It seems that many senior executives today are stuck between a rock and a hard place: How can they encourage collaboration and participation amongst their employees in order to continue increasing business productivity, properly manage the explosion of big data and unstructured content and ensure that they are meeting their specific compliance and regulatory obligations?
Especially with the rampant popularity of enterprise content management systems such as Microsoft SharePoint, the amount of content available and accessible on internet, extranet, and internet sites has exponentially increased. While employees are able to improve collaboration, interact on demand, and integrate “social” into their work environments to more quickly respond to customer needs, there is an explosion of new content.
Now that essentially every employee is a “content contributor”, how do you address the inherent new risks associated with meeting regulatory, statutory and organisational compliance mandates? According to a recent study conducted by the Society of Corporate Compliance and Ethics as well as the Health Care Compliance Association, fears of an accidental breach far outweighs the fears of an intentional one - 61 percent of those surveyed believed an accidental breach by employees was “somewhat or very likely”.
The fear is great, but it seems that for SharePoint deployments, many organisations are turning a blind eye to incorporating the platform into overall compliance strategies. According to a report from AIIM, while 53 percent of those surveyed consider SharePoint their primary ECM system, more than 60 percent of organisations have yet to incorporate their SharePoint deployments with existing compliance policies.
- In summary: SharePoint is a treasure trove of sensitive, unprotected information within many enterprises.
It’s vital to know who is accessing which data, and when, in order to be able to adequately make the right management decisions to ensure SharePoint deployments not only run smoothly and meet the needs of the business, but also abide by compliance regulations. But how do you get there?
Key challenges are as follows:
- Developing a comprehensive plan that performs a site assessment and sets compliance and governance requirements and standards.
- Implementing governance architecture with technical enforcement to efficiently detect SharePoint or file share content/user access that can potentially violate your compliance policy.
- Searching for and identifying classified content leaks and misuse by having securely applied SharePoint permissions, tagging, and security settings.
- Quickly reacting to a security breach or content contamination with a swift quarantine of detrimental data and easy restructuring of security setting and permissions.
Looking specifically at the second challenge, the way to combat this is tracking and locating content and activity - know which individuals are accessing particular content so you can better define storage policies and tier storage according to business criticality.
Here are some steps to take in order to properly track this content on SharePoint:
- Closely monitor content life cycles with item lifecycle reports
- Strictly regulate user-generated content to prevent the creation or uploading of non-compliant, harmful content
- Automate the recording and reporting on all SharePoint events and growth
- Track all user and group activity with real-time or scheduled reports
- Utilise customisable graphical displays and alerts to make intelligent, actionable decisions for storage management policies
- Generate detailed risk-level reports of content containing sensitive data with configurable scans for violations
By taking these steps, you can implement the proper automated access and content controls for your SharePoint deployment to ensure information managed through SharePoint is available and accessible to the people who should have it, and protected from the people who should not.
This not only helps lay the foundation for a successful risk management program, it also enables the business to make the right decisions in terms of storage management while allowing end-users to continue collaborating and increasing business productivity.
Posted by Jeremy Thake, AvePoint