Data Governance and SharePoint Document Security

Building Data Governance into Office 365 and SharePoint Online starts with planning and understanding basics before moving on to more advanced options.

By Cathy Dew

What tools does Microsoft provide to build a Data Governance Policy?

While you can never eliminate risk, you have tools within Office 365 and SharePoint to assist in securing and protecting your digital data. If you are not using these tools you are exposing your company to unneeded liability and loss of sensitive and proprietary company information. Last week we discussed the basics of Data Governance and why you should be incorporating data governance into your company’s digital infrastructure. Today we’ll provide an overview of what tools Microsoft provides within Office 365 and SharePoint to assist you with your Data Governance policies.

Using SharePoint and Office365 Document Security and Data Governance Features

If your business is using SharePoint for document management—as many enterprises do—the good news is that SharePoint comes with multiple features that can make data governance much easier. From intuitive importing tools to metadata tagging to SharePoint document security features, Microsoft’s intranet platform can be leveraged to support even the most detailed data governance strategies.

Important features include:

  • Permissions: Planning and assigning permissions in SharePoint is one of the defining steps of any data governance policy. Given the recent rash of cyber-attacks on major enterprises and small businesses alike, cybersecurity needs to figure into data governance heavily. Controlling who can access, edit, download, share, move, delete, or otherwise interact with different pieces of data helps minimize risk. When you have a thousand employees, and they all have access to every single file in your system, there is no way to ensure the security of important data. By being strategic (and sparing) with your library, folder, and file permissions, you can enjoy better peace of mind in this regard.
  • File Sharing: In conjunction with Permissions, how and what you allow to be “shared” within the organization, and even more critically outside your company, changes your exposure footprint dramatically. Some companies will never want to expose any files to people outside of the organization. Others will need to allow controlled external sharing. Understanding the external sharing options and what is the acceptable level of risk is therefore very important to building and administrating your SharePoint and OneDrive ecosystem.
  • Managed Metadata: Data governance policies should help create data ecosystems where files are secure, but still easy to find. SharePoint’s sophisticated managed metadata features make it easy to tag files according to categories, departments, file types, and other identifying information. You can then use these features to find the data you need when you need to use it.
  • Retention and Deletion Policies: SharePoint and Office 365 both allow you to set up retention and deletion policies to align with regulatory standards or with your organization’s internal practices. These features will enable you to do several things. You can create workflows that archive files to different locations after they pass a certain date. You can set up retention timelines, to ensure that you aren’t deleting documents or data that you might still need. And you can arrange deletion dates, to remove content permanently once it is at the end of its retention lifecycle or no longer useful.
  • Inactive Mailboxes: Employees leave companies all the time, but what do you do with their email? Regulations and business requirements may require retaining their mailboxes for a fixed period of time. Correctly utilizing the inactive mailbox features of Office 365 could be a critical part of your governance rules and configurations.
  • Importing: Microsoft has been good about creating an interconnected ecosystem of different programs and systems. This integration is handy when it comes to introducing data into one central location. Data governance is easiest when you can manage everything using a single system. That way, you can use the same metadata, permissions, and retention policies across all your data, instead of handling certain files differently because they are stored elsewhere. Microsoft makes it easy to pull data from multiple online and offline locations—such as servers, Office 365, SharePoint, OneDrive, or third-party applications such as Dropbox—into one central repository.
  • Security Templates and Monitoring: Office365 has security templates that can be activated in order to scan all documents for critical data like Social Security Numbers, Driver’s License Numbers, Credit Card Numbers, Bank Account Numbers, etc. Customized security templates can also be created to scan for company proprietary information. All of these templates can then be assigned sharing and digital rights management rules to mitigate data leakage and improper sharing for company and personal information. Additionally, supervision and monitoring options allow you to route communications flagged by your rules for manual review and classification.

Using these features and others will not only make data governance easier to execute but will also help maximize the security of your files. Sometimes, businesses are worried about keeping documents in the cloud, due to hacking fears. However, by using SharePoint’s document security and organization features, you can enjoy the benefits of universal cloud access without worrying about the usual concerns.

Create an Effective Data Governance Policy for Your Business

This blog post is just the second in a multi-part series about the importance of data governance. In future installments, we will look at how you can use other Microsoft tools and programs to create an execute an effective data governance strategy. Of course, our team at 2Plus2 is willing to help you with data governance. We are your premiere San Francisco Bay Area SharePoint consultants. Whether you need assistance implementing the SharePoint document security tools discussed above or want some help authoring a governance policy for your business, we are happy to lend our insight. Go online to schedule a free consultation with our team or call 510-652-7700 today.

Cathy Dew
Cathy Dew – CEO + Information Architect
Cathy focuses the company on our mission – Real results. Every time. Information architect and strategist, Cathy is passionate about making software work well – the function, the feel, the result.
Send me great news