While demonstrating Microsoft’s intranet, I often surprise customers when I disclose that Microsoft hasn’t migrated 100% of SharePoint content to Office 365. With some content, our ALM process for specific sites keeps us on-premise (surprise – we use some full-trust code). In other cases, we want more control for specific “high business impact” content than a multi-tenant environment would allow. The MSIT position is evolving as new capabilities light up that help manage risk and our views on information change. We plan to allow high business impact content into SharePoint online by the end of this calendar year. In this blog post, I’m going to talk through that evolution — I think it provides useful lens for others trying to decide how to approach security, control, and agility in the cloud.
Content Classification and Protection
Since MOSS, Microsoft has adopted a simple but effective classification scheme for content. In principal, we recognize our responsibility to maintain the privacy of our customers as well as the importance of controlling disclosure about the products and services we are working on. In practice, we created three broad categories and provided guidance on how to store and share content:
Doc: Securing Business Information
These types of policies help organizations to limit surface area of potential disclosure. In Office 365, we’ve invested in pillars of privacy, security and control. In a large part, these capabilities help control who can access content and how content can be shared. For example, via ADFS I’ve seen deployments that can only be accessed by users on corpnet. Likewise RMS integration can encrypt content that is shared with external users; limiting what external users can do with the content. New innovations like Windows Azure Multifactor Authentication provides OOB two factor authentication for Office 365. The story is good and is getting better.
YouTube: Demo of Windows Azure Multifactor Authentication
The Changing Nature of Content
I think the improving security story explains why MSIT approved SharePoint Online for HBI content. Additional policy changes, reflects a more fundamental shift. For example, MSIT now allows our users to share content externally via SkyDrive Pro or Yammer.
Adam Pisoni does an amazing job presenting the case. For a while, a Nexus of Forces has driven change within organizations. Fundamentally, existing organizational systems cannot keep up — resulting in peculiarities like the Deloitte Shift Index (productivity is increasing while return on assets is declining). We’re working harder and getting less out of it.
Organizations are responding by embracing change through decentralization, autonomy, and transparency. In a world where disruptions happen once or twice a decade; the value of information maximizes through rapid information dissemination.
As result, I actively advocate for organizations to work out loud.
Filed under: Microsoft, SharePoint, Yammer Tagged: governance, IT Pro
