Living in a Hybrid World:

chirpskulkInternet and Web Development

Nov 3, 2013 (3 years and 7 months ago)

58 views

Living in a Hybrid World:

Compliance
and Governance Meet Cloud

Aashish Warty

Manager


Technical Solutions Professionals | North America

aashish.warty@avepoint.com

@
hashpoint



as a Service

Governance


Gartner Research: 2016 Prediction


Governance is the set of
policies, roles,

responsibilities,
and
processes

that
guides,

directs, and controls how an organization’s
business divisions and I.T. teams
cooperate

to
achieve business goals.”





Microsoft


http://bit.ly/nmNSbj


Corporate Governance

SharePoint

IT Governance

System Governance

SAP

Lotus Notes

Personal/My Sites

Governance

Visibility

Project/Team Sites

Community Sites

Portal

Business

Needs

Usage

Technical

Needs

Control

Tech

Process

People

Policy

Governance

Business

Owners

IT

Back

Office

Finance

Legal

HR

Corp. Communications

Executive Sponsorship

Workload Owners

Departmental Owners

Functional Owners

Architects

IT Operations

Administrators

Customization

Adoption

Continuous
Improvement

Operations

Information
Architecture

Information
Management

Project
Management

Leadership

Infrastructure


Encouragement


Resource
intensive


Human error


PowerShell scripts


3
rd

Party Products


Custom apps


3
rd

Party Products

Automated

Semi
-
Automated

Manual

2 Weeks

8 Weeks

3


6 Months

SharePoint List +

SharePoint Designer

InfoPath

SharePoint Designer

Custom APIs

.Net

Coder

SharePoint

Administrator

InfoPath

Developer

.NET

Developers

Options

Time Required

Resources

Multiply for Every Service Request

Customization

Adoption

Continuous
Improvement

Operations

Information
Architecture

Information
Management

Project
Management

Leadership

Infrastructure

Compliance, Risk and Privacy

“Risk is the potential that a
chosen action
or activity (including
the choice of inaction) will lead to a loss (an undesirable
outcome). The notion implies that
a choice having an
influence

on the outcome exists (or existed). Potential losses
themselves may also be called "risks". Almost
any human
endeavor
carries
some risk
, but some are much
more risky
than others
.”





-

Wikipedia



Compliance means conforming with stated requirements.


Achieved through management processes which identify the
applicable requirements

Assess the state of compliance

Assess the risks and potential costs of non
-
compliance

Prioritize, fund and initiate any corrective actions
deemed necessary


Making information available to the people who should have
it


Protecting information from the people who should not


At the very highest
level:


Intellectual property and trade secrets


Sensitive customer information and data


Collaborations on strategy


Personal information


Legal and compliance issues


Information getting in the wrong hands


The onslaught of risk and compliance issues related to Information sharing includes
:

Accessibility Compliance

Privacy Compliance


Records Management

Brand and Site monitoring


Metadata Policy


Information must be accessible and available to the
people
who should have access to it
and
protected from the people
who
should not




Further this information may need to be
stored, archived
and
preserved

for some period of time



Hackers

gaining

access

80%


70%


60%


50%


40%


30%


20%


10%


0%

Accidental
employee
breach

Accidental
3rd party
breach

Intentional

Employee

breach

Intentional

3rd party breach

Source: HCCA;, “Data Privacy: How Big a Compliance Challenge?”; January 2011



8%

61%

41%

30%

13%


Confidentiality

leaks


Compromised privacy



Loss of data
integrity




No access to or
availability

of data


How do we protect the most important data

in the enterprise?

How do we reduce the risk of exposure?

How do we quickly find information?

How do we prepare for litigation and eDiscovery?

How do we ensure policy consistency?

How do we scale the compliance solution

to the enterprise?

How do we control costs?

What is our Cloud Strategy?

What is our current compliance status or our “as is”



Deployment can be random



Capabilities are understated or unknown



Broadly adopted often with little oversight
for compliance



Success vs. Failure



SharePoint Governance and Compliance
are vital for Success



Transparency/

Collaboration

Data Protection/

Management

Balancing transparency and collaboration with data protection
and
management


People


Policy and Process


Technology


Training


Governance and Oversight


Technical Enforcement


Prevent

Detect

Track

Respond
& Resolve

Identify

Non
-
Compliance

2

Prioritize the
Business
Needs

3

Diagram
New Security
Boundaries

4

Architect
in
GovSec

5

Undertake
Migration

6

Maintain
Control

7

Analyze the
Current
Environment

1

Deployment Opportunities

Access
databases

Server
room

Centralized
data
center

Cloud

IaaS

PaaS

SaaS

Storage

Applications

Servers

Virtualization

O/S

Middleware

Runtime

Data

Applications

Storage

Applications

Servers

Virtualization

O/S

Middleware

Runtime

Data

Applications

Storage

Applications

Servers

Virtualization

O/S

Middleware

Runtime

Data

Applications

Rapid onboarding

“Instant” optimization

Effortless move to new versions

Strong SLAs

Scaling/performance

Cost, Move from
CapEx

to
OpEx

Cross
-
organization collaboration

Ease storage burden

Hype

Integration with internal systems

Ability to customize

Test/staging environment

Data sovereignty

Offline/low bandwidth accessibility

Security and availability concerns
persist

How do we control?

Farm

Web Application

Service
Application

Zone

Content DB

Site collection

Top
-
level site

List/Library

[Folder]

Item / Document

Sub site

Sub site

Web Application

Si te
col l ecti on

Marketi ng

Content DB

Si te
col l ecti on

HR

Site collection

I ntranet
Home

HR

Marketing

Finance

Farm

Content DB

Content DB

TEAMS

SOCIAL

INTRANET

TEAMS

SOCIAL

INTRANET

Farm

Site collection

Marketi ng

Content DB

Site collection

HR

Content DB

Content DB

Si te col lection

Intranet
Home

HR

Marke
ting

Financ
e

EXTRANET

O365

Content

Farm

SOCIAL

INTRANET

TEAMS

Site collection

Marketing

Content DB

Site collection

HR

Content DB

Content DB

Site collection

Intranet Home

HR

Marketin
g

Finance

EXTRANET

O365

Service

Farm

PROFILE

SEARCH

BCS

METADATA

Content

Farm

SOCIAL

INTRANET

TEAMS

Site collection

Marketing

Content DB

Site collection

HR

Content DB

Content DB

Site collection

Intranet Home

HR

Marketin
g

Finance

EXTRANET

O365

TEAMS*

Biz
Crit

Farm

Content DB

Site collection

Finance

Service

Farm

PROFILE

SEARCH

BCS

METADATA

Content

Farm

SOCIAL

INTRANET

TEAMS

Site collection

Marketing

Content DB

Site collection

HR

Content DB

Content DB

Site collection

Intranet
Home

HR

Marketing

Finance

EXTRANET

O365

TEAMS*

Biz
Crit

Farm

Content DB

Site collection

Finance

<LOB>

LOB

Farm

Service

Farm

PROFILE

SEARCH

BCS

METADATA

On
-
Prem

Farm

SOCIAL

INTRANET

TEAMS

Site collection

Marketing

Content DB

Site collection

HR

Content DB

Content DB

Site collection

Intranet Home

HR

Marketin
g

Finance

EXTRANET

O365

TEAMS*

Biz
Crit

Farm

Content DB

Site collection

Finance

<LOB>

LOB

Farm

APPS

Apps

Farm

Service

Farm

PROFILE

SEARCH

BCS

METADATA

On
-
Premise

Farm

SOCIAL

INTRANET

TEAMS

Site collection

Marketing

Content DB

Site collection

HR

Content DB

Content DB

Site collection

Intranet Home

HR

Marketin
g

Finance

EXTRANET

TEAMS*

Content DB

Site collection

Finance

<LOB>

APPS

Service

Farm

PROFILE

SEARCH

BCS

METADATA

Assess Existing Sites and Content

Report
on and Classify Content

Design
Compliant Information Architecture

Determine
Cloud Migration
Approach


Presenting SharePoint as a Service

User Request


Approval
Stages


Approval Process

Start


Execute Request

Backup

RBS

Archiving

Auditor

1 hour

Tier 1


SAN

7 years

Full

1 day

Tier 2


NAS

3

years

Views + Edits

1 week

None

1 years

Views

Regulated Users

Non
-
Regulated
U
sers

Regulated

Non
-
Regulated

Non
-
Secure

Archiver

7

years

3 years

1 year

Backup

1 hour

1 day

1 week

Auditing

Full

View +

edits

Views

RBS

Tier

1


SAN

Tier 2


NAS

None

Vault

Autonomy

None

None

Compliance

WCAG 2.0

WCAG

2.0

None

SharePoint

Deployment

On
-
premises

On
-
premises

Online

SharePoint Designer

Enabled

Disabled

Disabled

Content Database

Isolated DB

Shared

N/A

Quota

100Gb

50Gb

10Gb

Projects

Gold

All Mgmt.

AD Groups

Project Site
Template

3
-
stage

Active Directory
User

Project Purpose

PII not allowed


6 months

HR

Gold, Silver

HR Mgmt.


AD Group

Employee Site
Template

2
-
stage

Active Directory
User

Employee
Department

PII allowed

1.5 years

Sales

Silver, Bronze

Sales Mgmt.

AD Group

Customer Site
Template

1
-
stage

Active Directory
User

Account Type

PII not allowed

2 years

Policies

Security

Customizations

Approval Process

Business Contact

Classification

Compliance

Lease

Pre
-
approval

Backup

Archive

Auditor

RBS

Configure

Change

Contact

Inactive

Lease

Lease

Change

Policy

Lease

Expiration

Mixed Junk IN

Filter for Compliance

Prioritize for
Business Need

Structure for
Governance

Organized

Gold OUT

Wrap Up

Integrate with your technology
solutions

Integrate policy with “enforcement


Create a policy with enforceable & measurable
rules

Engage Executive Leadership & keep them
briefed
!

Gather your stakeholders!

Content contributors: Internal and External, Process owners, Legal, PR, CPO,
IT, Data
Security

White Papers

Solution Briefs

www.avepoint.com

Sales@avepoint.com

AvePoint.com

US:

(
201)
793
-
1111


1
-
800
-
661
-
6588
(toll
-
free)