Complexity Requires Governance

Not surprisingly, the number one area of concern identified by Microsoft 365 customers as they began planning for their move to the cloud continues to be security and compliance. Cloud security and compliance is an important topic across every industry and company size as increasing cost efficiencies and dramatically improved productivity drive organizations towards the cloud.

Growth Drives Complexity

As the marketplace matures, our systems are also becoming more complex. As our cloud efficiency grows, as end user productivity increases, and multiple cloud solutions weave their way into our environments, our need for an increased focus on change management and operational improvement also grows.

Photo by Tim Mossholder on Unsplash

Photo by Tim Mossholder on Unsplash

The better we understand and leverage the technology we have in place, the more value we deliver to our teams – requiring us to be thinking about additional ways that we can improve upon our business outputs. We live in a hyper-competitive world, and few companies will ever have the luxury of sitting still for very long. The competitive landscape does not stay idle: technology will continue to innovate, and your employees will not remain satisfied with the current slate of tools forever. Life is an escalator — it’s always moving up, or down. If you come to a stop, people will find their own path forward, with or without you.

Looking at the Microsoft 365 platform, with the core workloads of Exchange, SharePoint, OneDrive, and Teams, they include decades of on-premises history with robust and mature security, compliance and governance capabilities as standalone offerings. Customers around the world have come to rely on the on-premises versions of these tools, but they are quickly moving to the cloud, which requires a review – and possibly a re-thinking – of operational practices to ensure our environments remain secure, compliant, and well-governed.

While the Microsoft 365 platform inherits the robust and mature security, compliance and governance capabilities of its on-premises standalone predecessors, customers need to include a review their security, governance and compliance requirements as they migrate to Office 365 to ensure that requirements are being met and any gaps can be managed.

Having a Change Management Mindset

If moving to the cloud was not complex enough, our end users are leveraging more devices than ever before – some of them personal devices. Here’s the problem: How do we know if our systems are compliant if our end users are using whichever tools and whatever devices they want? Is there a documented governance model, are these policies and procedures being regularly reviewed, and how often are changes made to the model? Do these documents and processes reflect the current standards governing our systems, or were they antiquated and irrelevant as soon as they were published? How are changes and updates to policies and procedures identified, much less implemented?

Most documentation comes with an expiration date due to changing business requirements and shifting legal and regulatory constraints. The fact is that our operations are a living, breathing, ever-changing activity — and yet lessons learned through our day-to-day project experiences are seldom reflected in our documentation, causing new projects and teams to reinvent the wheel each time.

Beyond capturing corporate and system requirements, your operational management activities necessitate having strong governance and change management models. This is especially important if you have open policies about the tools and devices end users can adopt, as an increasing number of companies support.

Part of change management is having a clearly defined and communicated plan. With an overarching view of your systems and controls, your team will better understand and more quickly recognize where changes are necessary. Maintaining a blueprint of your operational management activities means that you can more proactively monitor and manage your business systems and the technology platforms you have come to rely upon.

Of course, compliance is easier when people can locate the policies — and they have a shared understanding of the overall governance and change management model. To be effective and successful, these operational activities must be an active and transparent part of the organization’s day-to-day management conversation and culture. People need to know where to go find the latest policies and procedures, but they must also see the impact of business change and have trust in the system.

Christian Buckley

Christian is a Microsoft Regional Director and M365 Apps & Services MVP, and an award-winning product marketer and technology evangelist, based in Silicon Slopes (Lehi), Utah. He is the Director of North American Partner Management for leading ISV Rencore (, leads content strategy for TekkiGurus, and is an advisor for both revealit.TV and WellnessWits. He hosts the monthly #CollabTalk TweetJam, the weekly #CollabTalk Podcast, and the Microsoft 365 Ask-Me-Anything (#M365AMA) series.