Many organizations can trace their business continuity during the COVID-19 pandemic to a rapid deployment of unified communication (UC) and collaboration platforms. While UC platforms like Microsoft Teams and Slack have saved numerous businesses, IT, security, and compliance departments are now encountering many of the challenges that early adopting enterprises have been addressing for the last several years. One of the many dangers lurking in the mist: sprawl.
Traditionally when we talk about sprawl, we’re referring to the proliferation of content. In the context of UC, however, we’re talking about workspace sprawl in addition to content sprawl. This “double-up” phenomenon owes its thanks to the architecture of Microsoft Teams and is especially impactful due to Teams’ deep integrations across Microsoft 365 and Azure Active Directory (AD). For instance, every Microsoft Teams workspace created simultaneously generates a content repository in SharePoint under the covers. So, when there’s workspace sprawl, there will also be content sprawl.
While we typically consider sprawl a risk, there is always a balance to strike between security and productivity. Some companies may choose to ignore sprawl rather than regulate it, as hard and fast governance in this area can have a negative impact on employee productivity. That said, as sprawl grows, so does the risk. This is where many enterprises find themselves today.
In this blog, we’ll look at why Microsoft Teams sprawl occurs, some of the biggest risks of sprawl, and strategies for mitigation.
Why Do Enterprises Experience Microsoft Teams Sprawl?
There is rarely a single root cause for sprawl in a collaboration environment. Some companies may only need to address one of these issues, while others may have several challenges to contend with. Ultimately, most sprawl issues boil down to a lack of teams lifecycle management.
Primarily, there is a lack of governance for when new teams should be created. Without clearly defined policies, guidance, and enforcement in this area, it’s all too easy for end users to create too many workspaces.
It can also be difficult for end users to discover the workspaces that already exist. IT may have educated users on how to check for teams that will meet their needs before creating a new one. But without standardized naming conventions, descriptions, or an easy to navigate directory, users may struggle to determine the intended purpose of each team and ultimately create redundancies.
Finally, a lack of governance for when existing workspaces should be closed can lead to an abundance of teams. Many workspaces are created for one-off projects and otherwise do not need to exist indefinitely. Unfortunately, most end users don’t naturally delete a workspace that they’re no longer using. In fact, most teams that are prime for deletion are “out of sight, out of mind” for end users, and will continue to exist long into the future without regular auditing from IT.
What are the Biggest Security Risks of Sprawl?
Lack of data control is one of the largest areas of security risk when it comes to Microsoft Teams sprawl. This can be broken down into three main areas:
- Data Loss: This refers to data that is no longer accessible to the company. One of the biggest potential issues here is losing access to key intellectual property. Some organizations should also be concerned about meeting their regulatory requirements for data retention.
- Data Leakage: This refers to data that is exposed outside of the company’s control. One key area for concern is data that makes its way into the hands of competitors. For example, according to a survey by Osterman Research, 49% of respondents actually logged into ex-employer accounts after leaving the company.
- Data Confidentiality: This refers to data that should only be accessible by some of the company’s employees. Examples include company financial data or data that falls under legal regulations like HIPAA.
Another area of risk is administration, as the ease of UC platform administration for IT can be negatively affected by workspace sprawl. The more teams that exist, the harder it is to manage all of them effectively and efficiently . . . and it’s more likely that issues will slip through the cracks.
This is also true for managers who might be responsible for approving or moderating new Teams. There is a maximum threshold of Teams that IT or a manager can actively monitor. An understanding of your monitoring and moderation policies should inform the number of teams that you allow your users to create.
In this same vein, there is also a chance of hitting caps on the number of workspaces the company is allowed to have under your collaboration platform contract. While this isn’t very likely for small to mid-size businesses, this is a real possibility for large global enterprises.
In addition to security risks and negative impacts on IT administration, workspace sprawl can reduce end-user productivity. The goal of Microsoft Teams and other UC and collaboration platforms is to streamline and improve communication across the company while empowering employees to complete their work as easily and efficiently as possible. However, if end users can’t find the teams they need, or must constantly create new ones, collaboration platforms will hinder employees’ ability to do their jobs. A library can have the most extensive collection imaginable but provide no value to its patrons if the information isn’t organized and discoverable.
IT Strategies to Mitigate Microsoft Teams Sprawl
Now that we recognize the risks of Microsoft Teams sprawl, we must strike a balance between allowing collaboration and governing our collaboration solution. There are many strategies to mitigate workspace sprawl, and some are more draconian than others. The key is to efficiently manage the team lifecycle in a way that does not overly inhibit end-user productivity.
Managing Workspace Sprawl Through IT Administration
Business Engagement: It is crucial for IT to understand how the rest of the business uses Microsoft Teams. By engaging with different departments to understand their needs upfront, IT can create workspace templates to meet those needs and build specific policies to support business critical collaboration scenarios.
The importance of business engagement while developing your governance and lifecycle management strategies can’t be overstated. End users are a wile bunch and will find a way to complete their tasks efficiently, whether or not their solution is sanctioned by IT. Securing intellectual property and compliance with data regulations should be joined by offering tailored and effective business solutions in the list of goals for collaboration governance.
Naming Conventions: By creating rules for how workspaces should be named, end users can more easily find existing teams that fit their needs while making it easier for IT to monitor and manage workspaces across the entire enterprise. Naming conventions can include a prefix or suffix to denote the sensitivity level of the workspace, department names, or regional locations for global teams. Naming conventions should not just apply to Microsoft Teams — they should stay consistent across all UC and collaboration platforms for ease of use for both end users and IT admins.
Identity Governance: This is especially important to ensure that guest access is well governed and monitored. First, consider configuring allow–lists and deny–lists in AzureAD. These are some of the most basic policies for guest access and allow IT to specify which guest domains should and should not be given access to company workspaces.
The second type of policy is guest attestation and expiration via Access Reviews in AzureAD. As Microsoft Teams increasingly becomes the hub of business communications, more and more vendors and clients are invited to join workspaces to communicate about short-term projects rather than using email. Although this can have positive implications for productivity, it creates a security risk if those guests are allowed to stay on indefinitely. A policy and process to review guests on a periodic basis should be put in place to ensure security.
Lifecycle Management: Perhaps the most important way to thwart workspace sprawl is team lifecycle management. This is not simply one policy that can be put in place, but rather an entire set of interwoven policies. There are three key areas that should be addressed by team lifecycle management: when a new workspace should be created, how workspaces should be used, and when a workspace should be closed.
One way to implement team lifecycle management is through a Team Creation Wizard, a feature found in some third-party specialty management tools. A team creation wizard can incorporate policies like naming conventions, guest access control, and workspace expiration as well as an approval workflow for each new team. By employing this type of wizard, the IT team can enable end users to create new workspaces on their own while reducing sprawl and ensuring security.
Connect with a Consultant
Don’t let information security concerns keep you up at night. Work with us to take the necessary steps to secure your workplace collaboration platform with our Security Rightrack offering.
Empowering End Users to Combat Workspace Sprawl
IT administration is a crucial element of mitigating sprawl, but at the end of the day it’s end users who create the majority of teams. Because of this, it is imperative to educate end users on how to combat sprawl.
The first step is educating end users on when new teams should be created. Many employees may not intuitively know that sprawl is an issue — or the scale of the issue when it comes to enterprises. Clear guidelines should be created that include how to check for preexisting teams, how to use workspace naming conventions, and guest access policies. Additionally, IT should share information on when it is and is not acceptable to create or request a new team. These recommendations are most successful when the recommendations are catered to the needs of individual business units.
Secondly, a “one and done” approach will not solve the sprawl issue. From current employees simply forgetting the importance of mitigating sprawl to new hires that may bring bad habits with them, employee empowerment must be ongoing. Incorporating workspace and content sprawl education into annual security training and UC champion programs ensures that both company veterans and new employees have the same understanding of company policies in this area.
Security and Governance Tools to Mitigate Microsoft Teams Sprawl
As UC and collaboration platforms continue to advance, so too do their native security and governance tools. That said, most companies find the out of the box tools lacking. Many IT admins find the out of the box tools of Microsoft Teams too inflexible to be practical:
- Approval Process for New Teams: Microsoft Teams does not offer a built-in approval process for new workspaces, so end users can create new teams whenever they wish.
- Guest Access and Workspace Naming Convention Policies: Although Microsoft Teams does offer policies for guest access and naming conventions, these policies are organization wide and cannot be adapted to different business cases or regionally for global enterprises.
- Workspace Expiration Policies: While workspace expiration policies do exist in Microsoft Teams, they are based on a vague “usage” metric that IT cannot define for their own enterprise.
Although Microsoft Teams has a long way to go when it comes to native governance, new third-party security and governance tools can help IT mitigate sprawl and ensure the security of their company’s data. According to the recent Nemertes Research report Enterprise and Customer Engagement Management, 49% of companies surveyed said they need workspace policy management and 43% said they need guest access policies to effectively manage communications.
One benefit of third-party tools is the ability to monitor and manage all your company’s UC and collaboration platforms in one place. By using a third-party tool, IT can seamlessly the enact the same policies across Microsoft Teams, Slack, Zoom, and more.
Our PowerSuite™ software includes flexible policies to manage workspace and content sprawl, including guest access, naming conventions, workspace classification, and expiration.
If you’re not sure if a third-party tool is right for you, we also offer our Collaboration Security and Governance RightTrack™. Our expert consultants will help you model your enterprise’s collaboration interactions and risk levels as well as establish governance policies.