Governance is often seen as a burden by businesses in general and IT in particular. It turns out, though, that this is a narrow point of view because governance can often — if properly implemented — empower business through technology. When I was first confronted by this fact I was skeptical, I confess. But later when I talked about this with Hunter Willis, the product marketing manager of AvePoint, I concluded that I was guilty of being narrow-minded and stuck in the paradigms of the past, not the present. Hunter is well-informed on this subject since he has been in web development, SEO and social media marketing for over a decade. In addition to his work at AvePoint, he is also president of the Richmond SharePoint User Group, and he entered the SharePoint space in 2016 and holds an MSCA O365 certification. Throughout his career, Hunter has developed internal collaboration sites, provided technical and strategic advice, and managed solutions for small to large organizations. He has also served as a strategy consultant for many companies and nonprofits in the Richmond area, and he continues to work directly with nonprofits in his spare time. You can find Hunter’s contributing author profile on CMSWire and you can follow him on Twitter: @HW_EndUser.
I began my conversation by asking him how companies feel in general about governance when it comes to the technologies they use and why they usually feel that way. “At AvePoint, we find is that governance means different things to different organizations,” Hunter replied. “Some think of governance in terms of security, others in terms of content lifecycle management, and many, if not most, see it as a combination. In general, most collaboration platforms offer some level of security and lifecycle management, but many organizations feel the out-of-the-box options for many platforms are insufficient for their specific needs.”
Adding new features sometimes adds problems
It’s not surprising organizations tend to shy away from out-of-the-box options, I replied, seeing that these can be difficult to configure and maintain in enterprise environments. I pointed to Office 365 as an example since it now includes several security and compliance enhancements such as Advanced Threat Protection, eDiscovery, Advanced Data Governance, Advanced Security Management, and Windows Information Protection as we mentioned in this TechGenix article from a while back. But as Hunter explained to me at length, adding new features doesn’t always make things easier.
“Office 365 has a lot of great security and content management capabilities,” Hunter says, "but to effectively use them, they can still require a great deal of manual effort. In addition, due to the nature of the admin centers for Office 365, settings can be tailored for some scenarios, but are applied tenant-wide. This can make it difficult to scale the management of content and security settings, even in some small organizations. For instance, when a Microsoft team is created, with AAD premium you can control naming conventions based on who creates the team, however, the WHO does not give a context to understand how long content should be retained or who should have access to it. In addition, ownership of that team’s actual business process can change over time, along with its content and security requirements. All of this must be maintained in addition to the settings and security for the information stored in the SharePoint site behind the team, which also still must meet organizational requirements. The only out-of-the-box way to ensure that this remains accurate and that content security and lifecycle settings remain within the policy is to manually audit workspaces like SharePoint Sites and Microsoft Teams, communicate and verify information with users and then manually adjust any changes.”
Office 365 has a lot of great security and content management capabilities, but to effectively use them, they can still require a great deal of manual effort.
And that’s not all, Hunter says. “Another challenge is that Microsoft team owners have a great deal of control over not just settings in the team, but also to all the power and settings of the SharePoint site behind the team. Organizations can control who can or can’t create teams, but balancing this delegated administration can be very difficult. Any user trusted with creating and maintaining workspaces needs training to understand how to maintain the content within that workspace as well as who should be able to access or allow access. Some organizations try to setup existing teams and resources to handle this administration with improvised task management and service delivery tools, but many organizations right now feel overwhelmed with the administrative challenges that all of this can present."
So, why does governance feel like such a burden?
Still, governance feels more of a burden than an opportunity for many and perhaps most of us who work either in the technical or management side of IT. Isn’t governance just about restricting users? Or can the coin be flipped and ways found out to leverage governance instead for empowering them?
If properly applied, governance can drastically increase productivity while reducing risk at the same time.
I finished off my chat with Hunter by posing these questions to him and he replied with some insightful comments. “We like to say that brakes weren’t invented to make cars go slow but to add control so that they can go faster, safely. If properly applied, governance can drastically increase productivity while reducing risk at the same time. There are some governance tools like AvePoint’s Cloud Governance, for instance, that can make it easier for users to take the right actions, and streamline the organization’s governance of the content in Office 365. This reduces both the burden of the IT teams in the organization and allows users to remain in policy while not being inhibited with bottlenecks that slow down day to day tasks. So with enough planning, user training and proper application of the right tools, it can be easy to apply governance in ways that let users take advantage of new features like those available in Teams to work more efficiently — while also letting IT and security teams sleep at night.”
And more sleep at night is certainly what those of us who work in IT/MIS need these days!
Featured image: Shutterstock