Using Compliance Manager to ensure compliance in the new normal
By Mohamed El Nemr, Modern Workplace and Security Business Group Lead for Microsoft Middle East and Africa Emerging Markets
In the wake of the COVID-19 pandemic, many consistent challenges have been experienced by businesses. With so many remote workers, people are creating, sharing and storing data in new ways – fostering productivity, but this has also introduced new risks. And this is not just an assumption. A recent internal poll revealed that providing secure remote access to resources, apps, and data is the key concern for Chief Information Security Officers.
With penalties and fines for non-compliance set at a maximum of 4% of a company’s annual global turnover – in an industry that is ever changing, it is in the best interests of organisations to remain continually compliant.
In addition to the talent shortage and complexity of compliance management, customers also face the need to comply with an increased volume and frequency of regulations, with hundreds of updates a day globally to thousands of industry and regional regulations. Additionally, the complexity of these regulations has made it challenging for organisations to know which specific actions to take and the impact of these.
Solutions such as Microsoft’s Compliance Manager offers a vast library of assessments for expanded regulatory coverage, built-in automation to detect tenant settings, and step-by-step guidance to help businesses manage risk. The feature also translates complex regulatory requirements to specific technical controls and through compliance score, provides a quantifiable measure of risk assessment.
The solution further provides a comprehensive set of templates for creating assessments to help organisations comply with national, regional, and industry-specific requirements governing the collection and use of data. Local laws, including the Kenya Data Protection Act, have been mapped into the Compliance Manager tool to facilitate local compliance.
In a bid to provide greater visibility into an organisation’s data, wherever it lives, new connectors have been made available that can pull data from other apps into the Compliance offering to help companies reason over, protect and govern that data. Having the right data protection and governance approach is critical to not only addressing regulatory compliance but also to mitigating risks around data leakage.
The extension of data loss prevention solutions to Microsoft Cloud App Security is a new capability that extends the integration of content inspection across connected applications such as Dropbox, Box, Google Drive, Webex, One Drive and SharePoint. This extension will help users to remain continuously compliant when using popular native and third-party cloud apps and helps to ensure sensitive content is not accidentally or inappropriately shared.
With Teams usage growing with the shift to remote work, organisations are looking for seamless integration to keep their data and employees secure and compliant. With the volume of business conversations occurring round the clock in the solution, additional security and compliance features have also been added.
New features like Insider Risk Management now offers native integration with Teams to securely coordinate, collaborate, and communicate on a case with relevant stakeholders in the organization. When an Insider Risk management case is created, a private Teams team will also be created and bound to the case for its duration. This Teams team will, by default, include insider risk management analysts and investigators, and additional contributors such as HR and Legal, can be added as appropriate.
Another feature like Auto-apply retention policies for Teams meeting recording allow you to retain and delete recordings with in-place governance, which means the retention policies apply wherever the recordings are saved without the need to export elsewhere. In addition, the Advanced eDiscovery supports live documents and links shared in Teams. The feature also automatically collects documents from a storage location, such as SharePoint or OneDrive, to pull the content into an eDiscovery case. The attachments are collected, reviewed, and exported along with the Teams conversations so customers don’t need to manually find and collect the documents one by one.
We also continue to assist in keeping Teams data safe by encrypting it while at rest in the datacentres. This has been extended to enable customers to add a layer of encryption using their own keys for Teams, similar to Exchange Online, SharePoint Online, and OneDrive.
We are well into a new era of business which has already brought with it the need for new processes and prerequisites. These new capabilities will only go a long way in ensuring that customers across the continent and globally remain compliant.