1 / 57

Living in a Hybrid World: Compliance and Governance Meet Cloud

Living in a Hybrid World: Compliance and Governance Meet Cloud . Aashish Warty Manager – Technical Solutions Professionals | North America a ashish.warty@avepoint.com @ hashpoint. Agenda. Governance Compliance, Risk, and Privacy Deployment Opportunities SharePoint as a Service.

vivian
Télécharger la présentation

Living in a Hybrid World: Compliance and Governance Meet Cloud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Living in a Hybrid World: Compliance and Governance Meet Cloud Aashish Warty Manager – Technical Solutions Professionals | North America aashish.warty@avepoint.com @hashpoint

  2. Agenda Governance Compliance, Risk, and Privacy Deployment Opportunities SharePoint as a Service

  3. Governance

  4. Importance of Information Governance Gartner Research: 2016 Prediction in regulated industries will lose their jobs for failing to implement discipline of information governance 20% CIOs

  5. What is SharePoint Governance? “Governance is the set of policies, roles,responsibilities, and processes that guides, directs, and controls how an organization’s business divisions and I.T. teams cooperateto achieve business goals.” Microsoft – http://bit.ly/nmNSbj

  6. IT Governance Corporate Governance IT Governance System Governance SharePoint SAP Lotus Notes

  7. How Much Governance is Needed? Portal Community Sites Visibility Project/Team Sites Personal/My Sites Governance

  8. Striking the Balance Usage Control BusinessNeeds TechnicalNeeds

  9. Requirements for IT Governance Tech People Governance Process Policy

  10. People Architects Workload Owners Finance IT Operations Departmental Owners Legal BusinessOwners IT BackOffice Administrators Functional Owners HR Corp. Communications Executive Sponsorship

  11. Typical Policy Categories Infrastructure Operations Information Architecture Information Management Project Management Leadership Customization Adoption Continuous Improvement

  12. Process of Policy Enforcement Manual Semi-Automated Automated • Encouragement • Resource intensive • Human error • PowerShell scripts • 3rd Party Products • Custom apps • 3rd Party Products

  13. Technology: Build vs. Buy Resources Options Time Required SharePoint List + SharePoint Designer SharePoint Administrator 2 Weeks InfoPath SharePoint Designer 8 Weeks InfoPath Developer Custom APIs .Net Coder 3 – 6 Months .NET Developers Multiply for Every Service Request

  14. Typical Policy Categories Infrastructure Operations Information Architecture Information Management Project Management Leadership Customization Adoption Continuous Improvement

  15. Compliance, Risk and Privacy

  16. What is Risk? “Risk is the potential that a chosen action or activity (including the choice of inaction) will lead to a loss (an undesirable outcome). The notion implies that a choice having an influenceon the outcome exists (or existed). Potential losses themselves may also be called "risks". Almost any human endeavor carries some risk, but some are much more risky than others.” - Wikipedia

  17. What is Compliance? Compliance means conforming with stated requirements. Achieved through management processes which identify the applicable requirements Assess the state of compliance Assess the risks and potential costs of non-compliance Prioritize, fund and initiate any corrective actions deemed necessary

  18. What does Compliance mean to us? • Making information available to the people who should have it • Protecting information from the people who should not At the very highest level:

  19. The Challenge-Legions of compliance obligations and risks to information Intellectual property and trade secrets Sensitive customer information and data Collaborations on strategy Personal information Legal and compliance issues Information getting in the wrong hands The onslaught of risk and compliance issues related to Information sharing includes:

  20. Supported Compliance Standards Accessibility Compliance Section 508 and 508 Refresh Web Content Accessibility Guidelines (WCAG) 1.0 Web Content Accessibility Guidelines (WCAG) 2.0 Canadian Government common Look and Feel (CLF) Privacy Compliance COPPA Gramm-Leach Bliley Act (GLBA) California SB1386 and AB 1950 European Union Safe Harbor US Section 208 Privacy Act of the USA UK Data Protection Act Health Insurance Portability and Accountability Act (HIPAA) Canadian Personal Information Protection and Electronic Document Act (PIPEDA) European Union Data Protection Directive 1995/46 European Union Privacy and Electronic Communications Directive 2002/58 Records Management Sarbanes Oxley (SOXs) Operational Security (OPSEC) Export Control Requirements Brand and Site monitoring Bad or Broken Links Metadata Policy Improper words or phrases Identity mismanagement Marketing Standards • Metadata Policy • Risk Level Tagging • Dublin Core Metadata Initiative • Z39.50 Tagging • Custom Vocabularies • Pointer Records

  21. These laws have common elements Information must be accessible and available to the people who should have access to it and protected from the people who should not Further this information may need to be stored, archived and preserved for some period of time

  22. How likely do you think the following privacy breach risks are of occurring? 80% 70% 60% 50% 40% 30% 20% 10% 0% 61% 41% 30% 13% 8% Accidental employee breach Accidental 3rd party breach Intentional Employee breach Intentional 3rd party breach Hackers gaining access Source: HCCA;, “Data Privacy: How Big a Compliance Challenge?”; January 2011

  23. Some specific risks to consider… Confidentiality leaks —Compromised privacy Loss of data integrity No access to or availability of data

  24. Questions to Ask: Designing a Compliance Policy How do we protect the most important data in the enterprise? How do we reduce the risk of exposure? How do we quickly find information? How do we prepare for litigation and eDiscovery? How do we ensure policy consistency? How do we scale the compliance solution to the enterprise? How do we control costs? What is our Cloud Strategy? What is our current compliance status or our “as is”

  25. SharePoint Challenges Deployment can be random Capabilities are understated or unknown Broadly adopted often with little oversight for compliance Success vs. Failure SharePoint Governance and Compliance are vital for Success

  26. Building a Compliance Policy Transparency/Collaboration Data Protection/Management

  27. Creating and maintaining a compliant SharePoint environment is a continuous process People Policy and Process Technology Training Governance and Oversight Technical Enforcement Balancing transparency and collaboration with data protection and management

  28. Compliance & Technical Enforcement Prevent Respond & Resolve Detect Track

  29. Make Control part of the Process 4 2 3 5 6 7 1 Analyze the Current Environment Identify Non-Compliance Prioritize the Business Needs Diagram New Security Boundaries Architect in GovSec Undertake Migration Maintain Control

  30. Deployment Opportunities

  31. Our heads are already in the cloud…

  32. How did we get here?

  33. Service layers Applications Applications Applications Data Data Data Runtime Runtime Runtime Middleware Middleware Middleware O/S O/S O/S Virtualization Virtualization Virtualization Servers Servers Servers Storage Storage Storage Applications Applications Applications SaaS IaaS PaaS

  34. Why? Rapid onboarding “Instant” optimization Effortless move to new versions Strong SLAs Scaling/performance Cost, Move from CapEx to OpEx Cross-organization collaboration Ease storage burden Hype

  35. Why not? Integration with internal systems Ability to customize Test/staging environment Data sovereignty Offline/low bandwidth accessibility Security and availability concerns persist

  36. How do we control?

  37. Management controls and scopes SharePoint Service Isolation Service Application Configuration and Data Blocked File Types SSL Farm Zone Web Application Service Application Web Application Data Storage SLAs Content DB Quotas Ownership(Full Control) Site collection Features Security Permissions Top-level site Sub site List/Library Sub site Security Permissions [Folder] Item / Document

  38. Logical Architecture Farm TEAMS SOCIAL INTRANET Content DB Content DB Content DB Site collection Site collection Site collection HR Marketing Intranet Home Finance Marketing HR

  39. Cloud architecture O365 Farm EXTRANET TEAMS SOCIAL INTRANET Content DB Content DB Content DB Site collection Site collection Site collection Marketing HR Intranet Home Finance Marketing HR

  40. Shared Services Farm Architecture O365 ContentFarm EXTRANET TEAMS SOCIAL INTRANET Content DB Content DB Content DB Site collection Site collection Site collection HR Marketing Intranet Home Finance Marketing HR SEARCH PROFILE METADATA BCS ServiceFarm

  41. Business Critical Architecture O365 Biz Crit Farm ContentFarm EXTRANET TEAMS* TEAMS SOCIAL INTRANET Content DB Content DB Content DB Content DB Site collection Site collection Site collection Site collection HR Finance Marketing Intranet Home Finance Marketing HR SEARCH PROFILE METADATA BCS ServiceFarm

  42. Line of business applications architecture O365 Biz Crit Farm LOBFarm ContentFarm EXTRANET TEAMS* <LOB> TEAMS SOCIAL INTRANET Content DB Content DB Content DB Content DB Site collection Site collection Site collection Site collection HR Marketing Finance Intranet Home Finance Marketing HR SEARCH PROFILE METADATA BCS ServiceFarm

  43. Applications farm architecture O365 Biz Crit Farm AppsFarm LOBFarm On-PremFarm EXTRANET TEAMS* APPS <LOB> TEAMS SOCIAL INTRANET Content DB Content DB Content DB Content DB Site collection Site collection Site collection Site collection Finance HR Marketing Intranet Home Finance Marketing HR SEARCH PROFILE METADATA BCS ServiceFarm

  44. Don’t panic – plan with end in mind… On-PremiseFarm TEAMS* EXTRANET TEAMS SOCIAL INTRANET APPS <LOB> Content DB Content DB Content DB Content DB Site collection Site collection Site collection Site collection HR Marketing Finance Intranet Home Finance Marketing HR SEARCH PROFILE METADATA BCS ServiceFarm

  45. Cloud Readiness Assessment Assess Existing Sites and Content Report on and Classify Content Design Compliant Information Architecture Determine Cloud Migration Approach

  46. Presenting SharePoint as a Service

  47. Service User Request Approval Stages Approval Process Start Execute Request

  48. Configuration Policies

  49. Secure vs. Non-Secure content Regulated Users Non-Regulated Users

  50. Service Offerings

More Related