Closing the Governance Gaps in Your Social Strategy

As I begin to prepare for some of the fall events, one of the topics I will be picking up again is governance. It’s a subject that continues to interest SharePoint and Office 365 admins, and there have been major announcements around governance, security and compliance from the product team this year. Historically, Microsoft has a strong record of SP artworkmitigating security risks. As most cloud-based competitors have focused on rapid innovation, the gaps have only become wider and the management of the many collaboration tools across any single enterprise has become quite complex. With Microsoft, the gaps have not been as wide, which has continued to keep platforms like SharePoint and Office 365 as the market-leading tools of choice for enterprise customers.

Even with the restructuring and realignment of product, engineering, and marketing organizations under the “one Microsoft” banner, the company has made major investments in improving their security and compliance story across the board. 

Microsoft “gets” the enterprise space. Through investments in the Office 365 Compliance Center, various regional and global standards and certifications, and customer and partner evidence efforts, the company continues to invest in governance and compliance features. It is only a matter of time before Microsoft closes the remaining governance and security gaps — either directly, or with the help of its partner ecosystem.

Of course, they need to stay on their toes – because the requirements and expectations of customers is always evolving. In fact, I would say that there is a fundamental shift underway in how organization approach collaboration. Whether building out an intranet, engaging with partners and customers through a formal extranet or consumer-based social networking platform, or even within the business platforms we use, such as CRM and ERP systems, the use of social tools to improve how we connect, communicate, and collaborate is on the rise. And you cannot ignore the rise of the mobile device — check out the latest whitepaper from my team at Beezy on this topic.

But while end users are quick to adopt these technologies, concerns over how these tools are monitored and managed can present a sizeable gap for compliance-minded organizations.

As companies increasingly look toward social technologies to improve the user experience within enterprise collaboration management (ECM) platforms, we need to not forgot one of the primary reasons we have these ECM platforms in the first place: their document-centric functionality, role-based security features, and their robust auditing and compliance capabilities.

Most organizations go to great lengths to ensure only the right people have access to certain content, and that the content adheres to sometimes very strict industry and regulatory standards. Unfortunately, the leading social tools do not always comply with these strong governance, reporting and compliance standards, and organizations must take steps (sometimes very manual steps) to mitigate any risks.

From a SharePoint social perspective, you still have the benefit of sitting behind the SharePoint security model. While there are some out-of-the-box metrics and reports, the best Microsoft can offer today for on prem SharePoint social customers is the ability to dig into the change logs and other social activities through the various content databases. And then there are those teams also using Yammer. For the most part, how you work across SharePoint and Yammer is incomplete within the current versions. This is a rapidly changing discussion — but the key is to be aware of your own security, compliance, and governance requirements, and understand (and mitigate) the risks inherent with social collaboration.

For now, your best defense is training, helping end users to understand the process and limitations of security within your chosen social collaboration toolset. Another option is to let the community police the social platforms. People tend to come up to speed very quickly, and correct each other when, for example, someone shares a secure document in Yammer that should be in a secure area within SharePoint, sharing a link rather than uploading content (which may also be duplicating the content).

Overall, many companies are finding that the value they receive through social collaboration is greater than the risks of working without some of the security and governance safeguards. Of course, one of the major advantages of working with a solution like Beezy is that we provide an extensive set of social collaboration capabilities — beyond what either SharePoint or Yammer can provide — all within the SharePoint framework, meaning that all of your SharePoint governance, compliance, and auditing controls and capabilities automatically apply to Beezy. Our solutions was built on SharePoint, for SharePoint — whether on prem, in the cloud, or somewhere in between.

If you are interested in more best practices around building a governance strategy for your social collaboration tools, you should check out the whitepaper I co-authored with Melinda Morales who is now over at 3Sharp, and who I will be presenting with on this topic a couple times this fall. The whitepaper covers three key areas in order to best apply social governance to your existing or new environment, and can help remove the stigma from the word “social” for your management teams. This guide will help you:

  • Understand the scope of social collaboration and the gaps that exist
  • Learn how to close those gaps when applying SharePoint governance policies and best practices
  • Learn the keys to success for creating a governance framework around social collaboration

Click here to download your free copy of this whitepaper. And watch for updates via Twitter and other social channels as Melinda and I begin promoting our sessions. Looking forward to talking about governance again, as this remains an important topic.

Christian Buckley

Christian is a Microsoft Regional Director and M365 Apps & Services MVP, and an award-winning product marketer and technology evangelist, based in Silicon Slopes (Lehi), Utah. He is the Director of North American Partner Management for leading ISV Rencore (, leads content strategy for TekkiGurus, and is an advisor for both revealit.TV and WellnessWits. He hosts the monthly #CollabTalk TweetJam, the weekly #CollabTalk Podcast, and the Microsoft 365 Ask-Me-Anything (#M365AMA) series.

2 Responses

  1. I think the combination of Microsoft security, compliance, and governance features will help shrink the gap — as will 3rd party tools. But technology can only take you so far, and over-reliance on technology will cause a lot of grief to companies that fail to monitor and adjust policies and end user behavior around their limited controls. Too many companies treat governance as a checklist, a one-time project, or as a dashboard activity. But as your business requirements shift, your employees and partners adapt, and as the technologies you use mature, you need to constantly review and optimize your governance policies and procedures. It is an ongoing effort.

  2. Clearly this is a conversation that many need to have in their companies. I just shared this on Twitter, so more people can start thinking about how they can use social collaboration tools without violating their governance policies. Do you think Microsoft will end up closing the governance and security gaps directly or with the help of its partner ecosystem?