Getting Started with AvePoint Compliance Solutions

Post Date: 07/18/2012
feature image

​Enterprise organizations have flocked to Microsft SharePoint because of its ease of use, enterprise search and collaboration capabilities, and functionality that can turn every employee in the business into a content author or contributor. SharePoint brings social capabilities to the enterprise through My Sites, Team Sites, Wikis, and Blogs. However, the most attractive aspects of SharePoint for many IT Executives and even Line of Business Executives is often received very differently by company Compliance Officers.

SharePoint empowers users to do and say almost anything. While this is a great for innovation, free thinking, and creativity, it can become a compliance headache as well. SharePoint deployed without proper governance and compliance controls in place simply creates more work for Compliance Officers and more risk for company executives. In a perfect world and as a function of best practices, each and every SharePoint deployment should be accompanied by a governance and compliance strategy along with a plan for technical, practical, and strategic implementation and monitoring of that plan. According to AIIM’s 2011 report “Using SharePoint for ECM”: “Although generally introduced to improve compliance, SharePoint can have the effect of making things worse. It is certainly the case that over 60% of organizations have yet to bring SharePoint into existing compliance, HR, retention and long-term archive policies.” As a result of this, SharePoint has become a treasure-trove of potentially sensitive and unprotected information within many enterprise organizations. This trend makes it a potential target for attack and cyber threat. SharePoint is often deployed, at best, with a limited compliance strategy and, at worst, with none at all. Thus, SharePoint often becomes the “Wild Wild West” for Compliance Officers. When asked about their strategies for managing sensitive data in or the compliance of their SharePoint environments, many privacy officers (even if off the record) will likely respond, “We don’t allow sensitive data in SharePoint, but we don’t really know if it’s there or not.” Or alternatively, “SharePoint is too big a challenge for us to take on, because once we start looking, we know that there will be a lot of data out there to which we must react.” Not knowing is not necessarily better. In fact, the mere existence of sensitive data inside a SharePoint environment is not necessarily an indicator of a problem either, although it may be a starting point for further investigation. AvePoint Compliance Solutions allow organizations to assess their “as is” SharePoint environment to determine their current level of risk in order to design, implement, and monitor a remediation strategy. In this way the business can prioritize issues and implement a restructured compliance framework. We achieve this through the creation of a “heat map” of an existing SharePoint environment. This analysis identifies not only the existence of sensitive data, but also uncovers other key factors about the data, the SharePoint users, and the system itself. During the assessment phase, the following is the type of reported information: What is the nature of the sensitive (or non-compliance data) within your SharePoint environment and where is it? How old is it? Who created it? Who accessed it? Only with this kind of analysis can true decisions be made about the level of risk that this content poses. Compliance Officers and other key stakeholders can use this information to react swiftly to investigate and resolve any potential breaches, and to restructure, reclassify, reorganize, and even potentially retire data that will not only improve the compliance posture of the organization, but will also likely lead to improved SharePoint performance.

For more information about AvePoint Compliance Solutions, please visit our website.


Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: Twitter:

View all posts by Dana S.

Subscribe to our blog