Corralling NonMicrosoft Content in the Cloud

Ten years ago, Yahoo and Google offered rapid creation of free file sharing and collaboration spaces -- perfect for group papers, sports teams, families -- in short, any group of people who needed to see a common, centralized set of files.

There's no shortage of Web hosted business-oriented file services in today's cloud era: OneDrive, OneDrive for Business, Box, Google, Dropbox, Salesforce Chatter, among others.

Most recently, Amazon announced its new enterprise cloud file sharing service, Zocalo. Zocalo will offer simple document feedback, centralized repositories, offline sync to laptops, phones and tablets, security and directory integration. As with many of these services, the costs are minimal to none, allowing users to stand up a new repository in minutes for a project with a credit card.

These services pose a real challenges for the Microsoft enterprise.

For years, we’ve discouraged emailing documents for collaboration, since the document management system of choice (usually SharePoint) loses control. All those carefully built reports, permission review process, ILM retention policies and metadata columns go for naught if users ignore the content repositories and move their files elsewhere. Finding files among individual user mailboxes is daunting, let alone managing and securing the content.

Potentially more disturbing is when they copy the files to a new store. That leaves the existing SharePoint library looking as if its populated, but it’s a zombie site -- the files remain, but the people have moved on.

Among all these toolsets, OneDrive for Business is probably the most critical. It’s really a part of Office 365 -- replacing the older brands of SkyDrivePro and MySites. According to some reports, total Office 365 usage has surpassed 60 million this year. That’s a lot of adoption. However, unlike SharePoint on premises, all that usage doesn’t preclude anyone from running multiple clouds -- they may also have a Dropbox account. What’s in it? Probably some really sensitive files.

There are few ways to absolutely prevent these services. Still, one of the best approaches for SharePoint applies to this non-Microsoft content -- governance.


Governance is a partnership between business and IT to achieve business goals. Most users are trying to just get their work done -- they’re not actively trying to undermine corporate compliance. However it’s impossible to establish policies and procedures without understanding that which we would control.

Take great care to understand the level of usage of non-Microsoft technologies. These aren’t necessarily a bad thing, but it’s important to understand the usage footprint. For example, Salesforce provides business oriented social collaboration in addition to its sales automation tools and Google offers low cost apps.

Surveying users in a non-threatening manner can be helpful. If people are fearful they’ll lose access to information they perceive as critical, they’ll be less likely to be forthcoming.

Most mainstream centralized clouds (e.g., have some form of built-in controls to find and manage critical content. However, the “dark matter” of unmanaged clouds is impossible to control fully. In addition to monitoring usage patterns, talking to users and shoulder-surfing, the occasional Google or Bing search for enterprise content on the public Internet may reveal some interesting and previously unknown storage locations.

The other challenge posed by any new technology is that each platform has its own reporting and administration system. These need to be learned alongside established Microsoft content management practices.


Once information in clouds is fully discovered, it’s possible to control the content based on business rules. Each supported cloud should have a clear business purpose, and that purpose needs to be communicated to the user population. But half the cloud world is tied to individual accounts, offering few ways to gain uniform centralized access and control:


In general, it’s up to each provider to provide a management interface. In the case of individual file sharing services, there is no interface.


Many organizations progress through four stages of cloud policy

  • Denial -- No one is using Box
  • Paper -- Users are told they can/cannot use Box for specific scenarios like external collaboration but there’s no active enforcement
  • Systemic -- Interfaces exist to audit and manage information after its posted
  • Predictive -- Policies are enforced in near real time as content is posted and shared

Don’t feel bad if you’re less advanced than you’d like. The last stage is still emerging as new vendors offer services to centralize content management across multiple cloud providers, but it’s still a nascent industry. Until then, get to know your users -- and ask your help desk what they’re seeing.

For now, establishing simple, understandable rules about what content belongs/doesn’t belong in SharePoint, Office 365, OneDrive for Business and other sources should be you’re immediate goal. Next, educate your users about what functions you do support -- like offline sync -- on a managed platform so they have less incentive to go find their own -- because your content is already online, somewhere.

Title image by Richard Thornton /