OneDrive for Business: The Convenience Trap

When it comes to getting all of your employees’ files into the “cloud” you can't beat OneDrive. Its included with each enterprise Microsoft 365 license and it's ready to go. Even without training most employees can find their way there and start uploading their documents into it.

Unfortunately, unless a company creates policies for how OneDrive is to be used it quickly becomes each employees “kitchen junk drawer” where they store anything and everything and “share” this information without oversight.  When this happens, the risks to the organization normally include:

• Data Integrity.  OneDrive doesn't have the same versioning, archiving and retention capabilities as SharePoint. Storing company documents in OneDrive can lead to issues with document integrity, data recovery and the inability to respond to eDiscovery requests in a timely manner. The lack of retention rules cause an organization to fail to meet data retention requirements which could subject the company to legal, regulatory or industry specific compliance violations.

• Data Sovereignty. One drive stores its data in data centers in specific geographic locations. If an organization's data is regulated by laws that require the data to be stored in a specific country, OneDrive may put them at risk of noncompliance.

• Data Privacy. Unregulated use of OneDrive may lead to confidential or sensitive information being shared by unauthorized individuals. This can result in noncompliance with regulations like The General Data Protection Regulation or HIPAA.

Aside from the legal implications of employees using OneDrive to store company documents there are the operational considerations.  As employees’ OneDrive’s become loaded with more and more uncoordinated files, company operational efficiencies will necessarily decline. It will take longer and longer to find what you're looking for, documents will be needlessly recreated, or worse, the wrong version will be used in daily procedures.

A Simple Fix

The good news is that it's easy to quickly correct this situation. Since we can't add SharePoint versioning, retention, and archiving capabilities to OneDrive libraries we simply need to add employee libraries to their SharePoint department site.  The manager of each Department Site simply needs to create a unique SharePoint document library dedicated to, and named after, each of their department employees.  The permission for each library is set to admit only the employee and the employees manager.  Ideally, these libraries would be standardized utilizing a template that adds three or four metadata fields and retention labels that would dramatically support document “findability” and compliance, but that's a topic for a different blog.

Once the libraries are created employees are instructed to move their OneDrive business documents into their new departmental, personal, SharePoint library.

The Result

Now that the documents reside in SharePoint libraries the issues listed above can be easily addressed.

• Collaboration and teamwork are enhanced. SharePoint libraries are designed for collaborative work allowing multiple users to work on the same documents simultaneously.  The default version control settings will save every previous version of each document so that valuable content is ever lost.

• Managerial oversight has been achieved. A manager can now directly access each of their employees’ libraries without having to work through the IT department.

• SharePoint search can now index and offer the documents in these libraries to the individuals that have the correct permissions.

What to do with OneDrive?

Many large organizations simply instruct their employees that OneDrive only to be used for non-work related documents. It’s ideal for that.