achieving built-in governance with avepoint

Accessible content is available upon request.

Governance StrategiesI’m here! What do I do now? SharePoint Online Governance and beyond.

©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

Senior Product Manager

@ShyamOza

linkedin.com/pub/shyam‐oza/

[email protected]


What’s our Agenda today?


• Governance, Compliance, Administration Basics

• Tools and Governance

• Wrap‐Up


What are we here to really talk about?


Governance


Gartner Research: 2016 Prediction


Don’t just focus on what you can see

RiskAwareness

RiskIgnorance

“Never in all history have we harnessed such formidable technology. Every scientific advancement known to man has been incorporated into its design. The operational controls are sound and foolproof!”

E.J. Smith, Captain of the Titanic


How likely do you think the following privacy breach risks are of occurring?

Hackersgainingaccess

80%

70%

60%

50%

40%

30%

20%

10%

0%Accidental

employee breachAccidental 3rd party breach

IntentionalEmployeebreach

Intentional3rd party breach

Source: HCCA;, “Data Privacy: How Big a Compliance Challenge?”; January 2011

8%

61%

41%

30%

13%


Governance…


What’s Different in SharePoint Online?


• Office 365 Permissions Management

• SharePoint Permissions Management

• Content Management


Your new home…


• Expensive

• Hard to support


What should I do first?


• Immediately switch to the “advanced” Admin Center Experience

• If you’re new to Social, start on Yammer• Enable External Sharing

• Ensure only new sites/experiences can be created


• User IRM, NO EXCUSES!

• Consider upgrading to Azure Rights Management


I want to get fancy


• There are features ONLY accessible via PowerShell


• Software Boundaries and Limits

https://support.office.com/client/SharePoint‐Online‐software‐boundaries‐and‐limits‐8f34ff47‐b749‐408b‐abc0‐b605e1f6d498


• Office.com/Roadmap


Long‐Term Governance Strategy


So …why are we here?


Where do things go off the rails?


We lose track over time…

We get it wrong from the start…


BusinessNeeds

Usage

TechnicalNeeds

Control


SharePoint is the “wild west”

We’ve defined some policies about how SharePoint

should be used

We’ve augmented SharePoint’s admin tools to better

measure compliance and correct issues

We’ve implemented policy‐driven

automation for pro‐active and re‐active enforcement of

policy


Prevent

Monitor

Detect/Report

Respond/Resolve

Replace unstructured provisioning with managed service offerings

Restrict content uploads based on content and context

Report current access permissions to data owners for certification

Log/report on content access and permission changes

Scan and classify content regularly

Report/alert on settings and permission changes that are

out of policy

Report content risk and content policy violations

Revert out of policy settings and security changes with one‐

click or less

Automate action policies to move, delete or secure content that meets defined conditions


Replace unstructured process with

managed services

Monitor, report and revert of out

of policy conditions

Interrogate content, apply classification, report and

resolve violations


Adoption and return on investment (ROI)

Accountability, classification, and chargeback

Business Owners

Service Requests Approval process Auditing Alerting of requests

Business Users

Customizable Approval Processes Policies Service Requests

IT Admins

Service Catalog ConfigurationReporting


Every New Site

Add to Backup Plan• What SLA?

Turn on Auditing?

• How much?

“End of Life” plans?• Approval process?

Externalize BLOBs?

• Where? How?

Who “Owns” it?

Compliance Archiving?

Custom Branding or Design

Elements?


Every New Library

Requires different RPO/RTO?

Needs Auditing?

Template, Content Types,

Metadata?

Requires IRM?Approval?

Compliance Archiving?

Information management policies?


Example Service Offering or SLA

DocAve Gold Silver BronzeArchiver 7 years 3 years 1 yearBackup 1 hour 1 day 1 weekCompliance Reporting Full View + edits Views

Connector Media & Content Content None

Dead AccountCleaning

Weekly Monthly Quarterly

Storage Manager Tier 1 – SAN Tier 2 – NAS Tier 3 – AzureVault Compliance None None

SharePoint

SharePoint Designer Enabled Disabled Disabled

Content Database Isolated DB Shared Shared

Quota 100Gb 50Gb 10Gb


ProjectsGold

All ManagementAD GroupsProject Site Template2‐stage

AD User

Project Purpose

HRGold, Silver

HR Mgmt. AD GroupEmployee Site Template2‐stage

AD User

Employee Department

SalesSilver, Bronze

Sales Management AD GroupCustomer Site Template2‐stage

AD User

ACC Type: EPG/SMB/FIN

Policies

Security

CustomizationsApproval ProcessBusiness ContactClassification


StartGovernance Automation

Customer Workflow T

Approval Process Execute Request

User Request Up to 3 Approval Stages

WFWF

F

WF


Monitoring for out of policy conditions…


Configurations


Features


Permissions


PE Rule Libraries: Custom Rules

Customers are not limited to rules we’ve supplied

Custom rules can leverage 40+ rule triggers

POWERFUL competitive advantage


Enforcing Content ComplianceAssumptions vs Reality

The “Compliance Assessment”


What is Compliance Guardian

•SharePoint (2007, 2010, 2013), File Shares, Web Sites, Web Applications•Real‐time or scheduled•“visible” and “invisible” content•Text or element based•Include/exclude filters

Scan

•Alerts and role‐based reporting•Enterprise‐wide scan results roll‐up•Dashboard with drill‐down and risk prioritization•Trend analysis and historical reports

Report

•Move•Delete•Quarantine•Classify•Secure with permissions

Act


Managed service offerings

Content compliance discovery

Monitor, report and revert


Prevent

Monitor

Detect/Report

Respond/Resolve

Replace unstructured provisioning with managed service offerings

Restrict content uploads based on content and context

Report current access permissions to data owners for certification

Log/report on content access and permission changes

Scan and classify content regularly

Report/alert on settings and permission changes that are

out of policy

Report content risk and content policy violations

Revert out of policy settings and security changes with one‐

click or less

Automate action policies to move, delete or secure content that meets defined conditions


Wrap‐Up

achieving built-in governance with avepoint

Technology