AvePoint’s Survival Guide for SharePoint: Automating SharePoint Governance (Part 1)

Introduction

SharePoint is full of repetitive, time-consuming, and complex tasks that burden and test the patience of many administrators. Luckily, administrators know much of this burden – and SharePoint governance in particular – can be relieved with automation.

In this two-part blog series for AvePoint’s Survival Guide for Automating SharePoint, I will expand upon the lessons captured in the guide. Today, we will set up the framework and justification for adding on automation software to your deployments by exploring the difficulty of policy enforcement alone, and the added value of automation for end users and administrators. Part two will discuss the application of automation.

The Need for Automation: A Resounding SOS

I have read many RFP/RFIs in the last couple years asking for enforcement of settings, content compliance, reports on policy violations, management of privileged access, and management of shared content.

Here are some quotes from actual RFP/RFIs:

• Data Owners and Data Stewards must be provided with SharePoint site templates that have ‘governance built in’.
• Functionality that asks the user to classify their data each time they save it, if the document is not already classified. 
• Ceiling enforcement shall prevent documents or list attachments higher than the classification site ceiling from being uploaded. 
• Access to data should be logged. This must include the users’ Windows ID or PeopleSoft ID, timestamp and full file path of the data.
• SharePoint administrators, and security and compliance officers will be able to quickly identify suspicious activity (such as excessive downloading of sensitive information) and potentially implement automated response protocols.

It’s not hard to read between the lines and see the prevalent desire to replace these manual governance tasks – along with the responsibility and risk that comes with them – with software and automation.

But before jumping into automating, let’s understand the roots of governance and why the investment in software and automation to enable users is so important.

What Needs to be Governed?

Think about all of the decisions that go into creating a new site collection. Things administrators might consider include:

• What backup plan should it be added to? What is the appropriate SLA?
• Does auditing need to be turned on, and now much?
• What are the approval and disposition requirements when it comes to end of life?
• Do we need to externalize BLOBs for storage or performance reasons? Where? How?
• Who is responsible for the site and the site contents? Who owns it from a non-technical perspective?
• Are there any compliance considerations for the content contained in the site?
• Are there custom branding or design elements that are required?

Now imagine creating a new library. Does the library require different recovery point objectives (RPO) or recovery time objectives (RTO), versioning, auditing, content type, information rights management (IRM, approval processes, or compliance archiving?

How about content sharing? What are the requirements for a specific permissions model, permissions level, length of time needed for access to the content, approval of requests for access, or recertification of access permission?

Whether the policies for sites, sharing, or libraries are written down or stored in an administrator’s head, there are many decisions that go into each seemingly typical SharePoint administrative task.

There is a lot to think about because there are so many possible configurations in SharePoint – a flexibility that can match almost any business requirement. But this is only one side of what can be thought of as a cube of requirements.

If we have configuration as one axis, the second axis represents the changes made over time to the environment. Every one of the policy decisions made during provisioning has the potential to change over time to match changes to business requirements or employees. If you focus on the configuration of policies alone, it’s easy to forget how management of changes “here and there” can compound as the environment grows.

The third axis to the cube is the level of required Governance, or how locked down a particular scope of SharePoint needs to be. Department sites have different requirements than project/team sites which have different requirements than personal sites and OneDrives.

Effective governance for even basic SharePoint management tasks is clearly very complex, which could account for why it is often only partially implemented, or missing entirely from many environments.

Are You Adding Value?

The great promise of Information Technology is empowering people to do more by providing the best tools available. This is why the importance of guided and effective user enablement is so important. The hard question administrators must ask themselves is:

Is my approach to SharePoint administration adding business value to my company or is it just continual fire-fighting?

Talking with the same administrators behind the RFP/RFI’s above, I’ve heard them say:

• “Users create havoc because they have too much access in SharePoint.”
• “Users want things when they want them, not when it’s actually feasible.”
• “Some users want more control of their sites and access to advanced features like workflows, content types, and metadata… but I’m apprehensive to give them too much control because of what has happened in the past.”
• “There is no way to make specific departments responsible for their SharePoint usage.”
• “My staff is too small to control every aspect of how SharePoint is managed.”
• “Training users over and over again isn’t working.”

There are three approaches to administration:

First is an entirely manual approach. This relies heavily of a “train and trust” approach with heavy delegation of technical tasks to business users. It requires the users to always understand and do the right thing. Even with the distribution of responsibility, this method is very resource-intensive, risky, and lacking in visibility and ability to scale.

A semi-automated approach can begin with PowerShell scripts and include third-party software to help assist administrators with daily tasks by performing them in bulk. However, this is still a resource-intensive approach that is largely reactive relying on feedback or tickets from the users to drive change.

A fully automated approach involves applications that proactively put controls around SharePoint to guide users to do the right thing and typically take away the right to do the activities they govern directly from within SharePoint – for example, removing the native “Share” functionality and using an automated request process instead to increase control and auditability.

Of the three, the fully automated approach is the only one that can, in essence, put a stop to fires before they start.

A New Way of Thinking

Switching to a fully automated SharePoint environment is traditionally thought of as delivering a new platform to an organization. To illustrate, think of automated SharePoint as a landlord: they provide the space, you figure out how to use it best, and then you are able to thrive in your fully customized space.

However, with the proliferation of sites like Facebook and LinkedIn or software like Office Online and Google Apps in our personal lives, users have grown accustomed to experiencing collaboration software as a service. Primarily self-service, pre-configured, and fully transparent on what functions are available and how to use them, these collaboration services have changed the expectations of what IT departments need deliver in the work place.

In other words, simply “delivering” automation software is not enough.

The issue with the old mode of thinking is that it disconnects from the user experience; an administrator turns generic sites and objects into apps that exactly fit their needs, but then solely relies on the end user’s ability to figure out how to gain value from the software.

To effectively enable users, administrators need to start looking at SharePoint as a service rather than a platform.

Though this may seem like an unnecessary added step, this new model also adds value for administrators by simplifying and encouraging consumption of the services they build, improving financial transparency, and bridging the gap between IT and business alignment.

With SharePoint automation seen as a service, administrators can effectively add value by:

• Working on smaller tasks more efficiently, releasing them to high-business-value activities
• Providing business users with quick and easy to use self-services, enabling them to request complex changes to SharePoint without administrators giving away too much power
• Maintaining accountability for ownership and change management of SharePoint

Summary

In summary, as we start to see recurring patterns in SharePoint governance, from resource provisioning to enforcement, it becomes clear that realizing one of the goals of SharePoint administration – management and control – is only half of the problem and half the potential for success.

The other half, user enablement,  is critical to successful SharePoint administration – too important to be left to training alone. According to the “How-to” book on my desk, the essentials you need to know to be an effective SharePoint 2013 user can fill 350 information-packed pages!

Instead of relying solely on individual users to retain all of that information, there is an opportunity for software and automation to better guide users to make the right choices in SharePoint, saving administrators the time and headache that comes with governing the platform.

Stay tuned for the next post in the series on Monday, October 12 where we will discuss how DocAve Governance Automation enables you to empower users by implementing SharePoint as a service.

Want more advice on how to automate your SharePoint environment? Access our free Survival Guide for Automating SharePoint today!