View
5
Download
0
Category
Preview:
Citation preview
Living in a Hybrid World: Compliance and Governance Meet Cloud
Agenda
as a Service
Governance
Importance of Information Governance
Gartner Research: 2016 Prediction
What is SharePoint Governance?
“Governance is the set of and
that directs, and controls how an organization’s business divisions and I.T. teams to achieve business goals.” Microsoft – http://bit.ly/nmNSbj
IT Governance
Corporate Governance
SharePoint
IT Governance
System Governance
SAP Lotus
Notes
How Much Governance is Needed?
Personal/My Sites
Governance
Vis
ibil
ity
Project/Team Sites
Community Sites
Portal
Striking the Balance
Business
Needs
Usage
Technical
Needs
Control
Requirements for IT Governance
Tech
Process
People
Policy
Governance
People
Business
Owners IT
Back
Office
Finance
Legal
HR
Corp. Communications
Executive Sponsorship
Workload Owners
Departmental Owners
Functional Owners
Architects
IT Operations
Administrators
Customization Adoption Continuous
Improvement
Operations Information
Architecture
Information
Management
Project
Management Leadership
Infrastructure
Typical Policy Categories
Encouragement
Resource
intensive
Human error
PowerShell
scripts
3rd Party Products
Custom apps
3rd Party Products
Process of Policy Enforcement
Automated Semi-Automated Manual
2 Weeks
8 Weeks
3 – 6 Months
SharePoint List + SharePoint Designer
InfoPath SharePoint Designer
Custom APIs .Net Coder
SharePoint Administrator
InfoPath Developer
.NET Developers
Technology: Build vs. Buy
Options Time Required Resources
Multiply for Every Service Request
Customization Adoption Continuous
Improvement
Operations Information
Architecture
Information
Management
Project
Management Leadership
Infrastructure
Typical Policy Categories
Compliance, Risk and Privacy
What is Risk?
“Risk is the potential that a chosen action or activity (including the choice of inaction) will lead to a loss (an undesirable outcome). The notion implies that a choice having an influence on the outcome exists (or existed). Potential losses themselves may also be called "risks". Almost any human endeavor carries some risk, but some are much more risky than others.”
- Wikipedia
What is Compliance?
Compliance means conforming with stated requirements.
Achieved through management processes
which identify the applicable requirements
Assess the state of compliance
Assess the risks and potential costs of non-
compliance
Prioritize, fund and initiate any corrective
actions deemed necessary
What does Compliance mean to us?
− Making information available to the people who should have it
− Protecting information from the people who should not
At the very highest level:
The Challenge-Legions of compliance obligations and risks to information
• Intellectual property and trade secrets
• Sensitive customer information and data
• Collaborations on strategy
• Personal information
• Legal and compliance issues
• Information getting in the wrong hands
The onslaught of risk and compliance issues related to
Information sharing includes:
Just a few compliance standards
Information must be accessible and available to the people who should have access to it and protected from the people who should not
Further this information may need to be stored, archived and preserved for some period of time
These laws have common elements
Hackers gaining access
80%
70%
60%
50%
40%
30%
20%
10%
0%
Accidental employee
breach
Accidental 3rd party
breach
Intentional Employee
breach
Intentional 3rd party
breach
Source: HCCA;, “Data Privacy: How Big a Compliance Challenge?”;
January 2011
8%
61%
41%
30%
13%
How likely do you think the following privacy breach risks are of occurring?
Confidentiality leaks
—Compromised privacy
Loss of data integrity
No access to or
availability of data
Some specific risks to consider…
Questions to Ask: Designing a Compliance Policy
Risk Awareness
Risk Ignorance
Risk Assessment: Don’t just focus on what you can see
“Never in all history have we harnessed such formidable technology. Every scientific advancement known to man has been incorporated into its design. The operational controls are sound and foolproof!”
E.J. Smith, Captain of the Titanic
Defining & Assessing Your Compliance Position
Balancing Accessibility &
Security
Classification of Documents
Confidentiality of Documents
Integrity of Information within
Documents
Understanding Different Roles
Building a Compliance Policy
Transparency/
Collaboration
Data
Protection/
Management
Balancing transparency and collaboration with data
protection and management
Creating and maintaining a compliant SharePoint environment is a continuous process
• People
• Policy and Process
• Technology
• Training
• Governance and Oversight
• Technical Enforcement
Compliance & Technical Enforcement
Prevent
Detect
Track
Respond & Resolve
Make Control part of the Process
Identify
Non-
Compliance
2 Prioritize
the
Business
Needs
3
Diagram
New Security
Boundaries
4 Architect
in GovSec
5 Undertake
Migration
6 Maintain
Control
7 Analyze the
Current
Environment
1
Deployment Opportunities
Our heads are already in the cloud…
How did we get here?
Access
databases
Server
room
Centralized
data center
Cloud
Service layers
IaaS PaaS SaaS
Storage
Applications
Servers
Virtualization
O/S
Middleware
Runtime
Data
Applications
Storage
Applications
Servers
Virtualization
O/S
Middleware
Runtime
Data
Applications
Storage
Applications
Servers
Virtualization
O/S
Middleware
Runtime
Data
Applications
Why?
• Rapid onboarding • “Instant” optimization • Effortless move to new versions
• Strong SLAs • Scaling/performance • Cost, Move from CapEx to OpEx
• Cross-organization collaboration
• Ease storage burden • Hype
Why not?
• Integration with internal systems
• Ability to customize
• Test/staging environment
• Data sovereignty
• Offline/low bandwidth accessibility
• Security and availability concerns persist
How do we control?
Information Architecture vs. Management
•
•
•
Information Architecture (Site Map)
http://intranet
HR Finance
Team Vacation
Tracking Financial
Performance Benefits
Marketing
Logos Expense
Reports Team Team
Information Architecture vs. Management
Management controls and scopes
Farm
Web
Application
Service
Application Zone
Content DB
Site collection
Top-level site
List/Library
[Folder]
Item / Document
Sub site Sub site
Logical Architecture
Site
collection
Marketing
Content DB
Site
collection
HR
Site collection
Intranet
Home
HR Marketin
g Finance
Farm
Content DB Content DB
TEAMS SOCIAL INTRANET
Cloud architecture
TEAMS SOCIAL INTRANET
Farm
Site
collection
Marketing
Content
DB
Site
collection
HR
Content
DB
Content
DB
Site collection
Intranet
Home
HR Mark
eting
Finan
ce
EXTRANET
O365
Shared Services Farm Architecture
Content
Farm
SOCIAL INTRANET TEAMS
Site collection
Marketing
Content DB
Site collection
HR
Content DB Content DB
Site collection
Intranet Home
HR Marketin
g Finance
EXTRANET
O365
Service
Farm
PROFILE SEARCH BCS METADATA
Business Critical Architecture
Content
Farm
SOCIAL INTRANET TEAMS
Site collection
Marketing
Content DB
Site collection
HR
Content DB Content DB
Site collection
Intranet Home
HR Marketin
g Finance
EXTRANET
O365
TEAMS*
Biz Crit
Farm
Content DB
Site collection
Finance
Service
Farm
PROFILE SEARCH BCS METADATA
LOB applications architecture
Content
Farm
SOCIAL INTRANET TEAMS
Site
collection
Marketing
Content DB
Site
collection
HR
Content DB Content DB
Site collection
Intranet
Home
HR Marketin
g Finance
EXTRANET
O365
TEAMS*
Biz Crit
Farm
Content DB
Site
collection
Finance
<LOB>
LOB
Farm
Service
Farm
PROFILE SEARCH BCS METADATA
Applications farm architecture
On-Prem
Farm
SOCIAL INTRANET TEAMS
Site collection
Marketing
Content DB
Site collection
HR
Content DB Content DB
Site collection
Intranet Home
HR Marketin
g Finance
EXTRANET
O365
TEAMS*
Biz Crit
Farm
Content DB
Site collection
Finance
<LOB>
LOB
Farm
APPS
Apps
Farm
Service
Farm
PROFILE SEARCH BCS METADATA
Don’t panic – plan with end in mind…
On-Premise
Farm
SOCIAL INTRANET TEAMS
Site collection
Marketing
Content DB
Site collection
HR
Content DB Content DB
Site collection
Intranet Home
HR Marketin
g Finance
EXTRANET TEAMS*
Content DB
Site collection
Finance
<LOB> APPS
Service
Farm
PROFILE SEARCH BCS METADATA
Presenting SharePoint as a Service
Service
User Request
Approval Stages
Approval Process Start Execute Request
Configuration Policies
Backup RBS Archiving Auditor
1 hour Tier 1 – SAN 7 years Full
1 day Tier 2 – NAS 3 years Views +
Edits
1 week None 1 years Views
Secure vs. Non-Secure content
Regulated Users Non-Regulated Users
Service Offerings
Regulated Non-
Regulated Non-Secure
Archiver 7 years 3 years 1 year
Backup 1 hour 1 day 1 week
Auditing Full View + edits Views
RBS Tier 1 – SAN Tier 2 – NAS None
Vault Autonomy None None
Compliance WCAG 2.0 WCAG 2.0 None
SharePoint
Deployment On-premises On-premises Online
SharePoint
Designer Enabled Disabled Disabled
Content
Database Isolated DB Shared N/A
Quota 100Gb 50Gb 10Gb
Context-targeted Services Projects
Gold
All Mgmt.
AD Groups
Project Site
Template
3-stage
Active Directory
User
Project Purpose
PII not allowed
6 months
HR
Gold, Silver
HR Mgmt.
AD Group
Employee Site
Template
2-stage
Active Directory
User
Employee
Department
PII allowed
1.5 years
Sales
Silver, Bronze
Sales Mgmt.
AD Group
Customer Site
Template
1-stage
Active Directory
User
Account Type
PII not allowed
2 years
Policies
Security
Customizatio
ns
Approval
Process
Business
Contact
Classification
Compliance
Lease
Site Collection Lifecycle Management
Pre-approval Backup Archive Auditor RBS
Configure
Change Contact
Inactive Lease Lease
Change Policy
Lease Expiration
Year 0
Content
Year 1
Collaboration
Year 2
Development
Year3
ECM
Active Content
Storage Growth
Number of site collections and sites
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
IT Training Engineering Sales HR
Site analytics
0
2000
4000
6000
8000
10000
12000
14000
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
IT Training Engineering Sales HR
Decrease of File Share / Exchange
0
1000
2000
3000
4000
5000
6000
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
SharePoint Exchange File Share
Continuous Improvement Lifecycle
Mixed Junk
IN
Filter for
Compliance
Prioritize for
Business Need
Structure
for
Governance
Organized
Gold OUT
Wrap Up
Integrate with your technology
solutions
Integrate policy with
“enforcement”
Create a policy with enforceable
& measurable rules
Engage Executive Leadership &
keep them briefed!
Gather your stakeholders! Content contributors: Internal and External, Process
owners, Legal, PR, CPO, IT, Data Security
Key Takeaways
Additional Resources
White Papers Solution Briefs
THANK YOU
Recommended