Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

When governance lacks compliance


Published on

In many companies, SharePoint begins as a grass-roots effort with little thought given to governance, risk and compliance (GRC). Before long, issues with security, storage, site sprawl, and others force us to rethink our long-term SharePoint strategy. Around this time, governance plans are developed and put into place. But, do these plans address the auditing, records management, e-discovery and other legal risks? And does SharePoint’s built-in feature set deliver everything you need to rest soundly? In this session, we’ll raise some questions, share some stories and most-importantly provide answers and much needed guidance to this trending topic.

Published in: Technology
  • Be the first to comment

When governance lacks compliance

  1. 1. What isgovernance
  2. 2. • Greek kybernân to steer (a ship)
  3. 3. (including the choice of inaction)
  4. 4. assess therisks and potential costs of non-compliance againstthe projected expenses to achieve compliance,
  5. 5. At the very highest level we are talking aboutmaking the right information available to thepeople who should have it and protecting it fromthe people who should not.
  6. 6. 80%70% 61%60%50% 41%40% 30%30%20% 13%10% 8%0% Hackers Accidental Accidental 3rd Intentional Intentional gaining employee party breach Employee 3rd party access breach breach breach
  7. 7. The onslaught of risk and compliance issues related toInformation sharing includes:
  8. 8. By 2016, Gartner predictsthat 20% of CIOs will lose their job due to information governance and compliance
  9. 9. “Never in all history have we Risk harnessed such formidable Awareness technology. Every scientific advancement known to manNever in all history have we harnessedsuch formidable technology. Every has been incorporated intoscientific advancement known to man its design. The operational Riskhas been incorporated into its design.The operational controls are sound and controls are sound and Avoidancefoolproof!” foolproof!” E.J. Smith, Captain of theTitanic E.J. Smith, Captain of the Titanic
  10. 10. Transparency/ Data Protection/Collaboration Management
  11. 11. A compliance strategy Prevent Respond & Detect Resolve Track
  12. 12. 1 Know who accesses what & when• Record and track all user interactions, security changes, and search queries in any or all of your Microsoft SharePoint environments2 Track employees’ SharePoint usage• See everything an individual employee or group of employees has done and is doing in your SharePoint environment3 Track an item through its entire life• See what happened to a document, including when it was created and by whom; who has viewed it when; and when it was deleted and by whom4 Audit SharePoint search• See who has performed a search, for what, and when. See how often an item is returned in search results
  13. 13. Prevention  Assign permissions & access to SharePoint site  Assign metadata or policy to content with real time filtering and scheduling  Assign policy access rights and permissions to content stored in Prevent File Shares  Proactive policy enforcement of secure vs. non-secure sites through automated site provisioning & permissions management
  14. 14. Detect  Discover offensive content with real time scans and scheduled risk reports Detect  Search for user permission with security search  Individual user or group profile of security permissions
  15. 15. Tracking  Track user activity with the user life cycle repots Track  Track content life cycle with item life cycle reports
  16. 16. Respond & Resolve  Legal hold and tracking Respond  Archive and encryption &  Restructure permissions & access metadata and security of Resolve content itself
  17. 17.