1How to Deal With Legal, Compliance Issues in Office 365 Migrations
Microsoft’s Office 365 cloud-based productivity suite is gaining rapid adoption among enterprises, with more than 60 million commercial customers. Analysts are indicating 50 percent quarter-over-quarter growth for the foreseeable future. However, organizations that are currently migrating to Office 365, or preparing to do so, may begin to hit legal and compliance roadblocks. The movement of critical corporate data to the cloud also raises security and data protection concerns. FTI Technology’s Information Governance and Compliance team has been dealing with these issues for years. They work with corporate legal, compliance and IT teams to determine how to move forward with cloud migrations in a secure, legally defensible way. In this eWEEK slideshow, using industry information from FTI Technology, we offer key data points regarding regulatory compliance in Office 365 migration projects.
2Addressing Data Integrity, Regulatory Issues
According to Microsoft, 80 percent of Fortune 500 companies are using or plan to use Office 365 software and services. The migration challenges these companies are facing include safely migrating data from legacy archives to Office 365, while active cases are underway; remediating redundant, old or trivial (ROT) information to reduce costs and data breach risks; updating legal hold policies to ensure they are maintained; and adhering to data privacy regulations.
3Consult Key Corporate Stakeholders
An estimated average of 1.37 terabytes of data are uploaded to OFFICE 365 each month by organizations. At least 20 percent of those documents contain sensitive data. This underscores the importance of having key stakeholders from relevant departments including security, legal, compliance and the C-suite involved in developing policies and procedures that safeguard against the risks and mitigate potential weaknesses in the overall information management program.
4Careful Preparation Can Reduce Time Frames for Migrations
A Gartner report, “Market Guide for Implementation and Migration Service Providers: Office 365 and Google Apps for Work” (February 2016), highlighted the importance of handling cloud migrations carefully. It noted that “when planning a migration, pay close attention to the complexity of the current environment. The transition efforts can take months, based on the number of users and current environment customization. The right service provider can help mitigate risk and reduce time frames for cloud implementations and migrations.”
5Storage Management Is Often the Toughest Challenge
6Get Legal Teams Involved in Migration Planning
Jake Frazier, a Senior Managing Director and leader of the Information Governance and Compliance Services practice at FTI Technology, views the pain points as opportunities. “Microsoft Office 365 represents a transformation for organizations, and this migration offers legal teams a chance to get involved and help develop and implement industry best practices for e-discovery and information governance.”
7Find the Right Approach to Legal-Hold Data
Studies have indicated that 68 percent of data that is eligible to be destroyed cannot be readily separated from legal holds at 56 percent of organizations, and more than half of organizations over-preserve information because of legal holds. With the right approach to Office 365 migrations, data preservation and legal hold practices can be accurately measured to ensure high transparency and control.
8This Is a Good Time to Evaluate Storage Processes
With the tendency to over-preserve data, important electronic data often cannot be located and used when needed at 78 percent of organizations. Office 365 migration is a fine opportunity to evaluate storage processes and ensure that the organization is defensibly deleting the majority of its unimportant data and keeping only documents that serve business purposes, are under legal hold or necessary for regulatory record keeping.
9Look at Automated Processes
The most common legal-hold environments today are ad hoc and inconsistent with high costs and risks. More organizations are looking to move toward an integrated approach, which involves key stakeholders and streamlines cost and risk. The most sophisticated processes are automated and repeatable, are consistent across all users and systematically detect non-compliance.
10Take into Account Employees’ BYOD Usage
11Take International Compliance Restrictions Into Account
Many global corporations maintain separate email archives or other data repositories by country or region to maintain compliance with jurisdictional regulations. Many countries will challenge the transfer of certain data across borders. It is important to account for these special exceptions during cloud migrations.