Our client, an experienced technical and business services organisation, had an ongoing Cyber Security Programme to improve their overall security posture.
They wanted to make the move from traditional IT provisioning to a secure digital environment that met the increasing demands of the business.
To achieve this, they enlisted specialist support from ThirdSpace, not just around potential security solutions, but also with the end-user adoption of new technology.
This case study focuses on the introduction of Azure Information Protection document classification to the client’s global workforce to protect and govern sensitive information.
As part of the client’s day-to-day activities, colleagues regularly create more than 50,000 Office documents and PDFs per week, many of which contain information that is confidential in nature.
As the organisation digitally transformed, with document access and collaboration becoming more commonplace, the organisation was faced with a challenge around how it protected this sensitive information. It also needed to improve how it governed these documents and gain visibility of how information was being shared and stored.
The client recognised that in order to protect the information shared inside Office documents and PDFs, it needed to provide the ability for colleagues to uniformly and consistently label and classify documents. As well as provide the means to identify, report and track where sensitive information was being created, stored, or distributed.
“Without an easy-to-use tool in place, the process was at risk of becoming too cumbersome, which would, in turn, impact user adoption.”
The client’s journey towards a more robust document classification approach started with the publication of a Document Classification and Labelling Policy and Procedure in 2018.
This policy was an important first step in ensuring a certification aligned classification schema.
However, without an easy-to-use tool in place, the process was at risk of becoming too cumbersome, which would, in turn, impact user adoption.
An even more important task was to ensure that colleagues understood how to classify documents appropriately, and how to manage, store and share documents of differing levels of sensitivity.
Like many forward-thinking organisations undergoing a digital transformation, the client’s users had already experienced some significant changes to working behaviour in recent years.
As a result, the client was mindful of the impact further change and ‘change fatigue’ might have across its diverse workforce.
“Employee feedback was clear: they were fed-up of changes that ‘land without warning’ and unnecessary e-mail updates that fail to explain the benefit behind the change and their role in making it happen."
The challenge handed to ThirdSpace was to: “Help assess the chosen solution to meet our business document classification needs, please our end-users and help us to land it successfully.”
Ensure your new technology is properly adopted and utilised by your staff. Download this e-Guide to gain:
Our client had previously worked with ThirdSpace on several technology solutions and they valued the depth of technical expertise we brought to their projects.
On hearing that ThirdSpace had developed an Adoption and Change consultancy capability, alongside our more established technical consulting services, the Document Classification project proved a great opportunity to work with a single partner.
The client engaged ThirdSpace to bring together the technical solution design AND take a people-focused approach to the implementation and adoption of the solution.
ThirdSpace designed the document classification solution using Azure Information Protection (AIP), aligned to industry best practice. This provided a simple way to make document classification and protection available to users and could be configured to meet the client’s policy requirements.
With the AIP technical solution design in place, the next phase of the project revolved around successful implementation and user adoption. ThirdSpace designed a three-phase implementation approach covering:
Introduction of AIP classification on a voluntary basis for users. This provided an opportunity to introduce classification, track and report on classification behaviour and amend both technical configuration and user guidance if required.
Enforcing mandatory classification for users ensured that all Office 365 documents created and edited were classified, thus providing a rich reporting data set.
Securely monitoring, tracking and preventing inappropriate distribution and sharing of sensitive documentation.
Upon agreement of the three-phase implementation approach, ThirdSpace created a comprehensive business engagement, communications and readiness approach that would meet the business’ needs, was easy for staff to use, and provided the reporting required for ongoing management.
This approach put end-user adoption and change management right at the heart of the AIP technology project and it included:
To capture the needs of real users and identify where issues and resistance might arise.
This minimised the use of email and focused on growing awareness of WHY the client is introducing classification and how easy the solution is to use.
This introduced the why, what and when of Document Classification. It was the most watched internal video of 2019 for our client – watched by over 20% of their global workforce.
Creation of a one-stop user focused portal for everything related to document classification. This was designed to meet the specific needs of the client’s colleagues, to answer questions and provide information in a way that was easy to navigate and consume.
The use of AdoptionSpace removed the need for mandatory on-line training and provided an always accessible resource, linked directly from AIP, providing an evergreen solution for on-boarding and training new users as well as educating the client’s workforce around new AIP updates and developments.
The project included three pilots, with over 500 users from diverse business units and global offices. These ensured that the technology solution worked as expected and captured valuable user feedback that was then used to hone the roll-out comms, queries, adoption approach and AdoptionSpace content.
“The AdoptionSpace portal was used by over 2,000 colleagues to access guidance during roll-out. We also use it as part of the staff induction process so new users can educate themselves on our document labelling processes.”Client CISO
ThirdSpace completed phase 1 & 2 of the Document Labelling project, which introduced the solution and trained users, driving successful adoption and changed behaviours.
Phase 3, the final stage, ensuring the governance over information protection, is the next step in the project with ThirdSpace continuing to support.
The roll-out and adoption of document classification was one of the most successful IT projects undertaken by the client to date.
Despite changes to the AIP service mid-project, the project was completed in line with client expectations, agreed times and budget. It met all the required business objectives and by the end of the project, all of the client’s staff were simply and easily classifying 50,000+ documents per week.
The project also had the lowest number of associated Help Desk requests of any of the client’s recent global IT projects, with only 12 tickets raised (8 of which were asking for early access to AIP!).
“This is testament to the simplicity of the solution and the quality and relevance of the guidance and support provided through AdoptionSpace.”
Most importantly, the client’s Information Security team are more informed as to where sensitive documents are being created, stored, and distributed.
They feel better equipped to support the business in the final phase of the Document Classification project – ensuring the organisation has the information, knowledge, and tools in place to govern and control the use and sharing of sensitive information.
Following the success of this project, our client has adopted a similar people-focused approach for other cyber security projects and are continuing to engage ThirdSpace to provide technical and adoption and change support.
The first of these new projects is a conditional access and multi-factor authentication project, with ThirdSpace providing security and adoption consultancy support to the client’s project team.
Our client is a long-established technical and business services organisation and maritime classification society.
They provide validation, certification and accreditation services to a wide range of industries, notably in the maritime and energy sectors.
They are a truly global organisation with 7,500 employees working from 195 locations around the world, ranging from large head offices to ‘shipping container offices’ in shipyards.
Take a proactive and pre-emptive approach to cyber security.
Send us your questions or feedback.
Friendly folks are standing by!
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.