How do you balance Collaboration vs Security in Microsoft 365?

We asked Microsoft MVPs what’s the best way to balance collaboration vs security in Microsoft 365. We compiled their answers into a short video that you can watch below. But we couldn’t fit it all in so we put all their answers together in this blog post so we could fully share their awesome insights.

Governance is about efficiency – Richard Harbridge

There’s a bit of friction, right? I want everyone to collaborate more and then you get this push back, that’s going to create data leak risks. The big transformation that happened, there was a lot of digital first response, let’s rapidly deploy Teams and help people have lots of SharePoint sites and places to work and externally collaborate.

Let’s open that up so we can be responsive. And that was the right judgement for a lot of organizations. But now what’s happened is we’ve had a lot of organizations that have created sprawl. They’ve created unmanaged, not managed sprawl. And when it’s unmanaged sprawl, there’s a lot of risk inherent in that.

And so I think the first thing to note is the Microsoft strategy is compliant collaboration, all collaboration in Microsoft 365 whether it’s Teams, SharePoint, all of those collaboration scenarios, they’re compliant by design. Purview, information protection, DLP, all these patterns are available out of the box.

And so there’s no way you can collaborate in the Microsoft stack today that hasn’t had a layer of thought around “How do we do this in a highly compliant way?” So instead of looking at it as compliance versus collaboration, I think of it as if it’s in Microsoft 365, it’s compliant collaboration by design. And I think the trick then is a lot of organizations, you know, 92% of organizations have other clouds, right?

They have Dropbox, or this other system for Google Drive, they have other tools. And those tools are where our collaboration compliance journey starts to fragment a little bit because it works until we get to the file share or the share drives or works until we get to email. And for whatever reason we haven’t protected the email files, we haven’t gone to that level.

And so because we haven’t connected either of these clouds or we haven’t worked on that last leg of the strategy, that’s where we see sometimes some gaps in your compliance and where that friction is felt. The temptation is, well, let’s just migrate everything to the Microsoft stack and then if it’s all in the same stack, it is compliant by design. But I think the reality is that can take years.

Governance is an interesting thing because a lot of times we think of governance as an IT centric focus, and when we think of governance, we say, we’re trying to manage risk.

And I think it’s the wrong frame, it’s the wrong perspective. Governance is about efficiency, it’s about effectiveness. And I think when we think of governance, those playbooks, those Teams, those structures that we have, they’re really meant to help people be more effective and more efficient.

And if we use that framing of governance, all of a sudden it does matter to every end user, every non-IT employee, because, I could say, “Hey, I want to help manage sprawl, right?” And from an item perspective, there’s lots of benefits to that. But for an end user perspective, we need to align that back to what matters to them.

But at the end of the day, it’s about efficiency, not about risk mitigation. You know, that’s the right frame. And then once you’ve got that frame, you start to see all these opportunities to connect end-user experiences, employee experiences, and things like that with IT governance.

Governance is that balance of productivity vs security – Vlad Catrinescu

I think that’s one of the toughest things, because, for me, governance is that balance of productivity versus security. As an IT pro, my job is to keep the company secure, and still enable people to be productive.

Make sure that as an IT pro, don’t go back to that old reflex of shutting everything down and becoming the blocker in your organization. Analyze how people use the tools you have inside your organization. Build your sandbox and if any user is outside that sandbox, go talk to them, train them on what they did wrong, and bring them back to your normal governance procedure.

Put checks and balances in place so people don’t have to wait, and then continuously monitor. Don’t just put them in place and then give up, create reports, or have them on your PowerShell reports.

Have the good basics of security – Karoliina Kettukari

That is always difficult to stop because if you are too secure, it kills all collaboration or innovation. But I would suggest that you have the good basics of security so people have a secure box where they know the limits, know the recommendations, and then they are free to express themselves, but in a nice little tiny box.

I think that the best governance is when end users do not actually see it in their everyday lives. So it works so seamlessly in the background that people just do their stuff, and work their everyday work life, and the governance is magically in the background.

There is also a risk of governance fatigue in organizations because with all the different security features and with AI, security is now a more important topic. But it takes a lot of energy, it takes a lot of resources, and you really need to focus on security. And with all the different requirements, you can get to security fatigue as well. But that means it’s an even more important topic to focus on.

I think that with the help of AI, governance and security are certainly on the top of everyone’s mind in a different way than ever before.

You need to have a good policy and procedure – Andy Malone

I think technology is great, but I think you’ve got to remember people as well and have an inclusive workforce. The one thing that COVID taught us was the fact that you can work from home and you can work away from home, you know, traditional office. So, I think it’s all it’s about that work-life balance. And I think that’s one of the things that technology is showing us, that we can have a work-life balance and it’s helping us achieve more in a much faster way.

But I think products like Security Copilot will make things a lot easier. And in time, I’m sure we will have that Purview Copilot inbound as well. And ultimately Copilot is exactly that. It’s an assistant and I think I’m excited to see where it’s going to go.

I think governance is finally getting its due recognition, I really do. I mean look at Microsoft Purview in the last two or three years, it’s just an incredible transformation.

I think security and governance is a critical part of an organization and it all comes from the top down. So you need to have a good policy, you need to have good procedures. The tech is just part of it. But ultimately you need to have good awareness and training because this delivers the why we need it. And then once people are on board with the why, it’s so much easier to sell within the organization.

Invest in both Collaboration and Security – Gokan Ozcifci

It is fundamental to every organization to have a proper governance plan. Ok, I have that data. Is that data still valid?  I have that Teams, I have that SharePoint site.  Do I need it?  Should that be archived?  Should that be moved to somewhere else? The balance between collaboration and governance or security is something that every company should invest into.

Would you like to know more?

It was great hearing what MVPs had to say about collaboration vs security. They also gave us insight into The benefits of Microsoft 365 Copilot and The next big thing in Microsoft. Thank you to all the Microsoft MVPs for their insights!

If you’re looking for ways to boost both collaboration and security in your organization, read more about how Syskit Point can help you automate your governance with features such as Lifecycle Management, Policy Automation, and Access Reviews.