Johannesburg, 08 Jun 2020
Microsoft Teams has rapidly become a key collaboration tool for many organisations, quickly growing from 44 million to over 75 million users in just a few months. However, if not set up properly from the start, it can potentially leave your business-critical data exposed to accidental sharing or oversharing with the wrong individuals or Teams – or worse, theft. Ensure Microsoft Teams information protection success and avoid any pitfalls by making sure you provision sites/teams with these three key practices in place.
Applying lessons learned from an old challenge
The challenges of the rapid adoption of a new collaboration tool are not new. There are parallels between the explosive growth of Microsoft Teams that we are experiencing now and the viral adoption of SharePoint during its early iterations. It’s important that we learn from the early SharePoint years and not repeat those mistakes with Teams.
The stakes for getting security wrong are much higher today. New regulations such as GDPR and POPIA have upped the game on an organisation’s responsibility to safeguard data, as well as the financial penalties already costing organisations millions. The risk to IP is also greater with corporate espionage cases like Google vs Waymo, underscoring the risk to an organisation’s trade secrets from collaboration tools. These risks are exacerbated by ease and speed at which information can be shared in Teams. The severity of the penalties for incorrectly handling information and risk to the business demand a better solution this time.
Businesses and organisations need to approach a Microsoft Teams roll-out with the same thought process that ultimately became a SharePoint best practice – namely, a more governed and controlled creation of Teams that has the right balance between user and security needs. If you rolled out Teams in a hurry to accommodate remote work, you should retrofit with these best practices as soon as possible.
Three key ingredients to provision Teams with information protection
The key to achieving this balance is to ensure that Teams are set up for success from the moment they are created to ensure information is properly protected. Leveraging a provisioning process or tools can help ensure it gets off to the right start. Although it requires a little work, there are capabilities provided by Microsoft to create templates that help to ensure individual Teams are created with the appropriate structure and attributes, eg, can guest users be added or only allow internal users.
Although it may seem that properly provisioning a Team does little to prevent accidental sharing, oversharing or misuse, it builds a strong foundation to support information protection in a few ways:
User training can be aligned to the approved use cases and associated templates so that users are guided to use Teams correctly based on how a Team is labelled or categorised.
It removes the reliance on Team owners to ensure sharing settings or tabs are correctly added or configured for the Team. The news is full of data breaches that have been the result of an incorrectly configured cloud repository. Although Microsoft Teams by default has a more closed membership, and therefore access to the information within it, a risk still remains if the wrong users or group of users is added to the Team.
Creation of Teams through a provisioning process or tools provides many of the properties that additional technologies can leverage to prevent accidental sharing.
Leveraging a provisioning process and templates for setting up Teams will get you on the right path for secure collaboration of business-critical information. However, it’s important to note that while the Microsoft templates offer a good starting point, they do fall short when it comes to fully protecting your information.
Let NC Protect be your secret ingredient for baked-in protection
Third-party products offer features not available in the native Microsoft experience. A solution like NC Protect can leverage the foundation set above to automatically apply information protection. NC Protect can dynamically control access to content in the Team and control how authorised users can share it and with whom, create flexible real-world information barriers, provide enhanced chat blocking, dynamic security watermarks and more.
By augmenting Teams with third-party products like NC Protect, you can gain additional capabilities that leverage and add value to your existing Microsoft investments to automate data protection cheaper, faster, and simpler than using native tools.
Share