We have an offering at Mint Group USA called Smart Compliance- Information Management. It is an Outcome as a Service (OaaS) solution that we’ve implemented at quite a few customers over the past 3+ years together with our partner the IQ Business Group (IQBG). We bring the Microsoft prowess while IQBG brings their deep expertise in all things ‘Documents’ – print and digital. Smart Compliance is geared towards helping companies manage compliance with regulatory standards and internal policies while promoting high levels of productivity, efficiency, and a strong security posture. It’s a 360° approach to Microsoft 365.
Information Governance – The Unknown
Prior to joining Mint, I had worked with Microsoft Subscription Licenses for over 2 years, passed 4 separate exams including Licensing Solutions, and studied for both the Identity & Services and Mobility & Security exams. I attempted the former but missed by a few points. The exam and prep materials, even though they were meant to cover Information Management services, were heavily weighed towards Identity and Access Management. In my day-to-day interactions, my focus was also on those features and security. I scheduled numerous sessions with the Microsoft technical support team to help me understand Intune device and application management, how it worked with Active Directory and together with Defender for Endpoint and Microsoft Cloud App Security to monitor cloud activity across multiple clouds. It was quite fascinating. The one subject I left somewhat unexplored was Information Governance.
Azure and Smart Compliance
The Smart Compliance OaaS gave me an opportunity to revisit the topic and fill the gaps in knowledge. I finally understood the importance of approaching Microsoft Information Protection as one whole instead of focusing on its individual components: Azure Rights Management (Azure RMS), Data Loss Prevention (DLP), eDiscovery, and all the others. The elements work together, and jointly with their counterparts on the security and assess management side, to help companies achieve effective Information Management. Encryption alone via RMS is a tiny portion of an effective governance plan. Restricting external access to company data would help secure assets, but impede efficiency and collaboration. Collaboration would lead to compliance challenges. DLP without proper training of staff is only partially effective. Understanding the theory is one thing. Putting it into practice, however, is a different matter entirely.
When I tried to configure retention policies, seemingly easy things presented challenges. Basic questions surfaced: What documents would I label? What is a record? What does taxonomy mean? I turned to Jim Clements at IQBG. He went over the ECRM course materials he taught at the University of North Carolina and shared a wealth of relevant info. It all made sense now, but also made me realize that there’s more to Information Governance than simply sitting down and configuring policies. The same can be said for the security configurations, but even more so for information governance. This is a huge human factor involved. In one case, we had interviewed over 100 employees from various business units to understand needs, challenges, current work habits across multiple generations. We gathered and analyzed information to assess current practices, defined current and future requirements. Information was gathered, filtered, analyzed. It was truly a Service to the client and understanding customer’s needs was at its core. That is what the OaaS model is about, irrespective of industry.
In the case of our Smart Compliance OaaS, it is about a balanced and measured adoption of all things Microsoft 365, with the end-user in focus.
Over the past 3-4 years, we have interviewed thousands of people and have helped numerous customers implement solutions that increased employee productivity while maintaining high levels of compliance and a strong security posture; resulted in a higher quality of work product, retention of ‘institutional memory’ and less costly litigation discovery. I have finally connected the dots. Access & Identity, Endpoints, Information, Security, Productivity – you can use Microsoft services to manage each one individually. Working together in unison, however, they are akin to a well-conducted orchestra. Music comes alive.