Gone are the days when collaborating at work meant either blocking time off in the conference room, sending a quick chat to your coworker, or posting a file on your agency’s intranet or extranet. Today, collaboration for the federal government is on-the-go, with a mix of employees collaborating cross-country or often from home; and while solutions like Microsoft 365, driven by the adoption of Microsoft Teams, aim to interconnect employees, the path towards security is less clearly defined.
As the leader of your agency’s IT initiatives, what do you need to do to ensure the same level of security for your data as when the information was clearly protected through physical security and air-gapped networks? And what do you need to consider with any of your cloud service providers (CSPs) to keep the mission moving forward?
Below are four areas to consider when building your blueprints for a new secure collaborative approach.
1. FedRAMP Authorized Cloud Service Providers
Whether you’re a federal or state agency or a local municipality, you should care if your cloud solutions are FedRAMP Authorized. This is especially true if you are a Microsoft 365 GCC or GCC-High customer.
When you select a cloud service provider (CSP) that’s FedRAMP Authorized you can confidently leverage their solutions knowing they went through a rigorous process to ensure a secure platform, from the code to their 3rd party add-ins and supply chain to their physical security and personnel. AvePoint received its FedRAMP (moderate) Authorization in April 2021. To learn more about our authorization read our press release.
2. Confidentiality of Information Access and Disclosure
While collaboration solutions have made it feel more organic to work within or out of the office, ensuring the right people are accessing and sharing appropriately has become a challenge. Consider that many agencies are bringing previously disparate divisions together into a central tenant while still requiring different levels of security and capabilities after realizing that running one tenant with multiple needs can be a nightmare.
As the IT Leader, you need a solution that will support the deployment of different information governance policies. From access controls to provisioning and lifecycle management, supporting the unique needs of each division that utilizes your tenant is a must. Recently, our Chief Product Officer, John Peluso, hosted a webinar on securing an agency’s collaboration. The on-demand recording can be found here.
3. Integrity Against Modification or Destruction
Government employees want to successfully meet their mission, but they are also prone to accidentally oversharing, deleting, or modifying key data. This puts your agency at risk to fail compliance checks with federal mandates for privacy, security, or records management (i.e. HIPAA, ITAR, CMMC, or NARA) or local laws, such as the City of Port St. Lucie compliance with Florida’s “Sunshine State laws.”
IT’s job is to provide an environment that automates the security and integrity of your content while enabling users with access to the tools they need and avoiding lengthy waits for manual management and lifecycle processes. It is also important to guide your users down the right path, not only with training and education, but by providing mission-focused use cases and examples throughout the solution, reinforcing how and why users should use them instead of going off on their own.
4. Keeping Integrity of Information Within a Flexible Environment
Ultimately, your employees will not use the tools you provide if they offer more roadblocks than solutions. Your IT department must balance controls and security with collaboration and flexibility, and to do this you’ll either need the headcount to support the manual processes or a means to automate these processes into predefined workflows.
Note that to “keep your data in an environment you can protect” means not only finding this balance but also providing a means to identify any exceptions to the process over time. Management of these collaboration solutions is not a one-time job but requires ongoing planning and change. Recently our Chief Product Officer, John Peluso, sat down with Federal News Network to discuss how to transition to the Microsoft Cloud.
Join AvePoint’s Microsoft 365 Government Call
Check out our monthly live LinkedIn series Microsoft 365 Government Call where we partner with industry and government experts to discuss the tools and techniques available to ensure your modern collaboration environment is designed to protect your data and enable your employees. You can subscribe to view past events and stay up-to-date with future events and join us live for our monthly broadcasts.