Tale of two organisations using OneDrive for Business for secure collaboration | SoMW Podcast S01E08
In Today’s episode, will look into not one but two business case studies, where both these organisations are using OneDrive for Business as part of their secure Modern Work journey.
This is a must-listen episode if you are planning to use OneDrive for Business as the mainstream cloud storage platform.
Case Study 1 – Lotus F1 Team
In the first case study, we will look into how Lotus F1 Racing Team is using OneDrive for Business as their secure mobile collaboration channel.
Lotus F1 Team based in the United Kingdom uses the activity reporting, data loss prevention (DLP), and mobile device management (MDM) features of Microsoft Office 365 and OneDrive for Business, part of Office 365, to more safely collaborate on proprietary documents from headquarters, the track, or the garage.
Before embarking on the Modern Work journey, Lotus F1 Racing Team is facing issues like,
- Issue #1 – Employee were creating too many versions of the same file – oh this a classic issue with lots of organisations I come across. Where every user creates their own version of the file with improper file naming conventions and passes them around using email attachments. This causes a headache in tracking a single source of truth. In my community circles, the phrase ‘Single Source of Truth’ is like the holy grail! Anyway that is a topic of another day.
- Issue #2 – Propagation of data silos due to lack of support for external sharing. Several team members at headquarters have their own file shares, which other on-site employees access using mapped drives. But because external users can only access the file shares by logging on through VPN, employees often download copies of files to work on when away from headquarters, which presents security, versioning, and backup issues.
- Issue #3 – Due to Strict Security Policies, Information Sharing is hindered.
To solve these issues, Lotus F1 Racing has deployed OneDrive for Business governed by custom Data Loss Policies to all their employees.
Now Instead of sending copies of documents as attachments, many employees can now right-click on a file in OneDrive for Business and select the name of the person they’d like to share the document with. By using Microsoft Outlook connected to Office 365, users can include a document by choosing files from OneDrive for Business. The resulting “attachment” is presented as a link to the file, automatically permissioned so the recipient can either view the file, edit it, or both. Users can change these permissions directly from the message.
IT can apply DLP policies for Microsoft SharePoint Online, Exchange Online, and OneDrive for Business from the Office 365 compliance centre and prevent unmanaged machines from syncing. For example, the team defined a list of domains in OneDrive for Business from which client synchronization requests are allowed. Any such requests originating from devices that aren’t domain-joined or aren’t members of the allowed domains are automatically blocked.
With activity reporting in Office 365, the team can track who is downloading or sharing—or trying to share—files, and with whom. The IT team can audit all user and administrator actions, including who views, edits, and deletes content, and set limits on folder-sharing and document-forwarding permissions.
Lotus F1 Team can now more securely share documents from any managed device from anywhere team members are working. The solution’s document-sharing controls, event auditing, and information and governance reporting features help the team better protect sensitive data.
Case Study 2 – Microsoft IT
Now let’s look at another business case study.
In this case study, we will look into how Microsoft is using OneDrive for Business internally to drive Modern Work. Thanks to the Microsoft IT who shares their experiences of using their own cloud services as part of the Microsoft IT Showcase series. If you haven’t checked them out, I highly encourage you to have a look and follow the new technical case studies.
The technical case study on how Microsoft has increased productivity and asset protection using OneDrive for Business is very detailed and covers a lot of interesting topics. We won’t discuss the entire case study as it was slightly technical. However, we will look into the guidance on how Security of work files in OneDrive for Business is managed. Security is one of the main reasons that many organisations point raise when we deal with moving work files to the cloud. Let look at how Microsoft is dealing with this and learn from their experience.
Microsoft IT administrators create policies and configuration standards to securely use OneDrive for Business in the corporate environment and enforce business rules. At a high level, here are some of the ways Microsoft does it:
- Scan for sensitive data. Use data loss prevention (DLP) policies to constantly scan OneDrive for Business files and folders for sensitive data.
Data Loss Prevention is one of those areas which is not used extensively yet with organisations I come across. If you are thinking about OneDrive for Business, DLP should be part of your plan from day 1.
- Prevent unintended data sharing. Use Windows Information Protection, to differentiate between personal and business information. Windows Information Protection encrypts company data and helps to prevent inadvertent data sharing.
- Default settings protect work. Treat any file that is created on a work device as a work product.
- Efficiently analyze events. Configure Windows Event Forwarding to automatically transfer data audit events detected by Windows Information Protection to a storage location used by the Digital Security and Risk Engineering Teams.
- Safeguarded de-provisioning. Standardized and strengthened the way files are managed when an employee departs Microsoft, granting managers permission for a specific time period before files are deleted.
Office 365 OneDrive for Business Admin has the capability to manage the number of days the user files are kept for all deactivated user accounts.
Along with the Security, this case study touches on various other important areas such as:
- Change Management
- Synchronization Issues
- Supporting Multi-Geo tenant architecture
If you are an IT pro dealing with the deployment of OneDrive for Business in your organisation, I highly recommend you to check out the case studies below.