
Office 365 Compliance Issues: What can be done to bridge the gap?
Apart from keeping the business workflow consistent and transparent, Microsoft Office 365 increases simplicity and yields greater productivity. It provides robust security and reliability for IT teams as a part of maintaining business efficiency in Microsoft ecosystem. However, IT Managers expecting huge productivity, simplicity, and licensing gains just by entering an Office 365 automated environment are facing unexpected compliance issues. Because of which, getting buy-in from key stakeholders across the business, such as compliance team, often proves to be a difficult and time-consuming task.
The platform comes with legitimate questions and concerns around compliance. So what are these compliance issues and what can the IT Managers do to bridge this widening-gap?
Risks and Limitations of Office 365 for Compliance
Though compliant with global standards and regulations like European Union data protection laws and the Health Insurance Portability and Accountability Act and ISO 27001, Office 365 only supports organizations with basic compliance requirements. Those with more stringent requirements find the compliance capabilities in Office 365 to be inadequate.
An argument against tightly linked systems
A single, integrated system design that fully handles the conflicting requirements of short-term day-to-day communication is supported by Microsoft. The design also combines a long-term, multi-year compliance mandate under which organizations operate. While those changes have been good and helpful on one level, it doesn’t inspire confidence in Microsoft’s ability to offer a compliance system. The tightly linked design between communication and compliance also leads to some severe implications in order to access BCC addressee information, and expanded distribution list information, a sender’s mailbox must be on legal hold.
Sending large files
Office 365’s inability to seamlessly handle large file transmissions causes employees resort to alternative, consumer-grade file sharing and transmission services. This workaround creates compliance problems for organizations as the message may contain sensitive information that should be encrypted. Further, the message cannot be captured for archival, classification, and retention in the corporate content management system or archive.
Exchange online archiving issues
Microsoft offers an archiving solution for Exchange Online. It provides automated archiving, retention, and deletion features to a user. However, Exchange Online Archiving lacks a number of essential capabilities, such as tamper-proof storage, the ability to export eDiscovery search results in a form suitable for importing into third-party review tools, collaborative review of discovered content, and the ability to cull a document collection to reduce legal costs. These missing capabilities make the issue of compliance burgeon even further for an organization.
Lacking Sharepoint archiving
Exchange Online Archiving feature of the Office 365 platform does not provide archiving capabilities for SharePoint Online, files, or Yammer conversations. The inability of Office 365 to archive its own Yammer service pushes all firms immediately out of compliance. For all other firms for which archiving of content in SharePoint team sites, Lync meetings and messaging threads, and Yammer conversations is required, what is available with Office 365 is not sufficient.
What can be done to bridge the gap?
Office 365’s compliance capabilities can significantly be increased by leveraging third-party tools. Many capabilities are presented by a number of vendors offering third-party tools. Let’s look at the broad categories of these capabilities.
A Compliance System Built for eDiscovery
Third party tools help organizations establish a compliance management system that is separate from the day-today messaging and communications environment. This offers risk mitigation to organizations that decide to shift from Office 365 to another system. This feature also handles archiving, legal hold, and policy-based mandates in a much appropriate manner.
Compliance beyond Office 365 Data
The data of an organization hosted by its historical and other current systems can be managed by using third party tools. The data is managed according to compliance requirements, such as previous messaging systems, social media properties, and Yammer. Vendor tools provide a single cohesive, integrated compliance system to an organization that can incorporate Office 365 data alongside other equally valid data sources.
Mobility solutions
A third party container solution can enable organizations to separate and protect business data and apps on the device. This in turn ensures that compliance is maintained on mobile devices. Container solutions encrypt all the data at rest, in use, and in transit which restricts the data leakage to unsecure applications.
Sending large files
Third-party services offer the ability for transparent distribution of large files directly within Office 365, while still being subject to the organization’s compliance policies. This feature is not available in the Office 365 platform. Large file transfers are handled through a separate secure service, as opposed to using Exchange for delivery.
Message encryption
Vendor tools have features that offer the organizations with ability to establish policies that trigger which messages are subject to encryption, and automatically apply the required encryption level without requiring manual intervention by users. The ability to revoke encrypted messages that have been sent to the wrong person is also offered by the advanced third party encryption services.
Email archiving
Using third party tools, archiving, and retention of email without the ability for users to simply override the policy settings at will can be carried out in a policy based manner. Separating the day-to-day transactional communication through email and the compliance repository helps in compliance management. Journaling of communications from Exchange to a separate archive is a well-established approach to the creation of a compliance repository.
Conclusion
Compliance can be the force that makes the swing to go to-and-fro, or it can be the opposite wind gushing in and making your swing to slow. With the new report from Osterman Research slamming Office 365 compliance features, organizations needs to buckle up and be compliant with the industry standards.
Featured Vendors
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
