Microsoft’s Office 365 has witnessed a phenomenal growth in the past few years and is now the most widely used enterprise cloud service by user count. Organizations still consider moving to the cloud to be a top business risk, with security and compliance being the key sources of concern. While the cloud promises flexibility, easy scalability, reduced costs, and enhanced collaboration, a rushed ad-hoc migration not only leads to a sub-optimal adoption but also causes cybersecurity risks.

Spanning, along with CollabTalk and the Marriott School of Business at Brigham Young University, surveyed approximately 300 professionals worldwide to understand the state of Organizational Security & Compliance Practices in Office 365. The research highlighted some prevalent red flags, although a majority of survey respondents expressed confidence about their Office 365 security mechanisms, there is a significant gap as far as implementation of the practices is concerned. For example, 80% of respondents who depend on Microsoft’s built-in security have either not run security and compliance checks or do not know if they have.

While Office 365 is a robust, secure platform with extensive compliance and governance capabilities, it is essential that organizations lay the groundwork for a cyber secure Office 365 adoption.

Here is a summary of five tested pointers based on responses from organizations that have migrated to Office 365 to lay a secure and compliant foundation. For further details, read the Office 365 Operational Success Playbook.

A graphic displaying 5 guidelines for operational success in Office 365.

#1 Assess and Plan

Conduct a detailed assessment of your systems and tools, information architecture, and business goals. Identify gaps between your current state requirements and Office 365 features/solutions. Encourage employees to participate in the current state audit, so they are aware of their artifacts and clean-up/organize them accordingly. Our research indicated that end users incorrectly classifying their data and not following through with required actions accounted for 40% of compliance challenges faced.

When developing your implementation plan, keep it holistic and detailed; encompassing various business workloads. However, also keep it agile enough to solicit and incorporate feedback regularly.

#2 Don’t Compromise on Training

In the rush to meet deadlines, don’t push the training to the post-migration “on-the-job” variety. Shadow IT, where unauthorized applications are used by employees combined with the lack of security training accounted for more than 30% of security challenges faced by our survey respondents. Regular training, which combines both aspects of security as well as Office 365 functionality, prior to migration, will educate your employees about Office 365 tools/features that can be used for their business workflows, and help them understand security and compliance risks. This will not only enable them to hit the ground running post-migration, but more importantly, use Office 365 securely, optimally and enthusiastically.

#3 Invest in an Oversight Committee

A successful Office 365 adoption requires regular monitoring and tracking to check that the plan is on-track, the breadth/diversity of information architecture is assessed, feedback is being incorporated and security and regulatory requirements are being met. 60% of organizations surveyed admitted to average/poor governance readiness. In the keenness to use Office 365’s exceptional suite of tools, governance and planning are often compromised, leading to admins retroactively applying security patches and processes. Having a dedicated governance and change management committee will ensure that a healthy governance strategy is followed, provide a forum for business requests and issue tracking, and act as a liaison between stakeholders and end users to confirm that expectations meet implementation.

#4 Explore, Optimize and Innovate

Office 365 has a wealth of capabilities that are constantly being extended and improved upon. Make certain that inputs from your Office 365 champions about new features and industry trends, particularly security and compliance ones, are adopted. Keep in mind that technology is a business enabler, not the other way around; and stay focused on business outcomes.

#5 Keep a Safety Net

With incidents of malware rapidly increasing, planning for business continuity and disaster recovery is a must. Microsoft has a resilient environment to maintain its SLA uptime (99.9%) However, it cannot protect you from data loss/tampering, inadvertent or malicious, on your end. Microsoft stores deleted items in its Recycle bin, but restoring them is complex and is limited to dangerously short retention periods. Having recovery capabilities such as point-in-time restore, granular restore and cross-user restore are essential to meet compliance requirements A reliable backup and restore solution is your safety net – automating backup, guaranteeing easy recovery, assuring business continuity and establishing adherence to compliance standards.