Category: Ethical Wall

In this article, we will talk about deploying Information Barriers for Microsoft Teams to control employees’ ability to communicate with colleagues and external users. 

Table of contents

1. Information Barriers and complying with regulations 
2. Information Barriers in Microsoft Teams. Features available and limitations
3. AGAT’s Ethical Wall solution

1- Information Barriers and complying with regulations 

The concept of ‘Ethical Walls’ was conceived for financial services firms to block the exchange of confidential information between departments or individuals. Back then, firms relied on policies, restricted access, and physical separation on-premise to maintain them. 

Today, it is critical for businesses to understand how they can establish those same barriers virtually in communication platforms, so they can prevent data loss and comply with regulations. Negligence can be reduced with the right policies to proactively restrict and monitor employee activities for unethical or risky behaviors. This is important to comply with legal and commercial rules that are constantly changing and becoming more complex.

Regulations such as Europe’s MiFID or the USA’s FINRA state that financial services organizations must have Ethical Walls in place to restrict communications between people with conflicts of interest. Although it started as a common practice in the financial services sector, the concept of Ethical Walls also exists in other areas such as call centers, journalism, law, insurance, and computer science.

2- Information Barriers in Microsoft Teams. Features available and limitations.

In Microsoft Teams, Microsoft’s Information Barriers can determine and prevent the following kinds of unauthorized collaborations:

•  Adding a user to a team or channel
•  User access to team or channel content
•  User access to 1:1 and group chats
•  User access to meetings
•  Prevents lookups and discovery, and users won’t be visible in the people picker.

These options may be considered a good start for deploying Ethical Walls but it’s important to point out two issues. First, they’re only available with expensive licenses like Microsoft 365 E5/A5/G5, and second, they have many limitations, including a lack of flexibility to control internal and external communications.

It is true that you can create complete blocks between internal groups, however, often companies want to block specific types of communication in particular scenarios, such as file sharing or screen sharing between certain groups. Microsoft’s Information Barriers don’t adapt well to the different needs of organizations to control communications on this level.

With Microsoft, you also have control over which external domains can communicate with users from your company but it still allows users from these external domains to schedule meetings with your users. 

In addition, Microsoft’s Information Barriers policies don’t work for federated users: If you allow federation with external organizations, the users of those organizations will be able to communicate without any restrictions. This means if users of your organization join a chat or meeting organized by external federated users, then IB policies also won’t restrict communication between users of your organization.

Not allowing flexible control over which internal groups should be able to communicate with specific external domains is a major issue in Microsoft’s native offering. Currently, it’s all or nothing. If one group wants to communicate with an external domain you either federate with that domain completely or not at all. 

3- AGAT’s Ethical Wall solution

AGAT’s Ethical Wall makes it easy to control who can contact whom, allowing for the adjustment of collaboration policies to meet any specific needs a company might have. These rules can be applied not only for internal users and groups but for external communications too. 

Let’s see a case scenario:

You have set an Information Barriers policy in your company to prevent two groups from communicating with each other due to the conflict of interests that exists between their functions.

Two users, Martin and James, are each from a group that is restricted from communicating with the other. With Microsoft Teams, the information barrier works well internally, but if they’re both invited to a meeting hosted externally the wall between them falls, and they are able to join together and communicate. The same limitation would apply to a chat that was initiated externally. 

That’s a big compliance gap, like seeing these two employees that can’t exchange information inside your company walking to an office in another building to talk, and not doing anything about it. 

Sphereshield’s Ethical Wall can block restricted groups from joining a meeting hosted externally or a chat initiated externally. With this solution, they won’t be able to search for each other or join meetings together.

AGAT’s SphereShield offers complete granular control over policies. You can block actions like voice calls, file transferring, chat, video, and screen sharing as a whole or to different groups individually. Different rules can be applied to specific participant types: employees, externals, or guests. The policies can also be set to be reciprocal, so neither part can contact the other, or be one-sided.

SphereShield’s Ethical Wall for Microsoft Teams covers chat, meetings, teams, and channels. With AGAT the policy setting is more precise and controls are easy to handle within a simple and intuitive web interface.

Contact us and get a free trial of AGAT’s SphereShield Ethical Wall

In this article, we will talk about the best ways to address important security and compliance issues with SaaS products, and review some solutions available within plans like Microsoft E5 or E3.

Table of contents

1. The paradox of reducing cost while maintaining high compliance and security standards
2. The range of solutions within Microsoft licenses E3 and E5
3. Is the Microsoft E5 license really worth the money?
4. Alternatives to a Microsoft E5 License
5. AGAT’s SphereShield for compliance

1- The paradox of reducing costs while maintaining high compliance and security standards

It’s 2022 and the global scenario is one of economic uncertainty. Companies are starting to pull back on developments while others look for ways into reducing operational costs before starting to lay off employees.

While the global stagflation keeps on developing, many chiefs of compliance, security, and technology officers are facing the same question: How is it possible to reduce the overall SAAS spending while not sacrificing any security or compliance requirements?

On one hand, it’s impossible to get rid of essential paid services such as corporate emails, servers, cybersecurity, collaboration software, and the like. But on the other hand, there is a tremendous risk associated with the idea of replacing functioning solutions developed by well-known vendors with home-made not-so-effective patches.

2- The range of solutions within Microsoft licenses E3 and E5  

Microsoft 365 is the market leader in SaaS, offering a complete suite of business productivity tools for easier communication and collaboration. We know that Microsoft 365 includes Windows OS and the whole Office product line in its subscription, also allowing the use of diverse cloud-based services for business environments, such as hosted Exchange Server, Skype for Business, MS Teams and SharePoint, among others.

With a good price/value ratio, the E3 license is one of the most popular options between small to mid-sized organizations. But Microsoft E3 offers only limited solutions around identity and access management, threat protection and information protection, and it lacks compliance solutions.

Then there’s Microsoft E5, a more than significant step-up from Microsoft 365 E3 that includes important security features such as, Identity Management, Cloud App security, Auto Labeling for sensitive content, etc., as well as it can address some compliance requirements. But this plan also includes other functionalities like Power BI and Teams Phone that add up to the price unnecessarily for companies if they won’t use them.

3- Is the Microsoft E5 license really worth the money?

The difference between the features provided by E3 and E5 is clearly reflected in the monthly subscriptions price jump of $21. Taking a look at their published prices, if a company with 500 employees decides to contract E3 it would incur an annual cost of 216,000.00 USD, and that price ascends to 342,000.00 for the Microsoft E5 plan.

But the bottom line is, getting access to the newest compliance and data governance technology developments by Microsoft demands high-end licenses. The Microsoft 365 Enterprise packages E3 and E5 are aimed at organizations that need more information protection and compliance capabilities.

Microsoft also offers separate plans for security and compliance that can be added to an E3 license. There’s the Microsoft 365 E5 Security add-on (formerly Identity & Threat Protection) priced at $12/user/month, and the Microsoft 365 E5 Compliance add-on, also priced at $12/user/month, both requiring annual commitments.

It’s not necessary to dive into the details of the solutions provided by each of those add-ons knowing that, by adding the two of them to an E3 plan, the total price ends up paired to E5. So if your organization is interested in both the security and the compliance solutions by Microsoft it’s still preferable to purchase the complete E5 bundle.

I know what you’re thinking, is it possible to purchase the E5 security and compliance add-ons for a cheaper license than E3? No, Microsoft makes these packages available only for E3-level subscriptions. Smaller companies with plans like Business Premium (limited to 300 hundred users) don’t get the option of incorporating Microsoft’s wider compliance and security features.

For the case of Office 365 (the subscriptions without Windows and EMS) the conclusion remains the same, an Office 365 E5 license will give you a better bundle than adding security and compliance separately to Office 365 E3.

4- Alternatives to a Microsoft E5 License

Ultimately, decision makers should know that it’s not impossible to drop down and optimize SaaS software licensing if certain features aren’t essential for their organization’s particular needs. More so, many users choose to turn to third party providers for alternatives to some of Microsoft’s native capabilities.

It’s also important to address that organizations with specific needs, like the ones in tightly regulated sectors or those subject to data protection legislation need to secure their environments with the right technology to manage and protect sensitive data, and even though the E5 license offers a good complete set of security and risk mitigation features it’s not necessarily the only way, or the most effective, to address your compliance needs.

In past articles, we have taken a look into the limitations that the native capabilities of products such as Microsoft Teams have when it comes to compliance. You may find that important functionalities, for example the ones regarding Information Barriers, are very limited with a Microsoft E5 license and not available in E3.

5- AGAT’s SphereShield for compliance

With costs that represent only 10% of a Microsoft E5 license, AGAT’s SphereShield offers a complete compliance set of solutions that can be integrated to Microsoft Teams, expanding some crucial functionalities.

Among its most important characteristics there’s the inclusion of an advanced information barriers solution: SphereShield’s Ethical Wall, that allows extra control over guest user capabilities, granular control over specific operations, incident auditing for compliance awareness, and more.

We have addressed before how Microsoft’s DLP solution is only near-real time, and the risks involved in that kind of reactive approach. AGAT’s SphereShield DLP engine offers real-time inspection of content and context-aware policies for data loss prevention, identifying and blocking sensitive data before it reaches the end user.

AGAT has also developed features that extend Microsoft Teams’ governance capabilities for better control over user permissions and preventing information leakage. SphereShield also offers eDiscovery, advanced search capabilities that can be implemented online or on-site.

Finally, the whole range of compliance solutions developed by AGAT can be licensed separately, allowing companies to further tailor their subscription plans to meet their exact needs.

We encourage you to contact us to get a free trial of AGAT’s SphereShield