What isgovernance
•   Greek kybernân to steer (a ship)
(including the choice of inaction)
assess therisks and potential costs of non-compliance againstthe projected expenses to achieve compliance,
At the very highest level we are talking aboutmaking the right information available to thepeople who should have it and p...
80%70%                 61%60%50%                               41%40%                                            30%30%20%...
The onslaught of risk and compliance issues related toInformation sharing includes:
By 2016, Gartner predictsthat 20% of CIOs will lose     their job due to information governance     and compliance
“Never in all history have we                     Risk                  harnessed such formidable                   Awaren...
Transparency/   Data Protection/Collaboration    Management
A compliance strategy                          Prevent                Respond                   &                Detect   ...
1 Know who accesses what & when• Record and track all user interactions, security changes, and search queries in any or al...
Prevention              Assign permissions & access to SharePoint site              Assign metadata or policy to content...
Detect             Discover offensive content with real time scans and scheduled              risk reports   Detect    S...
Tracking             Track user activity with the user life cycle repots    Track    Track content life cycle with item ...
Respond & Resolve                Legal hold and tracking  Respond       Archive and encryption     &          Restructu...
randy.williams@avepoint.com@tweetrawslidesha.re/RB2Upd
When governance lacks compliance
When governance lacks compliance
When governance lacks compliance
When governance lacks compliance
When governance lacks compliance
When governance lacks compliance
When governance lacks compliance
When governance lacks compliance
When governance lacks compliance
When governance lacks compliance
When governance lacks compliance
When governance lacks compliance
When governance lacks compliance
When governance lacks compliance
Upcoming SlideShare
Loading in...5
×

When governance lacks compliance

307

Published on

In many companies, SharePoint begins as a grass-roots effort with little thought given to governance, risk and compliance (GRC). Before long, issues with security, storage, site sprawl, and others force us to rethink our long-term SharePoint strategy. Around this time, governance plans are developed and put into place. But, do these plans address the auditing, records management, e-discovery and other legal risks? And does SharePoint’s built-in feature set deliver everything you need to rest soundly? In this session, we’ll raise some questions, share some stories and most-importantly provide answers and much needed guidance to this trending topic.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
307
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • In many companies, SharePoint begins as a grass-roots effort with little thought given to governance, risk and compliance (GRC). Before long, issues with security, storage, site sprawl, and others force us to rethink our long-term SharePoint strategy. Around this time, governance plans are developed and put into place. But, do these plans address the auditing, records management, e-discovery and other legal risks? And does SharePoint’s built-in feature set deliver everything you need to rest soundly? In this session, we’ll raise some questions, share some stories and most-importantly provide answers and much needed guidance to this trending topic.
  • http://www.youtube.com/watch?v=F7pYHN9iC9I.Twenty-six percent of Americans have been told their personal information such as password or credit card number may have been exposed by a data breach, a survey by the security firm McAfee and the National Cyber Security Alliance showed Monday.  Read more at: http://phys.org/news/2012-10-one-fourth-americans-victims-breach.html#jCp
  • Very large Oil & Gas company in Calgary - 50% of the workforce will be retiring in the next five years. How will this change their culture?
  • From Jeremy’s article: Now that essentially every employee is a “content contributor”, how do you address the inherent new risks associated with meeting regulatory, statutory and organisational compliance mandates? According to a recent study conducted by the Society of Corporate Compliance and Ethics as well as the Health Care Compliance Association, fears of an accidental breach far outweighs the fears of an intentional one - 61 percent of those surveyed believed an accidental breach by employees was “somewhat or very likely”.  Fear can be a motivator, but it seems that for SharePoint deployments, many organisations are turning a blind eye to incorporating the platform into overall compliance strategies. According to a report from AIIM, while 53 percent of those surveyed consider SharePoint their primary ECM system, more than 60 percent of organisations have yet to incorporate their SharePoint deployments with existing compliance policies.
  • Health care and compliance association – Jan 2011 (n=518)
  • Fortune 500 energy company in California -- Lawsuit involved $60M in fine records that should have been expunged were found.
  • VA – patient record sharing – Google Docs – huge trouble privacy (PHI). VA employs nearly 280,000Compliance Officers overwhelmed by compliance alerts – 20M alerts per month – 700 SP Servers – how do you manage all of this?Dropbox – innovation demands
  • When governance lacks compliance

    1. 1. What isgovernance
    2. 2. • Greek kybernân to steer (a ship)
    3. 3. (including the choice of inaction)
    4. 4. assess therisks and potential costs of non-compliance againstthe projected expenses to achieve compliance,
    5. 5. At the very highest level we are talking aboutmaking the right information available to thepeople who should have it and protecting it fromthe people who should not.
    6. 6. 80%70% 61%60%50% 41%40% 30%30%20% 13%10% 8%0% Hackers Accidental Accidental 3rd Intentional Intentional gaining employee party breach Employee 3rd party access breach breach breach
    7. 7. The onslaught of risk and compliance issues related toInformation sharing includes:
    8. 8. By 2016, Gartner predictsthat 20% of CIOs will lose their job due to information governance and compliance
    9. 9. “Never in all history have we Risk harnessed such formidable Awareness technology. Every scientific advancement known to manNever in all history have we harnessedsuch formidable technology. Every has been incorporated intoscientific advancement known to man its design. The operational Riskhas been incorporated into its design.The operational controls are sound and controls are sound and Avoidancefoolproof!” foolproof!” E.J. Smith, Captain of theTitanic E.J. Smith, Captain of the Titanic
    10. 10. Transparency/ Data Protection/Collaboration Management
    11. 11. A compliance strategy Prevent Respond & Detect Resolve Track
    12. 12. 1 Know who accesses what & when• Record and track all user interactions, security changes, and search queries in any or all of your Microsoft SharePoint environments2 Track employees’ SharePoint usage• See everything an individual employee or group of employees has done and is doing in your SharePoint environment3 Track an item through its entire life• See what happened to a document, including when it was created and by whom; who has viewed it when; and when it was deleted and by whom4 Audit SharePoint search• See who has performed a search, for what, and when. See how often an item is returned in search results
    13. 13. Prevention  Assign permissions & access to SharePoint site  Assign metadata or policy to content with real time filtering and scheduling  Assign policy access rights and permissions to content stored in Prevent File Shares  Proactive policy enforcement of secure vs. non-secure sites through automated site provisioning & permissions management
    14. 14. Detect  Discover offensive content with real time scans and scheduled risk reports Detect  Search for user permission with security search  Individual user or group profile of security permissions
    15. 15. Tracking  Track user activity with the user life cycle repots Track  Track content life cycle with item life cycle reports
    16. 16. Respond & Resolve  Legal hold and tracking Respond  Archive and encryption &  Restructure permissions & access metadata and security of Resolve content itself
    17. 17. randy.williams@avepoint.com@tweetrawslidesha.re/RB2Upd

    ×