Orchestrating Data Holdings
(Sponsored Article)
Harmonising data risk management in collaboration platforms
Collaboration platforms, such as Microsoft 365 (M365) or Google Workspace, have now taken centre stage across corporate Australia. These versatile tools are what we describe as emerging or evolving data sources that facilitate seamless collaboration and data management, regardless of location. However, their widespread adoption has led to significant data volume increases for organisations. When improperly configured they can increase the potential for adverse events, such as insider threat activity, unintended data exposure, cyber breaches, or increased harm from regulatory investigation.
In this article, we outline the proactive and future-proofing steps you can apply to your emerging data sources. By applying a harmonised, risk-assessed approach when adopting, implementing, configuring and using collaboration platforms with a sense of orchestration and precision, it can dramatically enhance their value while minimising risks and impacts of adverse events.
Anyone can bang a key on a piano, but it takes training, practice, and expertise to make beautiful music. The same goes for technology: anyone can use it, however, to truly orchestrate its features effectively, you need the right training and expertise. But striking the wrong notes, inadvertently or deliberately, can create a rather unpleasant cacophony for an organisation.
Since the advent of computers, technology has inherently carried the potential for positive and negative uses. Exacerbated by the dawn of the internet and amplified by the proliferation of personal mobile devices, it is illuminated today in corporate Australia with the adoption of collaboration platforms.
Corporates perform in an environment of rapid technological and legislative change. Leaders and operational teams are expected to quickly assess and adopt emerging and evolving technologies, including collaboration tools and generative AI solutions.
During a live poll at the 2024 GRMF, we learnt that the majority of the audience felt improvements could be made to the maturity of their data holdings.

The poll also revealed emerging data – such as M365’s Teams and SharePoint – is a growing data risk area for organisations. The spiralling nature of this new data has become a priority for corporates and represents a turning point and opportunity for improved information governance. Due to cheap online storage, additional functionality, and data accessibility advantages, M365 and other emerging data platforms are often used as a target platform for dusty data sources such as old file shares (e.g. traditional network drives).

Here we outline how you can:
- reduce risks of technology misuse in collaboration platforms, using M365 as our example
- identify and remediate non-conformities that could lead to an adverse event, investigation or dispute.
Proactive measures to safeguard against M365 misuse
Audit Logs
Tracks user activities, including logins, file accesses, and download events. These logs can be invaluable during investigations to understand who did what and when. You should ensure audit logs are enabled and retained for a suitable period.
Access Control
You can strategically employ a “need-to-know” access paradigm. This involves implementing permissions and restrictions to limit users’ access to the information and resources necessary for their roles or tasks, and restricting users from allowing third party access to SharePoint data.
Data Retention
Retention policies and labels can be configured to retain and dispose of corporate data aligned with a legally approved retention schedule, and applied to different content, such as emails, documents and chats, ensuring consistent data management across the organisation. Retention labels allow administrators to specify how long certain types of data should be retained and necessary action when the retention period expires.
Data Loss Prevention (DLP)
Helps prevent sensitive information from being shared or leaked, inadvertently or intentionally, with unauthorised people. You can configure these policies to enforce compliance regulations and protect sensitive corporate data.
Insider Risk Management (IRM)
Enables the detection, investigation, and resolution of adverse events, including using machine learning analytics across audit logs to identify troubling patterns for high-impact individuals (e.g. leavers).
Data Classification
Known as ‘Sensitivity Labels’, they enable compliance, monitoring, and enforcement, and equip legal IP teams with evidence to demonstrate content was clearly labelled as commercially sensitive prior to any issue.
Future Proofing with AI Adoption
With increasing interest in AI solutions, corporates are under pressure to quickly adapt and adopt. M365 offers Copilot with generative AI features that returns data available to the model. If access controls are absent or lacking, highly confidential material may be returned to standard user accounts, and if data quality is poor, AI response relevancy will also be poor.
M365 offers invaluable features to prevent or reduce the harm of investigations and disputes
By using features noted above, you can more successfully manage and mitigate risks associated with ongoing custody of commercially sensitive and personal information and be better prepared during an investigation, dispute, or data breach incident.
Discover how you can tackle the data risks of M365 in our full guide here, including expert tips from FTI Consulting’s digital and risk specialists.
About FTI Consulting
Information Governance, Privacy & Security at FTI Consulting
We enhance governance, improve regulatory-readiness and reduce risk while increasing the value of enterprise data.
fticonsulting.com/Australia
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals. FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm. FTI Consulting is an independent global business advisory firm dedicated to helping organisations manage change, mitigate risk and resolve disputes: financial, legal, operational, political & regulatory, reputational and transactional. FTI Consulting professionals, located in all major business centres throughout the world, work closely with clients to anticipate, illuminate and overcome complex business challenges and opportunities. © 2024 FTI Consulting, Inc. All rights reserved.fticonsulting.com

