The uncontrolled proliferation of enterprise data in ungoverned repositories presents a growing security and compliance risk for organisations.
This is according to Thys Fourie, COO at integrated ICT solutions provider Exponant, who says that as organisations harness the convenience of tools like OneDrive, Teams and SharePoint, they also drive a growing data governance headache within organisations.
“The challenge is that individuals and teams tend to collaborate through Teams on a project and leave all the sensitive information about the project in the Teams group. It’s outside of the formal structures, where data classification and retention policies aren’t applied,” he says. “Worse, many individuals store important data in their own OneDrive, and then start sharing it from out of OneDrive. It’s important to remember that ‘OneDrive is mine, Teams is ours, and SharePoint is the organisation’s’. When important organisational data is dispersed across the organisation in various repositories, it presents a real compliance risk.”
Fourie cites the example of a company creating a Teams site for candidate recruitment: “You might store CVs, payslips and other personal information there, and it becomes a POPIA issue. We have seen organisations with up to 3 000 Teams sites in use, and a SharePoint site in the background. How do you control all of that and understand what information is stored within those sites? How do you properly apply retention and disposal policies?”
He notes that governing Teams and OneDrive use is important. “Organisations should introduce classifications of what information may be stored in these repositories, with systems to bring any sensitive data into their formal record keeping. Exponant recommends that organisations require formal applications for new Teams sites, classify the type of information stored and ensure that sensitive or business-critical data is transferred to formal record-keeping structures. However, balancing proper governance with convenience and efficiency can be a challenge.”
Exponant helps clients securely automate the movement of important data from Teams, OneDrive and even Outlook into structured repositories, applying retention and disposal policies to ensure compliance and reduce risk. Exponant’s workflow automation, version control and archiving solutions serve as both productivity enablers and compliance guardrails, Fourie says.
For example, a client that requires multiple authorisations that previously took up to three days, now completes the process in a matter of hours through automation and the integration of electronic signatures and document conversion.
Fourie says: “We use Microsoft Electronic Document Management System tools like SharePoint, Teams, Purview and Power Automate to help clients achieve compliant document management that doesn’t hamper productivity. When we do a project, we ensure we deliver a solution that is sustainable, supports compliance and meets the organisation’s needs.”
Share