Putting your sensitive data in the cloud..
Especially for a company that is so knowledge intensive, I find it strange that they would want to put their data elsewhere outside of their control. You can never really know for sure if anyone else is reading/copying your sensitive documents.
Also, can't employees very (too) easily login from their home PC and download the documents? Normally you'd have multiple independent lines of defense (firewalls, logging, tokens, access rights), so people that don't need to work from home are unable to access their documents at all when not at a physical terminal in the company.
I don't know about the controls O365 or GSuite provides, but for me it would be a major concern. If anything unexpected were to happen, the company could go down in no time..
It seems to me the CIO might be right feature-wise (I don't know), but he seems dangerously optimistic about this.
How do others view this?