New Research Reveals Pain Points of Managing Security and Compliance Governance for Microsoft Office 365

Research underscores the important differences between perception and reality in cloud security with 30 percent of respondents citing their organizations’ governance readiness as poor

Austin, Texas – March 28, 2019 – Spanning Cloud Apps LLC, a leading provider of SaaS data protection and a Kaseya company, today released the findings of new research, conducted along with CollabTalk, on security and compliance perceptions and realities for Microsoft Office 365 users. A major finding of the research revealed that although many survey respondents expressed confidence about their Office 365 security practices, very few are addressing glaring gaps that could leave enterprises at risk.

The findings revealed the biggest security and compliance pain points in Office 365, with more than 30 percent of respondents indicating that the overall state of governance readiness within their organizations is “poor.” For compliance, incorrect data classification and actions 
(17 percent) and content stored in legacy systems (15 percent) created the biggest headaches for IT professionals. When it came to security, Shadow IT (15 percent), lack of security training (15 percent) and lack of breach monitoring solutions (13 percent) were revealed to be the most worrisome activities, potentially leaving open doors for enterprise data loss.

“Most organizations expect cloud providers to provide the security and compliance measures they need in order to feel secure, but very few know how to use the features that are available to them or even understand the limitations of operating in the cloud,” said Chad Savoy, general manager, Spanning Cloud Apps. “These findings underscore the importance of cloud education for executives, security training for employees and the use of third-party applications to protect critical data when the cloud cannot.”

To provide deeper insight, 11 Microsoft Office 365 Most Valuable Professionals (MVPs) were invited to comment on the findings. MVPs noted significant gaps between the respondents’ perception — that their approach to Office 365 security was adequate — and the reality — that those surveyed missed addressing some serious risks. Another alarming finding noted by MVPs was the general unfamiliarity with Microsoft’s native security tools and a failure to use many of those tools.

“The gap presented in this research is not from a lack of features, vision or direction from Microsoft; the gap comes from within organizations.” said Matthew McDermott, Spanning’s principal technical marketing engineer and a 13-time Microsoft Office Apps and Services MVP. “Companies must invest in personnel and tools to ensure compliance and secure systems. It’s not enough, with today’s threat landscape, to be reactive. You need to be proactive in your approach to keeping your assets and customer data safe and secure.”

This research was sponsored in part by Spanning and conducted in partnership with the Marriott School of Business at Brigham Young University and CollabTalk. More than 270 IT professionals across 19 industries were surveyed, with all running environments that range from legacy hardware to cloud and hybrid.

To view the full survey report and learn more about the findings, visit

About Spanning

Spanning Cloud Apps is the leading provider of backup and recovery for SaaS applications, helping organizations protect their information in the cloud. The company provides powerful, enterprise-class data protection for G Suite, Salesforce, and Microsoft Office 365. Spanning Backup is the most trusted cloud-to-cloud backup solution for thousands of companies and millions of users around the world. Learn more at Follow us on Twitter @SpanningBackup.