Enterprise organizations have flocked to Microsft SharePoint because of its ease of use, enterprise search and collaboration capabilities, and functionality that can turn every employee in the business into a content author or contributor. SharePoint brings social capabilities to the enterprise through My Sites, Team Sites, Wikis, and Blogs. However, the most attractive aspects of SharePoint for many IT Executives and even Line of Business Executives is often received very differently by company Compliance Officers.
SharePoint empowers users to do and say almost anything. While this is a great for innovation, free thinking, and creativity, it can become a compliance headache as well. SharePoint deployed without proper governance and compliance controls in place simply creates more work for Compliance Officers and more risk for company executives. In a perfect world and as a function of best practices, each and every SharePoint deployment should be accompanied by a governance and compliance strategy along with a plan for technical, practical, and strategic implementation and monitoring of that plan.
According to AIIM’s 2011 report “Using SharePoint for ECM”: “Although generally introduced to improve compliance, SharePoint can have the effect of making things worse. It is certainly the case that over 60% of organizations have yet to bring SharePoint into existing compliance, HR, retention and long-term archive policies.”
As a result of this, SharePoint has become a treasure-trove of potentially sensitive and unprotected information within many enterprise organizations. This trend makes it a potential target for attack and cyber threat. SharePoint is often deployed, at best, with a limited compliance strategy and, at worst, with none at all. Thus, SharePoint often becomes the “Wild Wild West” for Compliance Officers. When asked about their strategies for managing sensitive data in or the compliance of their SharePoint environments, many privacy officers (even if off the record) will likely respond, “We don’t allow sensitive data in SharePoint, but we don’t really know if it’s there or not.” Or alternatively, “SharePoint is too big a challenge for us to take on, because once we start looking, we know that there will be a lot of data out there to which we must react.”
Not knowing is not necessarily better. In fact, the mere existence of sensitive data inside a SharePoint environment is not necessarily an indicator of a problem either, although it may be a starting point for further investigation. AvePoint Compliance Solutions allow organizations to assess their “as is” SharePoint environment to determine their current level of risk in order to design, implement, and monitor a remediation strategy. In this way the business can prioritize issues and implement a restructured compliance framework. We achieve this through the creation of a “heat map” of an existing SharePoint environment. This analysis identifies not only the existence of sensitive data, but also uncovers other key factors about the data, the SharePoint users, and the system itself. During the assessment phase, the following is the type of reported information: What is the nature of the sensitive (or non-compliance data) within your SharePoint environment and where is it? How old is it? Who created it? Who accessed it?
Only with this kind of analysis can true decisions be made about the level of risk that this content poses. Compliance Officers and other key stakeholders can use this information to react swiftly to investigate and resolve any potential breaches, and to restructure, reclassify, reorganize, and even potentially retire data that will not only improve the compliance posture of the organization, but will also likely lead to improved SharePoint performance.
For more information about AvePoint Compliance Solutions, please visit our website.