Back to blog

The intelligent approach to Data Governance

Mar 9, 2017 by Laura Zawacki

In a previous post, ‘Is Journaling dead?’, we explored the purpose and importance of journaling emails for compliance and legal reasons. While journaling in third-party archives serves an important role in meeting regulatory requirements, it is not supported in Office 365, and there are a wide range of native compliance and advanced data governance tools in Office 365 that have been developed to offer not just an alternate, but a better, smarter solution.

A Quick Review of Journaling

Journaling is a necessity for regulated organizations to ensure users aren’t deleting or moving data that would be relevant to a legal case or regulation (such as HIPAA or Sarbanes Oxley). It is crucial to capture this data at the precise point that it is sent or received, so that it cannot be deleted or modified by an individual, once an investigation is underway. As we learned in the interview with journaling expert, Janine Brunetti, the major cost of journaling is not necessarily the hardware or licensing costs, but rather the human resource cost and the man hours involved in conducting journaling, extracting messages, searching, and reviewing.

Later this quarter Microsoft is introducing Office 365 Advanced Data Governance and eDiscovery to expand their governance and compliance capabilities even further. For companies planning a move to Office 365, it’s extremely important to explore the benefits and limitations of these features before abandoning their traditional governance practices.

Office 365 Advanced Data Governance and eDiscovery Features

The main goal of Advanced Data Governance is to intelligently manage decisions surrounding which data needs to be kept, and what can be deleted, so that organizations can meet compliance and legal requirements and reduce the risk of losing important data.

Here are some of the main features:

  • Import – Import data from on premises and third-party archives into Office 365. This can be done over the network, or copies can be shipped to a Microsoft datacenter for upload. By using automatic classifications such as age, type, user, or importance, you can import only the data you need to preserve. It is also possible to import data from social media platforms, IMs, and document collaboration platforms.
  • Intelligent Policies – Using machine learning and cloud intelligence, Advanced Data Governance makes policy recommendations based on your organization’s industry, geography, tenant, and classifications. For example, if your organization is in the healthcare industry, it might prompt you to set up HIPAA-related policies. You can act on your data (move, encrypt, preserve, delete) after gaining insights on how comparable organizations are managing their data.
  • Targeted retention – Instead of retaining everything, Advanced Data Governance enables organizations to target specific sets of data based on classifications or patterns. For instance, advanced retention can be configured to identify and secure all data containing routing, social security, or credit card numbers. Retention can also be triggered by an event, or by an end-user assigning a label with an admin-configured retention policy.

Simplify compliance with Office 365 Advanced Data Governance and eDiscovery

 Third-Party Journal Archive  Office 365 Advanced Data Governance & Discovery
  • Systems require constant monitoring to ensure that data is flowing from Exchange to the archive
  • Everything contained within one system, in fact, the data is retained in-place
  • Works with Microsoft Exchange
  • Works across all locations in Office 365 (Exchange Online, Archive, SharePoint, Skype for Business, OneDrive, etc.)
  • Maintenance and support of the journal archive is the responsibility of the company
  • Maintenance and support of Office 365 is the responsibility of Microsoft
  • Policies driven by company policy (outlining who needs to be journaled) and technical/storage restrictions of mailboxes
  • Policies driven by smart regulatory/legal requirements
  • Must manage third-party archive, Exchange, and eDiscovery system separately
  • Security & Compliance Portal enables simple, central management
  • Keep a copy of everything
  • Keep and purge data intelligently

Are there challenges with Office 365 Advanced Data Governance?

Office 365 Advanced Data Governance and eDiscovery offer a lot of the same compliance features that are seen in traditional journal archives, as well as various additional benefits, however, there are some constraints.

While it’s convenient to manage the retention of your email, files, and Skype messages from one system, it can be quite a bit of upfront work to get all that data into Office 365. Typically, an organization will have PST files and documents saved across user laptops, USBs, external hard drives, and various document collaboration apps. To identify those locations and data, your organization will likely need to create a strategy for locating, collecting, and consolidating this data, before you can migrate your email archives to Office 365. Depending on the scale and complexity of the project, it can be beneficial to work with a company that specializes in finding and migrating those data types.

Industry-based policy and retention recommendations are certainly a perk of Advanced Data Governance, but since each organization has unique needs, they may not be comprehensive. Some of the recommended policies will certainly be useful and applicable, but a level of individual analysis will still be required to ensure the right data is retained for your organization’s requirements.

Advanced Data Governance Availability

For organizations running on-premises Exchange, traditional journaling solutions will continue to offer the level of protection and compliance required by capturing and storing all communication. But as more and more of these enterprises make the move to Office 365, Advanced Data Governance will increasingly become the ‘next step’ in evolving their approach to email retention, and developing intelligent eDiscovery and compliance. Office 365 Advanced Data Governance will be available by the end of March 2017, and will be accessible to organizations on the Office 365 E5 plan.