Microsoft Teams vs email in a Compliance and Security view

In the last 12 Month Microsoft Teams is in focus with topics like data privacy, Compliance, Encryption and Retention. Before these times the email and an email server is the main communication tool in combination with different messenger like WhatsApp, Telegram or Signal and video conference tools like WebEx. But if the modern work with Microsoft Teams is important, we don´t have to forget the good old email communication.

Email is legacy communication

Our Email communication is legacy today, everyone on this world has an email adress. Ok not everyone more an more has only a telephone number for their Messenger Account, but statistics said email is legacy. You can reach the most people on this planet with an email.

Legacy isn´t bad! It´s important for todays sensible and compliante communication.

A deeper look

Microsoft teams with its chats, teams with channels differ in many points from the classic email. The following content is taken from a 100 page report and strategy paper I wrote this year. It was about compliant communication and whether services like Microsoft Teams can be used as legacy tools.

E-MailTeams
Access Managementlow
(Team architecture automatically allows external and internal members to work together freely)
high / good selection depending on application
Archiving and storage in terms of the GobD/X
Retention/X
(easier / completely possible / much easier to enforce international and German rules. Much more tools on the market)
Storage in the sense of the German laws/X
(many 3rd party tools with appropriate certification and permission)
Sending invoices and business correspondenceno recommendationrecommendation
Dispatch of contractsno recommendationrecommendation
Sending draft contracts (just look, not print)/ (must be added manually / labeling)X (via SharePoint sharing link directly from the message)
Encryption of the individual message(individually not possible)X (various models up to the DE Mail)
E2EE (end-to-end encryption) no (no roadmap)Yes (different solutions/ default ones)
Exchange of own keys for E2EE between serversno (no roadmap)Yes (different solutions/ default ones)
Extraction of a message for compliance purposesno (no roadmap)X
Mark messages as private
(e.g. for permitted or tolerated private use)
not possibleyes, possible
Data protection assessmentcritical
(Regulatory authorities see the application critically or not applicable)
X
( Usually without problems applicable and this after h.M. data protection-conformal )
Supervisory authorities (data protection)critical
(Regulatory authorities see the application critically or not applicable)
no to few problems
unproblematic
OnPremisesNo (not on the Backlog/Roadmap)Yes
Spam ProxyNoYes
ProxyNo (only a few 3rd Party)Yes
Monitoring of MessangesYes, E5 like Communication ComplianceYes
default
Extraktion of Messages/
(eDiscovery)
X (all / APIs)
Working CouncilCriticalno / only a few issues

Comments on compliance and security

If you have been dealing with Microsoft teams for several years now, and all the longer with emails in a business and enterprise context, then I always come to the conclusion that Microsoft teams are the wrong communication tool. Microsoft teams simply have a lot of catching up to do in the area of compliance and security. Therefore it is often even more important today not to write off the email yet and to see it as a valid communication tool for some usecases. A multi-tool strategy stands out here.

Currently, email should be preferred to Microsoft Teams for sensitive and business sensitive communication. If the Email is encrypted (Proxy or PGP / S/MIME/protection template), Retention Polcies and attachmend encrpytion / sharing link to a secure storage and Backup is configurated.

Sometimes the Teams SharePoint storage can be more secure. This is the situation, when you sent email without encryption and with attachments and this is often a typical situation. In this situation it´s better, when you create a team invite the external and share the files and message into a Team.

Microsoft teams vs. email for works councils

This topic occupies me more and more, because even works councils prefer to rely on email than Microsoft teams. Here they know their way around and know what to do. They can exchange ideas with a great many works council members and know what to set up to protect their own colleagues. It’s just a system with few functions, which is now firmly integrated into everyday life and is part of every works agreement. Likewise, the email and the email server, if it is not operated by a US hoster, is little or not at all in the focus of the works councils and above all not in the public eye.

Of course, this does not mean that the email servers are all secure and have been approved by the works councils as part of their co-determination. Therefore also here the admonition to the work councils look at it the email.

Beitrag erstellt 73

Verwandte Beiträge

Beginne damit, deinen Suchbegriff oben einzugeben und drücke Enter für die Suche. Drücke ESC, um abzubrechen.

Zurück nach oben