Moving to the cloud requires a new approach to governance. Consider these key points before creating your Office 365 governance plan.
SharePoint is a feature rich and technically complicated product. But it's also arguably the Microsoft server product that is most open to user customization. Allowing users to create their own business solutions on a complex platform might sound like a bad idea, but it can be a great way of letting users create SharePoint solutions without relying on overstretched IT departments.
One of the keys to allowing users to safely create their own SharePoint solutions is to create, communicate and maintain an effective governance plan. Our own SharePoint geek Benjamin Niaulin has created a series of blog posts detailing the real world steps needed to do this.
To summarize Benjamin’s posts, here are some crucial considerations:
- First, you need to understand what features the platform offers and what will change when the system is patched or upgraded.
- Next, you should understand how the system is being used, both in terms of how resources like storage and CPU cycles are being consumed as well as whether staff are actually using the systems as intended.
- Finally, it's vital that the system is kept secure by controlling who can modify security and by auditing how security is being managed.
When your SharePoint farm is on-premises, the majority of these factors are under the direct control of the organization’s IT team, but Office 365 is changing all this with SharePoint Online. Not only is there no hardware to maintain, but the cloud model is fundamentally different. Let’s see why!
Microsoft will constantly roll out new features
Office 365 is constantly improving, with new features being added on a monthly basis. These features can be accessed as soon as possible by activating First Release, or on Standard Release, which is the default mode that gives you at least 3 weeks to prepare for the new feature.
Theoretically, this is great news for organizations who want to access cool new functionality without having to patch a single server. But in reality, it can cause problems because the changes are generally not optional and they occur on Microsoft’s time scale, not your own.
Your SharePoint governance should be updated to reflect the fact that these changes are going to happen; you may not be able to control them but you can make sure that you're prepared for the impact of changes; the Office 365 Roadmap site will help you stay ahead of the game.
Growth of Office 365 environments
One of the biggest benefits of Office 365 is its elasticity—a term used to describe how the infrastructure can scale up or down easily to accommodate changing needs.
If you're running low on storage, you can simply buy some. If you’re done with a project, you can delete the user accounts that are no longer required so that you don’t pay for licenses you don’t need.
On the other hand, just because the infrastructure is cheap to upgrade, doesn’t mean that other aspects of growth are equally easy. For example, creating custom applications may be more difficult and expensive because of the new application development model required by Office 365.
Sooner or later the business will hear the hype from cloud vendors and expect IT to perform even greater miracles with the same budget. You should update your governance plan to reset expectations; be sure to acknowledge the fact that infrastructure capacity can be changed more quickly than before, but that other requests may still take as long or longer than before.
A new dimension to security
Office 365 governance introduces a new dimension to security by making it easy to share content with external users. External sharing is possible with on premises SharePoint, but it's considerably more difficult than in SharePoint Online which simply requires a few clicks on the configuration pages of the Office 365 tenant and then the site collection. Once enabled, users can invite any external user with a valid Microsoft account to access their content.
While this capability is extremely useful to users who need to share information with customers and suppliers, it's a significant change which may introduce new security threats, and SharePoint governance needs to be updated to reflect this. For more information you can check out our Definitive Guide to Office 365 External Sharing.
Reporting on a cloud infrastructure
Many of these features depend on the fact that the infrastructure is based on Microsoft’s Cloud and not On-Premises. However this comes with a drawback; you can't monitor the infrastructure in the way you could before. Nevertheless, it's important to report on system usage. You need to know whether users are taking advantage of new features, when resource usage is getting close to capacity and you need to stay in control of security customizations like external sharing.
SharePoint Online has many specific tools for monitoring and reporting but unfortunately they aren't all very detailed or easy to find and use. You can save a lot of time and frustration, not to mention avoid security or resourcing issues, by using an automated tool like Sharegate Apricot to monitor your environment and enforce the governance polices that you've set.
Office 365 and other cloud technologies are revolutionizing the way IT solutions are provided to businesses—so it makes sense that the way these services are governed needs to reflect that change.
We can’t rest easy with a static Office 365 governance plan when innovation is fast paced and new features constantly rewrite the rules; instead, we should begin to think of governance itself as a process that's constantly evolving to keep up with new capabilities and challenges within SharePoint Online and Office 365.