Webinar presented by Christian Buckley(@buckleyplanet) & Antonio Maio(@AntonioMaio2) on the impacts to governance strategy as organizations begin planning to expand their SharePoint footprint to the cloud -- whether moving entirely to the cloud, or in a hybrid model. Includes comparisons of on prem and online advantages and risks, and a quiz to help organizations plan accordingly.
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SharePoint Governance: Impacts of Moving to the Cloud
1.
2. SharePoint Governance:
Impacts of Moving to the Cloud
What we’ll cover today:
• Cloud Strategy: Office 365 & SharePoint Online
• Important Considerations for Moving to the Cloud
• Investments already made in SharePoint
• Impacts to Data Sovereignty and Regulatory
Compliance
3. About Christian Buckley,
Director of Product Evangelism at Axceler
• Microsoft MVP for SharePoint Server
• Prior to Axceler, worked for Microsoft, part of the Microsoft Managed
Services team (now Office365-Dedicated) and worked as a consultant
in the areas of software, supply chain, grid technology, and
collaboration
• Co-founded and sold a software company to Rational Software.
At E2open, helped design, build, and deploy a SharePoint-like
collaboration platform (Collaboration Manager), onboarding
numerous high-tech manufacturing companies, including Hitachi,
Matsushita, Cisco, and Seagate
• Co-authored ‘Microsoft SharePoint 2010: Creating and Implementing
Real-World Projects’ link (MS Press) and 3 books on software
configuration management.
Twitter: @buckleyplanet Blog: buckleyplanet.com Email: cbuck@axceler.com
4. Axceler Overview
• Improving Collaboration since 2007
• Mission: To enable enterprises to simplify, optimize, and
secure their collaborative platforms
• Delivered award-winning administration and migration
software since 1994, for SharePoint since 2007
• Over 3,000 global customers
• Dramatically improve the management
of SharePoint
• Innovative products that improve security, scalability,
reliability, “deployability”
• Making IT more effective and efficient and lower the total
cost of ownership
• Focus on solving specific SharePoint
problems (Administration & Migration)
• Coach enterprises on SharePoint best practices
• Give administrators the most innovative tools available
• Anticipate customers’ needs
• Deliver best of breed offerings
• Stay in lock step with SharePoint development and market trends
5. About Antonio Maio,
Senior Product Manager at TITUS
• Microsoft MVP for SharePoint Server
• Senior Product Manager bringing over 20 years of experience in both
software development and product management to TITUS.
• Antonio's background includes formal education and experience in
cryptography, public key infrastructure and information security, and
he previously held positions at Corel, Entrust, and several Microsoft
partner organizations. His broad knowledge and experience with
Microsoft SharePoint extends over the last 8 years and centers
particularly around solving security challenges while at the same time
helping customers share the right information with the right people.
Twitter: @antoniomaio2 Blog: trustsharepoint.com Email: antonio.maio@titus.com
6. TITUS Overview
• Data Security & Classification Market Leader
• Over 500 Enterprise Customers
• Over 2 Million Users Deployed
• Customers across Government, Military and Commercial Sectors
• Enhance SharePoint Security
• Ensure the right people access the right information in SharePoint
• Email and Document Marking
• Ensure every email is classified and protectively marked before it is sent
• Ensure every document is classified and protectively marked
• Data Loss Prevention
• Prevent inadvertent disclosure of sensitive information
• User-driven DLP strategy that starts with the user
7. Our goal today:
To help you fill in
some of the pieces of
your planning strategy
for the cloud
8. According to
43% Growth of enterprise spending
on cloud in 2012
$6.1 billion Total spend last year
48% Expected growth of enterprise
spending on cloud in 2013
$9 billion Spend expected this year
9. What is driving cloud
adoption?
Data anytime, anywhere.
It’s all about self-service.
Bring your own device.
Everything is social.
Built for the business user, not IT.
10. Why the cloud is becoming
important to SharePoint
customers
As SharePoint continues to expand its footprint,
companies are demanding flexible architectures to
help them better meet internal and external
collaboration needs
• Reducing costs
• Reducing headcount
• Doing more with less
• Focusing less on traditional IT activities and more on
activities that will help drive the business forward
11. Microsoft in the Cloud
• Office 365 and SharePoint Online
• Microsoft’s solution for Cloud based collaboration
• Includes SharePoint, Yammer, Exchange, Lync, Office Suite, etc.
• Businesses collaborate from virtually anywhere
• World-class hosting and reliability
• Avoid overhead in managing your own infrastructure
12. Benefits
Office 365 & SharePoint
Online
• Low barrier & cost to entry
• Pay per use service plans
• Costs shift from CAPEX to OPEX
• Assurance on scale and high availability
• Professionally managed data center, 24x7 support
• Latest and Greatest - software is always up to date
13. Contrast
Traditional SharePoint On-
Premise
• Manage own infrastructure/servers
• Some part of the business owns or focusses on IT
• Upgrades can be time consuming and costly
• Clear delineation between data ownership &
management
• Clear control over business information
15. Considerations for
SharePoint Online
Customizations
• Benefits
• Enhance SharePoint & Office to solve specific
business problems
• Flexible deployment models
• Restrict access to server resources
to ensure high-availability
• Replaces sandbox solutions
• Microsoft App Marketplace
18. What about my existing
investment in SharePoint?
• Most SharePoint deployments have included
customizations to meet critical business needs
• User Management & Administration
• Security and Compliance
• Auditing, Reporting, Alerting
• User Adoption, Records
• Branding, etc…
• Consider the business
problems you’ve already
invested in solving
20. Managing on prem, the cloud, and hybrid:
Permissions Management
• Perform regular security checks across your
farm, down to the document level
• Proactively review, delete, and reassign user
permissions as needed
• Clean up users who are no longer in
Active Directory but are in SharePoint
• Review SharePoint groups
• Have a process to backup and restore
permissions
• Document site permissions (roles) so that its
easier to duplicate them for new employees
• Monitor SharePoint licensing
21. Managing on prem, the cloud, and hybrid:
Content & Storage
• Monitor and track the growth of sites
for better planning, especially with
migrations
• Analyze web part usage to determine
which sites are using which web parts
• Understand and manage SharePoint
features
• Ensure consistent branding and behavior:
site themes, quotas, regional settings, etc.
22. Managing on prem, the cloud, and hybrid:
Usage and Activity trends
• Analyze activity down to the site, page, and
document level
• Identify who is accessing which documents, including
details on that activity (i.e. checking in a document,
editing a document, or just viewing a document’s
properties)
• Isolate sites that are no longer needed and
delete them
• Compare activity from the past to help
anticipate the future
• Find sites with the most or least activity
23. Managing on prem, the cloud, and hybrid:
Reorganizing your farm
• Proactively manage architecture of your site
collections, sites, lists, libraries, folders and items
within your farm or across farms
• Have a plan for moving content and
structure from test environment to
production environment
• Understand impacts due to
architectural changes or
business changes
24. Consider the Business Problem:
Security and Compliance
• Impacts to Governments, Intelligence
Community, Regulated industries
• SharePoint has great built in security and
compliance capabilities
• At scale, management of security
can be challenging
• Specific industries have strict
regulations on users accessing
certain types of information
25. Consider the Business Problem:
Security and Compliance
• 3rd SharePoint applications to
automate & enhance security
* AIIM report: Extending SharePoint Enterprise Security
26. Data Sovereignty
• Where data lives matters!
• Once information is sent across borders, it’s difficult,
if not impossible, to control
• Impacts to government and regulated industries
• Governments need to ask “Where is my citizens’ data?”
• What are the impacts on citizen data (PII, PHI)?
• Do I have complete control over my data?
• How do we solve this issue?
27. Regulatory Compliance
• Industries need to comply with regulations –
ITAR, HIPAA, ISO 27001, PCI DSS, PII, etc…
• ITAR regulations - restricted access control on controlled
information based on user attributes
• HIPAA regulations address security and privacy of health data
• ISO27001 regulations are formal ISO specification to bring
information security under explicit management control
28. Regulatory Compliance:
Consider ITAR
• ITAR – International Trade in Arms Regulations
• Strict obligations dealing with international trade in weaponry
• Which users can access specific controlled data, the citizenship of
those users, the physical location of those users, etc.
• Office 365 is making good progress
• FISMA awarded, Certified under EU Safe Harbor, EU Model Clauses
• Data Processing Agreement (DPA) for customer data privacy
• FERPA, HIPAA BAA, HITEC requirements supported
• ITAR service plan available (variation of O365 Dedicated Plans)
Devil is in the details…
Do the certifications go far enough to meet your business needs?
Will the way they’re enforced fit with your organization?
30. Self Quiz
As you prepare to move key
workloads to the cloud, here
are some governance
questions to ask yourself:
• What happens to your existing
reporting and metrics? Do the
same KPIs apply to your new
cloud components, or do they
need to be reevaluated?
• Are there any changes to your
ability to manage permissions
across your on-premises and
cloud components? Are the
methods different?
31. Self Quiz
• Do your existing policies remain
in effect, or do you need to adjust
for two models?
• Can you maintain visibility into
your information architecture
and the Managed Metadata in
SharePoint across all farms, or
granularly within individual sites?
• Are you able to track storage
usage across all sites and
site collections?
32. Self Quiz
• What happens to your auditing
and compliance monitoring
capability? Can you still see what
is being accessed, and by whom?
• With your new social capabilities,
how much visibility do you have
into how users are interacting,
where content is being shared,
and how well collaboration is
being achieved?
33. Self Quiz
• If moving content, sites and users
between platforms, how much
visibility will you have around
storage, content database
reports, inactive
users, administrative cleanup of
orphaned users?
• Are you able to setup
management policies and
procedures that span the
various systems? Are you able
to organize and automate
complex preventive and
responsive actions?