National Defense Agency makes quick return to remote work Governmental agencies can be seen as slow to adopt new processes, but when the COVID-19 pandemic hit, this foreign defense agency needed to make a quick shift to remote working for both civilian and non-civilian employees while maintaining a high level of readiness. They urgently rolled out Microsoft 365 to enable remote work and communication for approximately 60,000 of their approximately 150,000 employees. However, they quickly discovered that while the implementation made remote work possible, it also hindered staff efficiency and output. This expedited rollout did not allow for the time needed to fully implement comprehensive security and compliance controls, which in turn, severely limited the types of information staff could be allowed to access, store and use within their Microsoft 365 environment. Topics IT Management, Applications and Transformation Risk Management and Regulatory Compliance Leaders realized that, to eventually move forward into a post pandemic world, they would have to adopt new ways to work and support the predicted changes of a world defined by the “new normal.” That realization led them to seek out and define new capabilities, such as empowering remote workers, while also deploying the necessary tools and services to support a new Bring Your Own Device (BYOD) policy for employees. Short on both time and expertise, the agency engaged Protiviti to help leverage the Microsoft 365 E5 product suite to ensure they meet the organization’s information compliance requirements. Tight security needs and lack of standardization limited remote work This complex organization is made up of more than 20 different segments, each with its own level of autonomy and individual information and business needs. While the speedy rollout of Microsoft 365 enabled its staff to work remotely, the agency lacked a unified approach to managing information and applying security measures across all its segments, and thus restricted widescale and deep adoption of Microsoft 365 tools such as SharePoint Online and the use of Teams in Microsoft Teams. Many staff members were still using legacy systems and were not able to access their information without using a device on the organization’s network. Those with access to Microsoft Teams were not using it to manage and collaborate on official documents. Employees using Microsoft 365 did not have access to the bulk of the information required for their jobs — including creating, sharing, storing, and accessing official documents. Government standards allowed only transitory information to be stored within the environment, hindering employees’ ability to work from a remote device or their personal devices. In a post-pandemic landscape, empowering staff to be able to use secure and modern tools, including their personal equipment or mobile devices to access information and participate in meetings, would be critical to the agency’s ability to continue their essential work to support the nation’s citizens. Leveraging Microsoft to meet high demands for security and standardization The agency knew it wanted to leverage Microsoft 365 tools such as SharePoint Online and Microsoft Teams as their formal information repository, which would act as a source of truth and house the bulk of their information. This way, they would be able to efficiently implement apply information management requirements and have oversight of proper use and disposal of all data inside the environment. To achieve this, they needed to implement sufficient security controls and information management capabilities to allow sensitive, secure information in their Microsoft 365 environment and support a BYOD policy for employees. To secure the Microsoft 365 environment and data, Protiviti used features found in the Microsoft Purview compliance portal. Information management controls such as retention labels and sensitivity labels automatically applied information and security classification to files, enabling the agency to use and manage protected information inside of Microsoft 365. With the appropriate Sensitivity classifications in place, the agency was able to restrict access to more sensitive information based on where the information was stored, and how it was being accessed. A More Secure and Effective Remote Work Solution By implementing an enterprise process to provide a comprehensive solution for collaboration, communication, and as an authoritative information repository for the organization’s content, the client can now align enterprise information standards across the organization, greatly increasing their ability to work and communicate effectively. Streamlining their solution and using Microsoft 365 features not only improves their efficiency and access to information, but also allows them to exponentially increase the total percentage of information that will be managed effectively, with proficient oversight. Prior to this project, the agency used separate tools for collaboration and for storing official records and resources of business value, resulting in repositories containing only what individuals placed in them as part of their records management procedures. Moving to Microsoft 365 empowers them to store most of their information in one place, without the need to manage and move additional copies, as they will be able to apply concepts such as retention, disposition, eDiscovery and information security classification at a far wider scope. The agency’s project team recognized that using Microsoft 365 reduces risk at the enterprise level — including reputational and legal risk — by providing an effective system to enforcing the organization’s retention and disposition schedule according to the government’s requirements. By streamlining all information management onto one platform, following a data migration, the agency can remove legacy third-party systems to save on licensing costs and reduce the manual effort staff spend working between different systems. With a total of up to 150,000 employees relying on this system, including a segment of staff members operating strictly on BYOD policies, the impact of improving efficiency and workflow in one streamlined solution cannot be understated. Looking to the future The impact of this project extends beyond empowering the agency’s staff to deliver secure and compliant information management capabilities with secured and remote modern work capabilities. With this solution, Protiviti has helped the client successfully present to the government’s technology and solution governance and authorization board to be granted initial approval for the use of Microsoft 365 and an official Electronic Document and Records Management System (EDRMS). This endorsement allowed the agency to move forward and implement Microsoft 365 as an EDRMS, opening the door to other agencies within the same government to begin adoption of more Microsoft 365 enterprise features, while driving innovation and modernizing their information and records management practices. By implementing an enterprise process to provide a comprehensive solution for collaboration, communication, and as an authoritative information repository for the organization’s content, the client can now align enterprise information standards across the organization, greatly increasing their ability to work and communicate effectively.