Big data and compliance are two hot-button issues that have been making increasing waves in technology news throughout the past few years. Although these topics are often surfaced in conversations about major Internet players such as Google or Facebook, the same concerns and regulations apply to the SharePoint space – especially as more and more businesses recognize and roll out Microsoft SharePoint as a key collaboration tool. Nearly every company using SharePoint needs to think about a way to harness and analyze the plethora of data generated by the platform. Without careful auditing of your end users’ SharePoint activities, your organization may soon find itself in quite the compliance bind.
SharePoint administrators, IT administrators, and compliance officers all need to know the who, what, where, when, and how of every action that takes place in SharePoint, and this is where DocAve Report Center steps in to meet this requirement. The following sections describe just a few real-life business examples illustrating the importance of auditing that we have encountered with our clients, and what you can do in your own environment.
Financial Services
Today’s regulatory environment has put signification strain on the IT staff for financial industry organizations, requiring on-demand reports per Rule 17a-4 of the Securities Exchange Act for forensic analysis of content, its permissions, and its usage for content owners and decision makers. AvePoint stores and optimizes more than 1.2 terabytes (TB) of content, including 300 million audit records for ad hoc reporting, for a major financial institution. Executive information for this account is being stored in the same system as day-to-day user information, including C-level blogs and discussion updates relating to office management, employee performance, mergers and acquisitions, and public financial data.
Security audits are conducted for external contractors and what they have done with their permissions every 30 days to assess the activity surrounding the data, as well – essential for identifying non-compliant behavior. The transparency of audit information even extends to end-users, who are able to select individual documents in SharePoint and review audit histories for each one.
As with any system of collaboration, the activity surrounding the data is vital in identifying malicious behavior. With external contractors managing their administration, it was not sufficient to audit the current state of security, but rather the history of changes to permissions. The key question answered by the AvePoint framework was not simply “Who has access to this site?”, but also “How did they get access?” and “When did these permissions change?” In this way, we were able to help ensure that this financial institution was more holistically meeting its regulatory compliance obligations in SharePoint.
Insurance
Financial organizations are not the only ones affected by SEC Rule 17a-4. AvePoint works with an insurance, annuities, and employee benefit provider serving millions of customers worldwide that is governed by several policies relating to the collaboration of users and the securing of its content. The company is obligated to record and monitor all communication among its broker-dealers, including interactions and activities occurring in SharePoint.
The company’s primary use of the AvePoint unified data management framework was to set global policies that would govern its content and apply records management policies according to established procedures for storing content. These procedures were dictated by records and legal departments that were not members of IT, meaning that the reporting and tracking mechanism for this system needed to be consumable by both business and technology. With SharePoint and DocAve, the company was able to increase compliance with Rule 17a-4 by regulating collaboration in the financial industry today:
• Communication of broker-dealers both sent and received was preserved in the original format “relating to its business as such.”
• Collaboration users were moved from unsecure platforms (e.g. file shares, e-mail, and wikis) to secure ones such as SharePoint collaboration sites in order to create electronic communications that were accurately tracked.
Health Services
Based in St. Louis Park, MN, Park Nicollet Health Services is an integrated care system that employs more than 8,100 people in clinical and administrative positions. A regular responsibility of Park Nicollet administrators was providing reports for audits, which must be carried out on a constant basis to meet objectives such as the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS). In order to meet compliance standards, Park Nicollet administrators needed the ability to produce reports on the company’s SharePoint environment that showed information such as which end users accessed what data when.
Natively, SharePoint did not provide the ability to track this information and had no means to control the specific categories of information that appeared in the reports. Park Nicollet has a team specifically in charge of meeting compliance issues, but since SharePoint’s native compliance-related functionality was difficult to harness, involvement from the company’s SharePoint administrators was required to produce all reports. With AvePoint’s auditing functionality, however, Park Nicollet could pull reports and view data by numerous attributes, such as by Time Viewed and Modified. This enabled the company to audit securities, investigate usage patterns, and monitor sensitive information. After the initial implementation, the company’s compliance team learned to furnish its own reports easily without input from SharePoint administrators. Refer to the case study on our website for more information.
Energy
Also among AvePoint’s customers is a multinational oil and gas corporation with 170 terabytes (TB) of SharePoint data and 80,000 My Sites. The national government for one of its office locations mandates that 90 days of audit data be kept by the organization. In order to collect this data, the corporation leverages DocAve Report Center’s detailed yet scalable Auditor Reports.
Running DocAve Auditor Reports
DocAve 6 Report Center offers eight Auditor Reports that can be executed at the Web application, site collection, site, and/or list level, with each level accommodating different reports. The following reporting metrics are included in each:
| Data Field | What This Means |
| User | Who has been doing things in SharePoint? |
| Action (e.g. views, updates, check-outs, deletes, permission changes) | What have they been doing? |
| Object type (site collection, site, list, item, folder, or document) | What has been affected by their actions? |
| Location in SharePoint | Where is this activity happening? |
| Time | When did this activity happen? |
Remember that we also provide the following options for increased convenience:
1.) Time Range – Specify a start and end time to pull a list of audit activity. If a site has been vandalized and you know that it happened in the past week, you can limit the report to grab data only from this timeframe. If your organization is being audited and you need to provide all records from the past six months, then you can expand the duration to accommodate this.
2.) Schedule – Set the reports to run automatically on a regular basis so that fresh data is ready for you each time you open Report Center. Alternatively, you can use this feature in conjunction with the Export feature (explained below) to schedule automatic report exports so that you do not even need to log in to DocAve.
3.) Export – Export the Auditor Reports to printable CSV, PDF, or XLSX format. You can set the export destination as either a UNC path (i.e. shared drive) or SharePoint library. When running an ad hoc report, you can also download the export directly to a local folder just as you would any other file from the Internet.
4.) Document Auditing – Report Center offers a SharePoint solution named SP2010DocumentAuditing.wsp that can be deployed to your SharePoint farm. Once the AvePoint Document Auditing feature has been activated at the site collection level, end-users will have an additional option called View Audit History that can be useful for analyzing document activity.
5.) Audit pruning – Your organization is probably not required to keep all its audit data indefinitely. For example, in the case of the aforementioned energy corporation, records only need to be stored for three months – after which they can be expunged from the system to save database space.
DocAve Auditor Reports for Your Business
If there are strict compliance regulations for your company, you are most likely cognizant of them already and should have your own best practices in place for what kind of audit data to collect, how much, and how long to retain it. Such directives tend to stem directly from an industry authority or the government.
The role of DocAve Report Center in all this is simply to gather the necessary data for you and present it in a helpful and intelligible manner. Whether you want to know who deleted a crucial project document or you need to monitor end-user activities as a regular part of your business process, Auditor Reports are a comprehensive, invaluable resource. To download a free trial of DocAve Report Center today, please visit our website.
