It’s been four weeks since the United Kingdom went into lockdown.
Since then, most people will have adjusted to what is a “new normal” way of working. For some this will have been a challenge, with the preference to work from the office still being felt acutely. For others it will have been a revelation, showing what life is like without the grind of the daily commute and proving that any job which can be done on a computer truly can be done anywhere there is an internet connection.
This appears to ring true, based on the support we have been providing to customers. For the first days after lockdown, the priority for our engineers was to help get our customers set up to work productively in their home environment. Four weeks later, we see that the breadth of issues we are being asked to assist with is more in keeping with what we experienced before the lockdown, revealing that the problems people encounter when working from home are actually very similar to those they experience when working from the office.
Nevertheless, now that the initial rush to get everyone ready for home working has passed, it’s time to look to other ICT matters which need to be considered, such as the increased importance of cyber security and information governance.
We have already issued guidance which asks that you maintain or even strengthen your cyber security protocols during these times because opportunistic cyber-criminals are ramping up their efforts to attack systems and steal data. Last week we reminded you of the importance of backing up your Office 365 environment. Our Blue Rock cyber defence consultancy business has also published a blog with some cyber security tips, which you can read here.
Today, however, the questions we are asking you to consider are:
What is the flow of information across your business, now that you are working remotely?
Do your new ways of working affect how your data is being stored and shared?
Are you making sure this data is best protected against loss?
You’re collaborating online, but where is your data being stored?
As you can see in the infographic below, one of the most significant changes during this period of lockdown has been the steep rise in videoconferencing and collaboration tools such as Microsoft Teams, Zoom and WebEx.
With all of this online collaborative ability, however, comes concerns about the flow of company information and whether or not sharing content in this way is secure and complies with data protection regulations.
Whilst all of the above platforms cause us to ask the same questions, let’s use MS Teams as an example to illustrate the issue we’re talking about.
So, if you’re currently using Teams and you’re wondering where exactly your data and content is being stored, you might be surprised to learn that the not so easy answer is, “uh, well, it all depends”.
Actually, your MS Teams data and content will be stored in different locations, depending on the content type.
What about your files saved in your Teams libraries? They’re stored in SharePoint.
Files shared in a 1-2-1 chat? They’re stored in OneDrive for Business.
Transcripts of the conversations themselves? They’re stored in your Exchange Group mailbox.
By way of a handy summary, the following infographic from Microsoft, shows you where your Teams data is stored.
If you’re concerned about the sovereignty of your data when using Teams, Microsoft states that Teams currently offers data residency in the United Kingdom for new tenants only. A new tenant is defined as “any tenant that hasn’t has a single user from the tenant sign in to Teams”. Existing tenants in the United Kingdom will have their data stored in the EMEA region.
So, if your business is a first time user of Teams, it is likely that your data will indeed be residing in the UK. However, you should still check to be sure. To quickly see which region houses the data for your tenancy, Microsoft instructs you to go to the Microsoft 365 admin center > Settings > Organization profile and then scroll down to Data location.
More information on this topic is here: https://docs.microsoft.com/en-us/microsoftteams/location-of-data-in-teams
In any case, no matter what online collaboration solution you choose, you should check that your usage of it and the whereabouts of the content stored on it does not contravene any legal, risk or compliance regulations that your business must adhere to.
But what about your data which is stored elsewhere – and where is elsewhere?
By now, your people will likely either be connecting to your network by one of two means. This could be a VPN solution such as Microsoft AlwaysOn VPN, or Cisco AnyConnect. Or else it could be a server based computing solution such as Citrix XenApp or Microsoft Remote Desktop Services. Either method allows for files to be saved directly to your cloud or on-premise servers but this relies on your people strictly adhering to this practice.
One thing we know is that people tend to prefer the simplest of solutions, so chances are that a proportion of working files are not being stored on your servers currently. So, where are they?
Naturally, those files are being stored on computer desktops and local hard drives. That is why we also recommend backing up endpoints, so that any working files stored locally are sent to your preferred data centre for storage and therefore they can also be recovered in the event of an accident or disaster.
How we can help
Thankfully there are ways and means we can help you to protect your data, regardless of whether it is being stored inside your preferred collaboration solution or outside. For instance, we can assist by helping you apply well thought out retention policies to your Teams environment or by backing up your content using third party solutions such as our Viia bespoke private cloud platform.
What we also advocate is implementing new information governance protocols across your organisation so that you may formalise procedures and processes which control how/what information can be shared/stored, thus ensuring compliance with data protection regulations and minimising the risk of data loss.
Our Blue Rock consultancy business is engaged in this type of activity currently, where we actively work with clients so that there is consistent and proper handling of data across their organisation. This is achieved by setting up processes, empowering people with knowledge and using technology to help make adherence to processes easier.
Talk to us about your data protection concerns
If you are concerned about data protection while your people work from home, you can also send an e-mail to us at email@example.com and we will be delighted to discuss with you the different ways in which we can help.
If you are interested in Blue Rock’s information governance consultancy services, feel free to contact Blue Rock’s Managing Director Lorraine Mills: firstname.lastname@example.org