Welcome!

Industrial IoT Authors: Elizabeth White, Yeshim Deniz, SmartBear Blog, Liz McMillan, Pat Romanski

Related Topics: Microsoft Cloud, Industrial IoT, Microservices Expo, Silverlight, Release Management , SDN Journal

Microsoft Cloud: Article

SharePoint Gone Wild: When Governance Lacks Compliance

Part four of the SharePoint Gone Wild series

If you've missed any previous part of this blog series, you can read them here.

When people think of "compliance" from a Microsoft SharePoint perspective, it can mean a lot of things to a lot of different people. Every organization will have different considerations for compliance: Essentially, which regulations they need to comply with according to their specific industry vertical, including HIPAA/HITECH, DOD 5015, Section 508 and WCAG 1.0 and 2.0.

There are two main drivers for compliance I see in organizations for SharePoint, due to the risk of non-compliance and subsequent legal and financial penalties:

  1. Records Management
  2. Legal e-Discovery

In my post last week on governance and discoverability, I focused on the typical stories I hear around people not being able to find content they need. Compliance takes this a step further, because legal teams and records managers require that the content be available for years to come.

Being in Manhattan, I work with a lot of large financial organizations and one of the most important requirements involves tracking "Regulated Users" activity in SharePoint. These users - based on the sensitivity of their work - are required by law to be tracked for all activity within SharePoint. At any point in time, a court of law can request the organization provide evidence of what content that user has accessed, created, or modified in SharePoint. In the industry this process is called the e-discovery process, and it is essential that the business expectations are set of:

  1. How you obtain information for the courts.
  2. What information you will be able to provide.
  3. An estimated time of delivery for the promised information.

The out-of-the-box auditing features in SharePoint 2010 have some key limitations in this space, specifically regarding the storage of this data over a prolonged period of time (most acts seem to be approximately seven years) as well as the ease of producing a report of an individual user's activity and attached content. The most common format followed by customers with whom I work is Concordance, which is supported by LexisNexis. But more importantly, from a content perspective, the attached content should be exactly what the user viewed, modified, or created at that point in time so versioning here is the key. This can prove hard for wiki pages that have dynamic web parts, and therefore will always render the real-time information rather than the point-in-time information (e.g. a weather web part or stock web part). Consequently, it is important to set the expectations with all involved with this issue as soon as possible.

The legal holds capability of SharePoint 2010 is also required when providing information to the courts concerning records. Although legal holds can be applied to individual documents, there is no easy way of setting legal holds on multiple documents based on reports generated on a user as part of the e-discovery process. The common issue I see with our customers is that business users often assume that this will "just work" and have experienced this streamlined approach in other records management systems. So records managers and those involved in the e-discovery process will have to be aware of this in order to set the proper expectations.

With the business requirement to maintain content to be discoverable for the e-discovery process, a suitable archiving policy needs to be put in place to manage the growth of content within SharePoint. It is important to understand which content is required to be maintained in SharePoint for compliance perspectives, and which content can be archived out of SharePoint to reduce storage consumption. Customers I speak to often struggle with how they plan for growth, especially when maintaining versions of documents. A customer spoke to me recently who said that they had one document with 90 versions which took up 8 gigabytes (GB) of storage space, essentially because SharePoint does not store differentials of files and each version is a complete file. Any "save" command in Word for instance, would mean a new version of the document. It is essential that the planning of the information architecture takes into account the configuration of Lists and Library version settings to be consistent across the environment - and not all these scenarios - unless it is necessary. The best approach to mitigate this is to store all Major versions, but only a set amount of Minor versions and train and encourage users to create Major versions when distributing to other users.

SharePoint is not always the only content repository within an organization, as we talked about in a previous blog post which homed in on appropriateness of content in SharePoint. To reiterate from a compliance perspective, in my experience I have seen customers' concerns around particular sensitive data being stored in SharePoint when it should be stored in other repositories. It is hard to enforce out of the box that users follow the guidelines on where content should go depending on the type of content it is.

From a usability perspective, SharePoint 2010 added many improvements by stating WCAG 2.0 AA compliance. In my experience at customer sites, although organizations are required to obtain Section 508 compliance, the business is not driving this as a priority over other issues mentioned above. In my opinion, I believe it will take a few public financial penalties set out by the courts around Section 508 to drive this requirement. To reach full compliance on Section 508, however, would take significant effort and expertise by modifying how SharePoint 2010 renders.

Edward Cedeno, Product Manager here at AvePoint, has also recently written a related post on Risk-Based Approach to FRCP Rule 26(f) Compliance with DocAve.

More Stories By Jeremy Thake

Jeremy Thake is AvePoint's Chief Architect. Jeremy’s 10-plus years of experience in the software development industry, along with his expertise in Microsoft technologies, earned him the label of “expert” in the global SharePoint community. He was named a Microsoft SharePoint MVP in 2009, and continues to work directly with enterprise customers and AvePoint’s research & development team to develop solutions that will set the standard for the next generation of collaboration platforms, including Microsoft SharePoint 2013.

Jeremy was one of only eight Microsoft MVPs from Australia, where he lived for seven years, who was recognized by the SharePoint Product Team in 2010 for his extensive contributions to the global SharePoint community. He also played an instrumental role in organizing the Perth SharePoint User Group during his time living there.

@ThingsExpo Stories
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
In this presentation, Striim CTO and founder Steve Wilkes will discuss practical strategies for counteracting fraud and cyberattacks by leveraging real-time streaming analytics. In his session at @ThingsExpo, Steve Wilkes, Founder and Chief Technology Officer at Striim, will provide a detailed look into leveraging streaming data management to correlate events in real time, and identify potential breaches across IoT and non-IoT systems throughout the enterprise. Strategies for processing massive ...
SYS-CON Events announced today that Ayehu will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara California. Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infras...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...
SYS-CON Events announced today that Cloud Academy named "Bronze Sponsor" of 21st International Cloud Expo which will take place October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara, CA. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud com...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA
Amazon started as an online bookseller 20 years ago. Since then, it has evolved into a technology juggernaut that has disrupted multiple markets and industries and touches many aspects of our lives. It is a relentless technology and business model innovator driving disruption throughout numerous ecosystems. Amazon’s AWS revenues alone are approaching $16B a year making it one of the largest IT companies in the world. With dominant offerings in Cloud, IoT, eCommerce, Big Data, AI, Digital Assista...
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 21st Int\ernational Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their ...
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists looked at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deliver...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), provided an overview of various initiatives to certify the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide re...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...