First Timer’s Guide: How to Conduct a Compliant Migration

Tom Gawczynski, Director, Solution Engineering, AvePoint • Dec 08, 2020

 

This article originally appeared on AvePoint.

Every year more and more organisations are set to embark on a cloud migration journey. It can be a daunting process for those who’ve never made the move before, especially when it comes to keeping data safe throughout. Here’s advice on how to navigate the three core steps in a compliant migration: Assess, Move, and Verify.

Office 365 Applications.

Assess

The first step is to figure out what you have and who it belongs to. Visualising all of this can be helpful not only for you, but for the rest of your team and any third-parties as well. Consider plotting out answers to questions such as:


  • How old is the data?
  • What data do you want to bring?
  • Who are the primary data owners for the files you plan to migrate?
  • Are there policies within your organisation that say you’re only allowed to keep data for a certain amount of time (common in the healthcare and financial sectors)?


Being able to pull these layers apart and find the answers to each of these questions is key. Gone are the days of massive file shares where data sat untouched for years. If you have any such large datasets that need to be moved to the cloud, your best option is to go in and apply classification tags to every piece of content. This way, you’ll know which content is certified as good to go and what needs to be left behind or moved to another location.

Going in and scanning the content layer is critical to a compliant migration. Though it might take longer than “lifting and shifting” all of your content at once and evaluating it afterward, going file-by-file and seeing what content’s there at the outset is a much safer proposition.


Another thing to keep an eye on are permissions; are they inherited? If certain document libraries and subsites don’t inherit permissions from the parent libraries and sites, those are red flags. That means that that site acted as a private site to whatever Team it fell under.


If your VP of Marketing only has access to a subsite in a Marketing site collection, and she’s only sharing permissions with a Marketing manager, no one else sees that site or has access to it. So whenever they’re doing in that site needs to be kept separate from everyone else. Evaluating what permissions to carry over is a huge factor in protecting sensitive data.

Assess the Data

After you assess, it’s time to nail down your migration approach. Will you migrate by department or business unit? How much notice will you give employees? Do you have a designated Office 365 champion who’s rallying everyone to get excited about the move? The sooner you let your users know that the company is transitioning to the cloud and the sooner you can get your champion spreading the gospel of Office 365, the better.

Depending on the type of organisation you work for, a compliant migration might require that certain data be kept separate from the rest. This ultimately depends on the type of data you’re working with. Evaluate the following:


  • What’s inside of the files that you’re moving?
  • Who created them?
  • Where were they originally located?
  • How sensitive are they?


If you’re looking at an Intranet that’s public to all, it’s okay to keep public. What you have to keep an eye out for are the very particular areas where only certain individuals are working. It wouldn’t make sense, for instance, to move the conversations of C-level executives to a public SharePoint site; you’d want to keep that data siloed out.

So, during the move, it’s important to verify what the permissions look like across your organisation’s environments before the migration and what they’ll look like afterward. Be sure to verify, assess, and address what content is there.

Verfication

Finally, though it’s often underprioritised, you want to verify that all of your organisation’s content was moved and all of the permissions are intact. If you’re working with a third-party to migrate your data, all it takes is one file to be missing for the whole migration project to get called into question. People will begin casting doubt and asking questions like, “Was all of our content really moved over? What actually happened? Why are we missing files?”

Oftentimes, however, files aren’t missing; they’re simply part of the content that was designated to be left behind. Because of this, thorough reporting before and after your migration is essential. Some of our customers use Power BI dashboards to filter down through business levels, file owners, file age, and more. All of this information can be useful in determining if you need to keep something.


If keeping anything older than five years puts you at risk, for instance, it’s vital to outline that during the planning phase and take note of it so there’s no confusion afterward. If legal says certain data can’t move, it must be left (and documented as such). And by tracking everything through reporting, verifying who had access to sensitive data before and after the migration is a cinch.



Remember, your migration is setting the stage for what you’re going to do for the rest of your life in Office 365. This may very well be the last migration you do for a long time. It’s bad data in, bad data out. Instead of shoving everything into the cloud with a shrug and saying, “What’s the worst that could happen?” make time to prune your organisation’s data what you have and then move it. By setting standards around data lifecycle management, you’ll mitigate much of the risk we all want to avoid.

For more information on compliant migration, please get in touch!

Like this article? Follow us on LinkedIn , Twitter or Facebook for more updates.
Microsoft Calling Plans Vs Direct Routing

Microsoft Teams - Calling Plans VS Direct Routing

By Emily Wijeyesinghe, Marketing Executive 21 Apr, 2021
Microsoft Calling Plans Vs Direct Routing? We look at the advantages and disadvantages of both, and weigh up which solution would offer you a more flexible and cost-effective business telephony solution.
Shadowy hand hovering over a laptop.

What is Shadow IT?

By Emily Wijeyesinghe, Marketing Executive 30 Mar, 2021
Running an IT department is difficult. That much is obvious. Yet as technology continues to advance and businesses rely on more and more IT resources, the rise of shadow IT is becoming ever more common.
Cloud Centre of Excellence - Digital Transformation with the Cloud

Building a Cloud Centre of Excellence Model

By Fuad Uddin, Director, Altiatech 16 Mar, 2021
Having a Cloud Centre of Excellence team can help organisations embrace cloud technology on a larger scale. Helping them improve the changes in culture, governance, security and expenditure across the business.
What is Direct Routing with Microsoft Teams?.

Microsoft Teams Direct Routing - Improve Your Internal AND External Communication

By Emily Wijeyesinghe, Marketing Executive, Altiatech 02 Feb, 2021
Are you using Microsoft Teams to its full capability? Microsoft Teams with Direct Routing is an enterprise voice solution that offers a simple and cost-effective alternative to Microsoft Calling Plans.
Office 365 Backup Retention Policy.

Office 365 Backup Retention Policy: 3 Things You Need to Know!

By Spenser Bullock, Solution Engineer, AvePoint 24 Nov, 2020
Due to the issues of managing high data volume, ensuring data retention is critical for organisations. To make sure that there is organisational data retention, an Office 365 retention policy must be implemented to protect important information from being lost.
Multiple images of cloud data

7 Tips for Cloud Optimisation

By Emily Wijeyesinghe, Marketing Executive, Altiatech 17 Nov, 2020
Managing cloud costs can be overwhelming, but it doesn’t have to be that way! Discover our 7 tips on how to optimise the cloud to gain better control over your cloud environment.
What is OneDrive for Business, and Why Use It?

What is OneDrive for Business, and Why Use It?

By Hunter Willis, Product Marketing Manager, AvePoint 08 Nov, 2020
Want to know more about OneDrive for Business and why you should be using it? OneDrive for Business is separate from “OneDrive” as it has many more tie-ins to the enterprise features that Office 365 for Business or Enterprise brings to the table.
How to backup Microsoft Teams.

How to Backup Microsoft Teams

By Antoine Snow, Senior Solution Engineer, AvePoint 27 Oct, 2020
Are you using Microsoft Teams as your central hub for collaboration? Don’t wait to lose all your content, discover how you can protect your Microsoft Teams with a secure backup solution.
Cloud Intelligence.

Key Business Drivers for the Cloud

By Fuad Uddin, Operations Director, Altiatech 06 Oct, 2020
What are the key business drivers for moving to the cloud? Let's take a look at how cloud technology will improve business operations and planning, and why organisations should re-examine the case for adopting to the cloud.
Altiatech Approved G-Cloud 12 Supplier

Altiatech's Cloud Services Now Available On G-Cloud 12

By Emily Wijeyesinghe, Marketing Executive, Altiatech 28 Sep, 2020
Altiatech is an approved supplier on G-Cloud 12, offering public sector organisations a variety of competitively priced cloud-based solutions. We have partnered with leading service providers such as Microsoft to provide elite technology solutions, including virtual desktop, cloud telephony, software licencing and cloud deployment hosting.
Show More
Share by: