content.

Another finding noted in the Osterman Research white paper is the fact that 46% of survey respondents disagreed with the statement, “The native capabilities for archiving a Teams workspace meet our archiving and compliance requirements.”[iv]

Would a compliance-first approach for evaluating the suitability of Teams have made any appreciable difference? We may never know. What’s certain is that the Teams genie is out of the bottle, and an established part of the way we do business today.

An Opportunity to Reclaim the Driver’s Seat

 Again, for highly regulated organizations, the risks exposed by Teams are severe. The costs of compliance violations include steep fines and penalties, costly litigation, and prolonged reputational damage.

To avoid these scenarios, legal and compliance leaders need to take the high road. Thankfully, now that so many companies are defining their workforce management strategies for a post-COVID world, legal and compliance officers have an opportunity to drive these foundational regulatory compliance agendas.

For these leaders, the task of advising fellow officers and their reports on the dangers of Teams-related violations is mission-critical. In raising awareness of these dangers, compliance leaders should also be prepared to answer questions about how best to manage Teams-related risks.

The key ingredients for effective compliance for Teams are:

  • Teams-specific data collection and metadata enrichment technologies
  • Compliant data lake storage optimized for analytics, AI, and ML
  • High-performance, scalable, cross-channel contextual search capability
  • Archiving and supervision capabilities that simplify the analysis of both denotative and connotative content collected from multiple channels simultaneously
  • 24 x 7 live monitoring of operations, to ensure service levels and deliver coverage of any new enhancements driven into Teams

Conclusion

When the business world responded to the global COVID-19 pandemic, senior leaders responded with urgency, prioritizing business continuity over compliance. Microsoft successfully capitalized on this through the rapid refinement of Teams to enable work-from-home and other flexible workforce management models.

Now that organizations find themselves revising their workforce management strategies once again for a post-pandemic future, legal and compliance leaders have a new mandate to communicate the risks inherent in the widespread reliance on Teams. Fortunately, these leaders can leverage a growing body of research about these risks and harness new, state-of-the-art solutions for managing them effectively and efficiently.

Download your free copy of the Osterman Research white paper, Archiving and Data Protection with Microsoft Teams now.

----------------------------------------------------------------------------------------------------------------------------------- 

[i] Archiving and Data Protection with Microsoft Teams, Osterman Research, May 2021.

[ii] Ibid.

[iii] Ibid.

[iv] Ibid.

-----------------------------------------------------------------------------------------------------------------------------------

Know your data | empower your people | drive your future
Join our community | @microfocusimg | www.microfocus.com | What is InfoGov?

Have technical questions about Information Management products? We have discussion forums for every IM&G product.

Do you have an Idea or Product Enhancement Request about IM&G products? Submit it in Idea Exchange.

We’d love to hear your thoughts on this blog. Comment below.

 

Tags:

Labels:

Archiving
Data Governance
Anonymous