blog eDiscovery Ethical Wall Governance Security

Archiving data for US regulations while complying with GDPR

Archiving data for US

Financial institutions globally must comply with their local regulatory framework. In the European Union they must comply with the General Data Protection Regulation (GDPR), while companies in the US must adhere to the Financial Industry Regulatory Authority (FINRA) regulations.

The regulatory landscape poses a unique challenge for their archiving solutions of main vendors such as Global Relay and Smarsh. Being based in the United States, they are obligated to adhere to U.S. regulations requiring the archiving of all financial data. However, the GDPR prohibits non-European countries from accessing European data.

In this blog post, we’ll break down these difficulties and present AGAT’s effective solution to address the problem.

US vs. GDPR Data Archiving Requirements

In the United States, financial institutions have a responsibility to be transparent and accountable by saving electronic data. This ensures a reliable financial system that protects investors and follows regulations like those set by the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA)

At the same time, the General Data Protection Regulation (GDPR) created by the European Union (EU) aims to safeguard personal data. It focuses on privacy and security in our interconnected world. GDPR empowers individuals to control their personal information and sets strict rules for its use, storage, and sharing.

The Challenge of Archiving EU Data

Complying with the General Data Protection Regulation (GDPR) can pose complexities for these US vendors as it requires storing data exclusively within the EU or in jurisdictions that provide adequate data protection levels.

A significant development was the invalidation of the EU/US Privacy Shield by the Court of Justice of the European Union (CJEU) in the Facebook Ireland v Schrems (Schrems II) case. This highlighted the divergence in data protection approaches between the US and the EU, potentially exposing EU personal data to inadequate protection due to potential US government access.

The problem is generated when companies that have both American and European branches, like banks, investment funds or insurance companies, archive their data on popular platforms like Smarsh or Global Relay.

The nature of these companies being located in the US and thus, allowing non-european agents to have access to EU based sensitive data, signifies a violation of the GDPR data-privacy laws.

 The Solution: AGAT SphereShield’s Archive and eDiscovery for Microsoft Teams

AGAT offers a unique solution that surpasses the limitations of US vendors by providing an on-premise approach. 

With AGAT’s Archive and eDiscovery, data can be archived on local servers or VPS, which means that all the PII or other sensitive information stays within the borders of the GDPR jurisdiction.

As a result, European financial institutions or US companies with EU branches can achieve compliance with both US regulations and GDPR while maintaining full control over the data transfer process.

What is more, AGAT’s eDiscovery has the unique functions to search by both written and oral conversations through multiple parameters like participants, channels, text, dates and more.


AGAT Software Ediscovery

AGAT’s eDiscovery can be fully integrated with their DLP functionalities to avoid sensitive data being sent by text, files or even oral conversations


While many traditional archiving solutions fall short when addressing the needs of US companies having EU presence, AGAT steps in bringing an all encompassing on-premise solution that avoids the hefty fines of GDPR breaches.

Contact Us today to see how our innovative solution can streamline your data archiving process and ensure compliance with both US regulations and GDPR requirements.

blog Ethical Wall Governance Microsoft Teams Security

The Future of Information Barriers: Emerging Technologies and Trends

The Future of Information Barriers Emerging Technologies and Trends

As the world continues to rapidly advance technologically, the way we handle information is evolving at an unprecedented pace. With the rise of digitalization and data-driven processes, safeguarding sensitive information from unauthorized access and misuse is becoming more critical than ever. In this blog, we will explore the future of information barriers and how emerging technologies and trends are shaping the landscape of data security.

Blockchain and Immutable Data Protection:

Blockchain technology is more commonly associated with cryptocurrencies, but its potential extends far beyond that. In the realm of data security, blockchain offers a revolutionary approach to protect sensitive information. By using a decentralized and tamper-resistant ledger, blockchain ensures data integrity and prevents unauthorized alterations. This technology could lead to a future where data breaches become significantly more challenging, as hackers would need to compromise an entire network of nodes instead of a single centralized server.

Quantum Cryptography and Unbreakable Encryption:

With the advent of quantum computing on the horizon, traditional encryption methods face the risk of becoming vulnerable to quantum attacks. However, quantum cryptography, based on the principles of quantum mechanics, presents a promising solution. This technology leverages the inherent properties of quantum particles to create unbreakable encryption keys. As quantum cryptography matures, it may become a staple in securing sensitive data against future computational threats.

Artificial Intelligence (AI) for Enhanced Data Monitoring:

AI and machine learning are already playing a significant role in cybersecurity. In the future, AI-powered systems will likely take on an even more prominent role in monitoring and enforcing information barriers. AI can analyze vast amounts of data to detect anomalies, flag suspicious activities, and adapt to new threats in real-time. These smart systems will work alongside human administrators to create a more proactive and robust defense against data breaches.

Zero Trust Architecture:

The traditional perimeter-based security model is no longer sufficient in today’s dynamic and remote work environments. The concept of zero trust architecture assumes that no user or device should be inherently trusted, regardless of their location or authentication. Instead, it emphasizes continuous verification and authentication of users, devices, and applications before granting access to sensitive data. This approach minimizes the risk of unauthorized access, especially in scenarios where employees access data from various devices and networks.

Homomorphic Encryption for Secure Data Processing:

Homomorphic encryption allows data to be processed without the need for decryption, ensuring data privacy throughout its lifecycle. This breakthrough technology enables secure data sharing and analysis, even with third-party entities, while maintaining data confidentiality. As homomorphic encryption becomes more practical and efficient, it will enable collaboration on sensitive data across industries without compromising privacy.

Privacy-Preserving Technologies:

Emerging privacy-preserving technologies, such as differential privacy and federated learning, aim to strike a balance between data utility and privacy. These techniques allow organizations to glean insights from large datasets while keeping individual data points anonymized. By preserving privacy, companies can share valuable data without exposing sensitive information.

The future of information barriers is being shaped by emerging technologies and trends that offer unprecedented levels of data security and privacy. Blockchain’s immutable ledger, quantum cryptography’s unbreakable encryption, AI-driven monitoring systems, and the zero trust architecture are just a few examples of the transformative potential these innovations hold.

As technology evolves, so do cyber threats, and it is essential for organizations to stay proactive in implementing robust data security measures. Embracing these emerging technologies, understanding their capabilities, and adapting them to specific use cases will be crucial in safeguarding sensitive information and maintaining the trust of customers, partners, and stakeholders in the digital age. As we move forward, a holistic approach to data protection will be necessary, encompassing not just the technology but also the processes, policies, and people involved in handling valuable information.

Do not hesitate to give your compliance capabilities a boost. Contact us and our team will show you a short demo of AGAT Information Barriers solution.

Governance Microsoft Teams

Meeting and Messaging Policies in Microsoft Teams – Available and missing features

In this guide, we are going to practically go step-by-step in order to create and manage meeting policies and messaging policies in Microsoft Teams.

We are also going to give tips on how to perform advanced governance actions such as permitting guest access, block joining anonymously to meetings and more.

First of all, this only works for users who have admin privileges in the Microsoft Teams Tenants.

Meeting Policies

Meeting policies are a series of different configurations in meetings that allow or block certain users from features or from performing specific actions.

How to Create a new Policy

1- Log into Microsoft Teams admin center

2- in the left menu, select  Meetings –>  Meeting Policies

7wx2913Sjq4Yv7wOmMFBjLQ VzluMXTNKr073bMWYAp7QLxlHqgpdFvtGvxcf 2CCmbO5 X2tVzVb0W1ls0qHuegjbMfAJ97NPdloNVuKj5Ocg G tgNTWLfytycFvBDe4T6hZYB

3-To add a new policy click in “+ Add”

What features does Microsoft Teams Meeting Policies allow to manipulate?

There are multiple options to select for meeting policies, we are going to mention the most relevant ones compliance-wise and then bring all of them.

Most relevant options:

Enable/Disable during Meetings:

  • Audio
  • Video
  • Transcription (look at our blog on Microsoft Teams Transcript)
  • Cloud Recording
  • Screen sharing (also lets select between entire screen/single application)
  • Give or Request controls for an internal user/external user
  • Chat in Meetings
  • Meeting Reactions
  • Private/Channel meeting scheduling

General options

  • Set Expiration time for meetings cloud recordings
  • Allow storing recordings outside of your country or region
  • Select which video filters are allowed: No Filter – Background blur Only – Background blur and default images – All filters
  • Let anonymous people start a meeting
  • Set which people are automatically admitted

Here is the entire list of configurations for meeting policies in Microsoft Teams

Vpmc4hwQ7Zt19z VEgR4U4c1TvalTSAgF2

How to Save, edit and assign meeting policies

Once you create a policy, save it by clicking “Save” at the bottom of the page

qC fIJ1kjms92m76ygYbYT7zVALvBJ8Fkk6DE TC4cayBR5JzdI7PQw16j5A9hAud UIgLcY6w 15ZQWHVAWHTeerV39y5YM1qSsy xZpToX Ieo7pv31XgDNrb4i4KcKoX0l4HK

Then policies should appear in the policy lists


By selecting it you can edit, duplicate it or delete it clicking in the menu on top

T 14 0pSkGxykddTYn2kuLm9gvuXlhTuB27quQC2s ly5NdiIfj

Assign Meeting Policy to specific Users

To assign it to specific people you can click in “Manage Users”

Add as many users as wanted like in this example

YG6FsvInUQfuekGUVNKBwrx ik3ssJohElZeWk8PQVrMvyNZ2jiOWxonrIH9LUZT9pwwWDInqjxVQ55eiH65WMSyh6hxM97uNHvQL QD5FRND3AoXq9jkf9WuM HtL4XaX1deloN

Applying policies to groups

You can assign a policy to a group by selecting “group policy assignment”


Then select to add a new group


Select a group by searching and the policy you just created

5o 3k8Ffx0Q6s6oxjNXNBWPrb f6yahzSFi3qgNURF67UOQ7xvCr2rS4CUAfF2lUf5HVDAUnYWMSp Es 5WhSbBkC0wfPrrmdASw708Aifx8Z6vJjAsT X7 nv eyoOxZnlmq AQ

By clicking “Apply” you will see it in the results

vqmcjN4JP1HfJIyQP4MvJMyn8RCWIUIV11vL80c6Od5is1CP2k0sq8jung0HNmBjCAzegqaPuZTFiZyWNbqIBO bReUArwgi5XbUVGE8ykBUonJQv4vjR6y Da54KPbeLr36HMJt

Policies that are missing in Microsoft Teams

Advanced governance policies in MS Teams – How to enforce recordings and more

So until now we discussed all the options that are native to Microsoft Teams. The question arises when companies need to take a step further and decide on issues like

  • Enforce recordings on all meetings
  • Users/Groups allowed to create teams/channels
  • Users/Groups allowed to  add Guest to Team
  • Permitting Guest Access to other tenants
  • Block the users to join anonymously to meetings

The good news is that these options and more are available using AGAT SphereShield Governance for MS Teams

Here is the list of features available:

Creation and Ownership

  • Users|AD Groups allowed to create Teams
  • Users|AD Groups allowed to create Channels
  • Users|AD Groups allowed to be Team owners

Adding users

  • Users|AD Groups allowed to add users to Teams
  • Users|AD Groups allowed to add Guests to Team

File Uploading

  • Allow files to be uploaded to MS Teams | One Drive | SharePoint*
  • Users|AD Groups allowed to upload files to MS Teams | One Drive | SharePoint* 

Access control

  • Permit Guest Access to Other Tenants**
  • Block joining anonymously to meetings**


  • Enforce recording on all meetings

Here is a screenshot

JV5WXhqCbVRIBegQyvEwkBUXCp5zVZKDgkzaXT1SmiCae y2hViBY Sym2VLwwYlQbnn5ZoqEObgkJtFkZ 67XW2A7zHRJrll6QKvOPZ9EVZ1dDy6ezXsIs78RdM7V5yEZe4M9gf

To get a Free demo of SphereShield Governance for MS Teams Contact Us today. Our sales team will contact you with all the information you need to know.