SharePoint Governance: Impacts of Moving to the Cloud


Published on

Webinar presented by myself (@buckleyplanet) and Antonio Maio (@AntonioMaio2) from TITUS on the impacts to governance strategy as organizations begin planning to expand their SharePoint footprint to the cloud -- whether moving entirely to the cloud, or in a hybrid model. Includes comparisons of on prem and online advantages and risks, and a quiz to help organizations plan accordingly.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • [Christian]
  • [Antonio]
  • [Christian]
  • [Antonio]
  • [Christian intro]- Lead into discussion – ask Antonio question about what seeing with customers
  • [Christian]
  • [Christian][Antonio jump in if have comments on the bullets]
  • [Christian][Antonio jump in if have comments on the bullets]
  • [Antonio][Christian jump in with some reinforcing comments]Businesses can collaborate from virtually anywhereAccess across multiple devicesEasy user provisioningFlexibility for hybrid environmentsMicrosoft provides world class hosting and reliability…Which allows organizations to avoid overhead of managing your own infrastructureEasy to manage and control your environmentEnterprise grade reliabilityPlan flexibility - One low monthly price for each user
  • [Antonio]
  • [Antonio][some discussion possibly – understand what you’re business really needs]- Its not about adopting the latest and greatest technology – its about doing what you’re business really needs
  • [Christian starts off]Talk about what has changed between 2010 and 2013Moving from sandbox solution to app model
  • [Antonio to start off][Christian to jump in with points…]Need to be realistic – the app model still needs some maturingWe do not have parity between the capabilities of on-premise solutions and the App modelYou need to understand what’s possible in detail so you can figure out which workloads you can really move to the app model and SharePoint Online
  • [Christian]
  • [Antonio]
  • [Antonio to kick off…]
  • [Christian to kick off]– can start with some of the limitations we’re seeing related to bringing our current customizations into the cloudPlatform is relatively newTalk about “online first” model – how does that impact the cadence in which releases will come to O365 in the futureCould talk about Yammer integration and what’s happening thereParity in the next 12 to 18 months
  • [Christian]
  • [Christian]
  • [Christian]
  • [Christian]
  • [Antonio]- TITUS strengths- Impacts to Governments, Intelligence Community, Regulated industriesSharePoint has great built in security and compliance capabilitiesAt scale, management of security can be challengingSpecific industries have strict regulations on users accessing certain types of informationEnforcing restrictions are a requirement to regulatory compliance3rd SharePoint applications to automate securityAcross large amounts of contentAcross large user bases with diverse identities and clearances
  • [Antonio]Impacts to Governments, Intelligence Community, Regulated industriesSharePoint has great built in security and compliance capabilitiesAt scale, management of security can be challengingSpecific industries have strict regulations on users accessing certain types of informationEnforcing restrictions are a requirement to regulatory compliance3rd SharePoint applications to automate securityAcross large amounts of contentAcross large user bases with diverse identities and clearances
  • [Antonio]Where data actually lives matters!“Once information is sent across borders, it’s difficult, if not impossible, to control”Data is crossing borders and legislation of one country can affect who can access that dataSharePoint is heavily used in Government OrganizationsWhat are the impacts on citizen data (PII, PHI)?What if your data is being stored in China?Australian Government has big challenges with this because of where Office365 data centers are located in the region, which happens to be Singapore and Hong KongMost counties have rules and legislationabout where citizens data can be stored; and using cloud computing where your data can effectively be anywhere is going to be an issue for most governments. There are debates that need to happen around this - and its not only a question that’s technical in nature. Its an issue that needs to be driven from a legal and policy perspective as well. Regulated industries such as the banking industry (who also deal with privacy and security issues) resolved this years ago in relation to how credit card transactions and transfers can be done by consumers anywhere in the world.  As well, some progress is being made in this area with a recent announcement by the Windows Azure team at Microsoft with some new Geo-Location Related features. Developers building solutions on Windows Azure will now be able to choose which data centers their data and/or services are hosted in. This is great progress, and we hope to see similar capabilities making their way to other cloud based solutions in the future.
  • [Antonio]Consider regulatory compliance. Enterprises are feeling greater and greater pressure to comply with the standards that are relevant to their business. There are many standards available to different industries, and the policies can be complex for end users to understand. Often our end users are not required to understand the intricacies of regulatory policies. However, even knowing which information may need to be controlled for compliance reasons can be a real challenge.
  • [Antonio]Office 365 has made good progress in providing features to comply with such regulationsMicrosoft has gone to some serious lengths related to acquiring certifications for various regulatory compliance standards, including FISMA (moderate) level, CUI, ITARA specific service plan is available to commercial customers that have ITAR obligations, which includes the following security features:All ITAR-support plan customers receive their own dedicated service hardware, which is managed to the same FISMA-compliant standards as federal agency customers.All ITAR-support plan customer have their Office 365 service infrastructure hosted in U.S. data centers.Physical, logical, and network access controls ensure that only properly screened Microsoft support and operational personnel have access to Office 365 production systems for ITAR-support plans.Screening standards include validation of U.S. citizenship of all Microsoft support and operational staff before access is granted to Office 365 production systems for ITAR-support plans.Applies to: Exchange Online,SharePoint Online,Lync OnlineThe ITAR Support plan is a variation of the Office 365 dedicated plan for SharePoint Online & Exchange Online, and those dedicated plans typically are very expensive and require a minimum of 5000 users to qualify for a dedicated planMany agencies that are required to comply with ITAR are small engineering and defence contractorsSo for such organizations that may have a few hundred to a thousand employees the dedicated plans are not an option that’s available to them, but they still have the need to comply with such stringent regulations as ITAR
  • [Christian]People attending a webinar on governance usually care a little more about what’s going on in the systemMajority of people that have governance on the mind, there are risks and concerns, there needs to be plans in place
  • [Christian to start, and Antonio to do next one… go back and forth]
  • [Christian]
  • [Antonio to start; Christian to jump in]
  • SharePoint Governance: Impacts of Moving to the Cloud

    1. 1. SharePoint Governance:Impacts of Moving to the CloudWhat we’ll cover today:• Cloud Strategy: Office 365 & SharePoint Online• Important Considerations for Moving to the Cloud• Investments already made in SharePoint• Impacts to Data Sovereignty and Regulatory Compliance
    2. 2. About Christian Buckley, Director of Product Evangelism at Axceler • Microsoft MVP for SharePoint Server • Prior to Axceler, worked for Microsoft, part of the Microsoft Managed Services team (now Office365-Dedicated) and worked as a consultant in the areas of software, supply chain, grid technology, and collaboration • Co-founded and sold a software company to Rational Software. At E2open, helped design, build, and deploy a SharePoint-like collaboration platform (Collaboration Manager), onboarding numerous high-tech manufacturing companies, including Hitachi, Matsushita, Cisco, and Seagate • Co-authored ‘Microsoft SharePoint 2010: Creating and Implementing Real-World Projects’ link (MS Press) and 3 books on software configuration management. Twitter: @buckleyplanet Blog: Email:
    3. 3. Axceler Overview• Improving Collaboration since 2007• Mission: To enable enterprises to simplify, optimize, and secure their collaborative platforms• Delivered award-winning administration and migration software since 1994, for SharePoint since 2007• Over 3,000 global customers• Dramatically improve the management of SharePoint• Innovative products that improve security, scalability, reliability, “deployability”• Making IT more effective and efficient and lower the total cost of ownership• Focus on solving specific SharePoint problems (Administration & Migration)• Coach enterprises on SharePoint best practices• Give administrators the most innovative tools available• Anticipate customers’ needs• Deliver best of breed offerings• Stay in lock step with SharePoint development and market trends
    4. 4. About Antonio Maio, Senior Product Manager at TITUS • Microsoft MVP for SharePoint Server • Senior Product Manager bringing over 20 years of experience in both software development and product management to TITUS. • Antonios background includes formal education and experience in cryptography, public key infrastructure and information security, and he previously held positions at Corel, Entrust, and several Microsoft partner organizations. His broad knowledge and experience with Microsoft SharePoint extends over the last 8 years and centers particularly around solving security challenges while at the same time helping customers share the right information with the right people. Twitter: @antoniomaio2 Blog: Email:
    5. 5. TITUS Overview• Data Security & Classification Market Leader • Over 500 Enterprise Customers • Over 2 Million Users Deployed • Customers across Government, Military and Commercial Sectors• Enhance SharePoint Security • Ensure the right people access the right information in SharePoint• Email and Document Marking • Ensure every email is classified and protectively marked before it is sent • Ensure every document is classified and protectively marked• Data Loss Prevention • Prevent inadvertent disclosure of sensitive information • User-driven DLP strategy that starts with the user
    6. 6. Our goal today:To help you fill insome of the pieces ofyour planning strategyfor the cloud
    7. 7. According to43% Growth of enterprise spending on cloud in 2012$6.1 billion Total spend last year48% Expected growth of enterprise spending on cloud in 2013$9 billion Spend expected this year
    8. 8. What is driving cloudadoption?Data anytime, anywhere.It’s all about self-service.Bring your own device.Everything is social.Built for the business user, not IT.
    9. 9. Why the cloud is becomingimportant to SharePointcustomersAs SharePoint continues to expand itsfootprint, companies are demanding flexiblearchitectures to help them better meet internal andexternal collaboration needs • Reducing costs • Reducing headcount • Doing more with less • Focusing less on traditional IT activities and more on activities that will help drive the business forward
    10. 10. Microsoft in the Cloud• Office 365 and SharePoint Online• Microsoft’s solution for Cloud based collaboration • Includes SharePoint, Yammer, Exchange, Lync, Office Suite, etc.• Businesses collaborate from virtually anywhere• World-class hosting and reliability • Avoid overhead in managing your own infrastructure
    11. 11. BenefitsOffice 365 & SharePointOnline• Low barrier & cost to entry• Pay per use service plans• Costs shift from CAPEX to OPEX• Assurance on scale and high availability• Professionally managed data center, 24x7 support• Latest and Greatest - software is always up to date
    12. 12. ContrastTraditional SharePoint On-Premise• Manage own infrastructure/servers• Some part of the business owns or focusses on IT• Upgrades can be time consuming and costly• Clear delineation between data ownership & management• Clear control over business information
    13. 13. Considerations forSharePoint OnlineCustomizations• Microsoft has introduced the “App Model” • New to Microsoft Office 2013 and SharePoint 2013 • Works On-Premise and in Office 365 SharePoint Online
    14. 14. Considerations forSharePoint OnlineCustomizations• Benefits • Enhance SharePoint & Office to solve specific business problems • Flexible deployment models • Restrict access to server resources to ensure high-availability • Replaces sandbox solutions • Microsoft App Marketplace
    15. 15. Risks with the cloud model
    16. 16. Hang On!Let’s talk about some real world scenarios
    17. 17. What about my existinginvestment in SharePoint?• Most SharePoint deployments have included customizations to meet critical business needs • User Management & Administration • Security and Compliance • Auditing, Reporting, Alerting • User Adoption, Records • Branding, etc…• Consider the business problems you’ve already invested in solving
    18. 18. Maturity of the Office365platform
    19. 19. Managing on prem, the cloud, and hybrid:Permissions Management • Perform regular security checks across your farm, down to the document level • Proactively review, delete, and reassign user permissions as needed • Clean up users who are no longer in Active Directory but are in SharePoint • Review SharePoint groups • Have a process to backup and restore permissions • Document site permissions (roles) so that its easier to duplicate them for new employees • Monitor SharePoint licensing
    20. 20. Managing on prem, the cloud, and hybrid:Content & Storage • Monitor and track the growth of sites for better planning, especially with migrations • Analyze web part usage to determine which sites are using which web parts • Understand and manage SharePoint features • Ensure consistent branding and behavior: site themes, quotas, regional settings, etc.
    21. 21. Managing on prem, the cloud, and hybrid:Usage and Activity trends • Analyze activity down to the site, page, and document level • Identify who is accessing which documents, including details on that activity (i.e. checking in a document, editing a document, or just viewing a document’s properties) • Isolate sites that are no longer needed and delete them • Compare activity from the past to help anticipate the future • Find sites with the most or least activity
    22. 22. Managing on prem, the cloud, and hybrid:Reorganizing your farm• Proactively manage architecture of your site collections, sites, lists, libraries, folders and items within your farm or across farms• Have a plan for moving content and structure from test environment to production environment• Understand impacts due to architectural changes or business changes
    23. 23. Consider the Business Problem:Security and Compliance• Impacts to Governments, Intelligence Community, Regulated industries• SharePoint has great built in security and compliance capabilities • At scale, management of security can be challenging • Specific industries have strict regulations on users accessing certain types of information
    24. 24. Consider the Business Problem:Security and Compliance• 3rd SharePoint applications to automate & enhance security * AIIM report: Extending SharePoint Enterprise Security
    25. 25. Data Sovereignty• Where data lives matters! • Once information is sent across borders, it’s difficult, if not impossible, to control• Impacts to government and regulated industries • Governments need to ask “Where is my citizens’ data?” • What are the impacts on citizen data (PII, PHI)? • Do I have complete control over my data?• How do we solve this issue?
    26. 26. Regulatory Compliance• Industries need to comply with regulations – ITAR, HIPAA, ISO 27001, PCI DSS, PII, etc… • ITAR regulations - restricted access control on controlled information based on user attributes • HIPAA regulations address security and privacy of health data • ISO27001 regulations are formal ISO specification to bring information security under explicit management control
    27. 27. Regulatory Compliance:Consider ITAR• ITAR – International Trade in Arms Regulations • Strict obligations dealing with international trade in weaponry • Which users can access specific controlled data, the citizenship of those users, the physical location of those users, etc.• Office 365 is making good progress • FISMA awarded, Certified under EU Safe Harbor, EU Model Clauses • Data Processing Agreement (DPA) for customer data privacy • FERPA, HIPAA BAA, HITEC requirements supported • ITAR service plan available (variation of O365 Dedicated Plans)Devil is in the details…Do the certifications go far enough to meet your business needs?Will the way they’re enforced fit with your organization?
    28. 28. Understand the risks and develop a plan
    29. 29. Self QuizAs you prepare to move keyworkloads to the cloud, hereare some governancequestions to ask yourself:• What happens to your existing reporting and metrics? Do the same KPIs apply to your new cloud components, or do they need to be reevaluated?• Are there any changes to your ability to manage permissions across your on-premises and cloud components? Are the methods different?
    30. 30. Self Quiz• Do your existing policies remain in effect, or do you need to adjust for two models?• Can you maintain visibility into your information architecture and the Managed Metadata in SharePoint across all farms, or granularly within individual sites?• Are you able to track storage usage across all sites and site collections?
    31. 31. Self Quiz• What happens to your auditing and compliance monitoring capability? Can you still see what is being accessed, and by whom?• With your new social capabilities, how much visibility do you have into how users are interacting, where content is being shared, and how well collaboration is being achieved?
    32. 32. Self Quiz• If moving content, sites and users between platforms, how much visibility will you have around storage, content database reports, inactive users, administrative cleanup of orphaned users?• Are you able to setup management policies and procedures that span the various systems? Are you able to organize and automate complex preventive and responsive actions?
    33. 33.
    34. 34. Thank you! @buckleyplanet @antoniomaio2 presentations blog book governance4hybrid