You may need to clean up your files after an Office 365 migration. That’s because many of you migrated your Outlook and other on-premise files and folders to Microsoft Office 365 relatively quickly.
You didn’t have time to purge unnecessary files. Nor did you clean up those old pizza party emails. And while Microsoft may employ legions of security professionals, your poorly managed and poorly governed information becomes a treasure trove for every hacker. But it’s not too late to do a post-migration cleanup. Indeed, you should.
I’ve met loads of people from many companies that took advantage of Microsoft’s FastTrack team to get onto Office 365 quickly. That service lends itself to lift-and-shift. And for a time, Microsoft was doing this for free.
Speed of migration isn’t the only issue. There’s Microsoft’s better-watch-out teaser: Office 365 storage is free. Well, I guarantee that that’s not going to last forever. To me, all this “free storage” feels like a multi-level marketing scheme. It’s just not sustainable.
It’s true that the infrastructure-platform providers manage threats for you. But eventually, they’ll have to recoup that cost. And charging for storage—by the gigabyte, terabyte or even petabyte—is probably the best place to do it.
And even if storage were free, you still have a responsibility to your customers and employees to manage your records and information properly. You’re still governed by regulations and a responsibility to the business.
What may have been wrong in terms of information governance on-premise, is just as wrong in the cloud. You’re still responsible to clean up, follow policies, adhere to regulations and lower the risk footprint of the information that powers your organization.
Even if you have “lifted and shifted,” you should manage your data as if you still had an on-premise fiefdom. Information professionals can’t be isolationist here.
While it’s not as industrial strength as what’s found in some ECM solutions, the Security & Compliance Center within Office 365 should get you started. The Security & Compliance Center has enough functionality when it comes to retention and reporting that you can apply good information governance practices even after a migration. Security & Compliance Center has e-discovery and overall records management tools.
The Security & Compliance Center also has an identity access component that allows you to assess threat vulnerabilities and analyze legal holds. And it provides incident management and data loss prevention with a set of out-of-the-box rules.
For example, the Security & Compliance Center can help you discover social security number patterns—with or without dashes—for PII compliance. And it can help you search for health care procedure codes for PHI compliance.
Office 365 as a records management and information governance tool may not be as robust as you’d like, but initially you won’t have to spend more money.
The important thing is that Office 365 itself can help get you into cleanup mode. It can help you with your data governance execution. It can help with record classes, retention periods and content management, as well as taxonomy and tagging.
With the platform, you’ll use metadata to identify file owners, locations, the age of files and file types. You should employ these techniques in the same way you would do so on-premise.
The capabilities and user functionality with Office 365 is getting better all the time, but it’s not perfect. The thing is to understand what can be done today within Office 365 and how to alter your processes to accommodate what Office 365 provides in the short run. The desire for everything to be perfectly tagged, managed and dispositioned can become a killer for any kind of process.
The point is that regardless of whether you’ve done a good job migrating to Office 365, the data you’ve moved eventually has to be dealt with in a way that’s defensible to the business—and the lawyers.
Under today’s microscope, it’s the standard way of doing business.