How to Deal With Legal, Compliance Issues in Office 365 Migrations

Microsoft’s Office 365 cloud-based productivity suite is gaining rapid adoption among enterprises, with more than 60 million commercial customers. Analysts are indicating 50 percent quarter-over-quarter growth for the foreseeable future. However, organizations that are currently migrating to Office 365, or preparing to do so, may begin to hit legal and compliance roadblocks. The movement of critical corporate data to the cloud also raises security and data protection concerns. FTI Technology’s Information Governance and Compliance team has been dealing with these issues for years. They work with corporate legal, compliance and IT teams to determine how to move forward with cloud migrations in a secure, legally defensible way. In this eWEEK slideshow, using industry information from FTI Technology, we offer key data points regarding regulatory compliance in Office 365 migration projects.

According to Microsoft, 80 percent of Fortune 500 companies are using or plan to use Office 365 software and services. The migration challenges these companies are facing include safely migrating data from legacy archives to Office 365, while active cases are underway; remediating redundant, old or trivial (ROT) information to reduce costs and data breach risks; updating legal hold policies to ensure they are maintained; and adhering to data privacy regulations.

An estimated average of 1.37 terabytes of data are uploaded to OFFICE 365 each month by organizations. At least 20 percent of those documents contain sensitive data. This underscores the importance of having key stakeholders from relevant departments including security, legal, compliance and the C-suite involved in developing policies and procedures that safeguard against the risks and mitigate potential weaknesses in the overall information management program.

A Gartner report, “Market Guide for Implementation and Migration Service Providers: Office 365 and Google Apps for Work” (February 2016), highlighted the importance of handling cloud migrations carefully. It noted that “when planning a migration, pay close attention to the complexity of the current environment. The transition efforts can take months, based on the number of users and current environment customization. The right service provider can help mitigate risk and reduce time frames for cloud implementations and migrations.”

IT professionals have repeatedly reported that managing storage growth and addressing backup, recovery and archives are among their biggest challenges. But many organizations struggle with where to begin or obtaining the necessary internal resources to execute.

Jake Frazier, a Senior Managing Director and leader of the Information Governance and Compliance Services practice at FTI Technology, views the pain points as opportunities. “Microsoft Office 365 represents a transformation for organizations, and this migration offers legal teams a chance to get involved and help develop and implement industry best practices for e-discovery and information governance.”

Studies have indicated that 68 percent of data that is eligible to be destroyed cannot be readily separated from legal holds at 56 percent of organizations, and more than half of organizations over-preserve information because of legal holds. With the right approach to Office 365 migrations, data preservation and legal hold practices can be accurately measured to ensure high transparency and control.

With the tendency to over-preserve data, important electronic data often cannot be located and used when needed at 78 percent of organizations. Office 365 migration is a fine opportunity to evaluate storage processes and ensure that the organization is defensibly deleting the majority of its unimportant data and keeping only documents that serve business purposes, are under legal hold or necessary for regulatory record keeping.

The most common legal-hold environments today are ad hoc and inconsistent with high costs and risks. More organizations are looking to move toward an integrated approach, which involves key stakeholders and streamlines cost and risk. The most sophisticated processes are automated and repeatable, are consistent across all users and systematically detect non-compliance.

Smartphone traffic will exceed PC traffic by 2020. This means BYOD environments also must be considered when it comes to cloud migrations. Many companies are unclear about how to create and implement the proper processes for archiving data from mobile devices and other new, emerging data types.

Many global corporations maintain separate email archives or other data repositories by country or region to maintain compliance with jurisdictional regulations. Many countries will challenge the transfer of certain data across borders. It is important to account for these special exceptions during cloud migrations.