Data Security and Archiving for Microsoft Teams

Since the start of the COVID-19 pandemic, millions of employees have been working from home offices and other remote locations. That has created a need to collaborate online, putting the use of Microsoft Teams on par with Outlook, Word and the rest of the MS 365 suite of office productivity tools.

In fact, since November 2019, the number of Teams users exploded by 625%, from 20 million to 145 million as of April 2021.[1] But as users have flocked to the world’s most popular collaboration platform,[2] the limitations of its native archiving and data protection capabilities have given pause to compliance officers, legal departments and IT security professionals.

This is clearly reflected in Mimecast’s 2021 State of Email Security report. More than two-thirds (70%) of survey respondents expressed concerns about safeguarding and archiving the often privileged business conversations that take place through collaboration tools like Teams.

Secure Collaboration Tools

Elsewhere, security and compliance professionals cite risks such as the growing volume of chats, documents and other data records exchanged by employees using MS Teams, all of which have become a prime target for cybercriminals. Corporate legal officers, meanwhile, worry that some of these records will be omitted from their e-discovery searches.

Teams generates a wide variety of content, only some of which is captured by its own search and archiving capabilities. Examples of content types that are overlooked include:

• Recordings of meetings and calls
• Edits to Teams chat and channel messages
• Emojis and graphical chat reactions, such as heart symbols and thumbs-up signs
• Meeting and task entries in Microsoft Planner
• Drawings, annotations and text shared with Microsoft Whiteboard
• Screen-sharing and other webcam interactions

To capture this content and compensate for other shortcomings in MS 365’s security and archiving features, a growing number of companies that rely on Teams are turning to third-party solutions. In a recent survey of IT decision-makers from midsize and large companies conducted by Osterman Research, nearly half of the 142 respondents (47%) agreed that third-party security and archiving solutions offer greater assurances than the data protection tools included with Teams, according to Archiving and Data Protection with Microsoft Teams. The percentage who favored third-party tools was even higher (52%) among those respondents who are currently archiving Teams content.

Breaking this down further, Osterman survey respondents were asked about their top reasons for managing Teams content with a third-party solution. Among those they rated as very or extremely important were:

• Gaining the ability to search across multiple collaboration platforms and content stores without first having to migrate the data to a central data repository (54%)
• Having the ability to capture the full range of data types used by MS Teams (54%)
• Mitigating concerns that planned enhancements to Teams could increase the risk of failing to comply with regulatory requirements (51%)
• Simplifying the process of data retention across a wide range of data sources (50%)
• Accelerating the process of data deletion across a wide range of data sources (49%)
• Obtaining the ability to place targeted legal holds on content that resides on multiple platforms (49%)
• Acquiring a better and more complete tool set for monitoring workflow, sampling data and managing security-related risk factors (43%)

As stated in the Osterman report: “Third-party archiving solutions are more likely to offer a unified approach to policy definition and enforcement that works across multiple data types from various products, services and solutions. Fewer policies that cover a broader remit of data types can be created and managed under such an approach, decreasing the likelihood that important data types are inadvertently missed by falling between an intended space in multiple different policies.”

The report concludes that managing and protecting the content generated by Teams — as well as that of other collaboration tools that may be used along with it — is critical for every organization facing regulatory, legal and data security challenges.   

The Bottom Line

While the archiving and data management tools that come with Microsoft Teams provide some degree of protection, most organizations need a more robust set of data security features. Third-party solutions can provide those features, allaying the risk of a corporate data breach and ensuring that companies are prepared to meet all their legal and regulatory requirements.

[1] “Archiving and Data Protection with Microsoft Teams,” Osterman Research

[2] “Top 10 Collaboration Software Vendors, Market Size and Market Forecast 2019-2024,” Apps Run the World