Accelerating Secure SharePoint Collaboration While Improving Compliance


Published on

View this webinar to hear how BAE Systems Inc, recipient of the 2012 CIO 100 award, manages information sharing on SharePoint. This webinar will discuss the business requirements that BAE seeks to address, their innovative use of information risk management technology to drive business value, and learn why they were recognized by CIO magazine as a CIO 100 Honoree for successfully leveraging SharePoint for collaboration while improving compliance.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Global businesses face the following challenges:Companies have to comply with multiple regulations such as export control for controlled substances, Critical Info Protection Mandates or employee/vendor PII information.They also need to protect customer IP and sensitive information, such as PCI information They have to ensure data security in a global IT infrastructure. In particular, how do they control access to data that is now globally available? How do they manage what data privileged users, such as IT administrators and help desk, can see?They have to protect their IP such as parts specs, process information, as they collaborate with their multi-level supply chain. They have to protect corporate IP such as design specs, E&P data, ingredients list, process information as they collaborate with partners, JVs, and field service partners in global product developmentTo be compliant, global companies often resort to costly manual checks in the business process, which slows down operations. Take for example:1. Manual Regulatory Compliance eg Export ComplianceEngr who produce a doc needs to get it classifiedRequest for doc by foreign employees or partners need to get approval from Compliance OfficerCompliance officer need to check export licenseCompliance officer need to validate contentUpon approval, you to set up access to document All these could take weeks before the document could be share2. IP Protection example Suppose you have a JV with China You need to decide which products, docs can be shared. It could be based on product line, location of access etc You need to set up roles to decide who can access. Your JVs’ contractors, suppliers may also need access You need to create custom ABAP code to regulate access You need to create audit trail for compliance reporting All this will take months to set up, let alone maintain
  • Talking points:-Need to talk to what ITAR is
  • Accelerating Secure SharePoint Collaboration While Improving Compliance

    1. 1. © 2005-2012 NextLabs Inc. Accelerating Secure SharePoint Collaboration while Improving Compliance Lorance Tisdale, Director, Collaboration Services, BAE Systems Keno Green Director, SharePoint Operations, BAE Systems E.K. Koh VP, Solution Management, NextLabs
    2. 2. © 2005-2011 NextLabs Inc.Slide 2 Agenda Common Secure Collaboration Challenges BAE Case Study Business Objectives Requirements Business Functional Solution Approach Lessons Learned Demo Question and Answers
    3. 3. © 2005-2011 NextLabs Inc.Slide 3 Information Risk is Never Far Away…
    4. 4. © 2005-2011 NextLabs Inc.Slide 4 Compliance Engineering Manufacturing Customer Regulatory Jurisdictions Design Partners Suppliers SAP GTS/GRC SAP PLM Service Regulatory Compliance  Costly manual compliance processes  Need to comply with multiple regulations  ITAR, EAR, BAFA, UK ECA etc  CWC, DOE/NRC  PII/ PCI mandates Protect Customer Data  Customers require assurance for intellectual property protection  Customers expect non-conflict of interest IP Protection  Increase in JVs and global partnering increases risk of IP loss IT Access Mgmt & Data Security  Privileged user access, offshore and outsourced IT increase compliance risk  Mobile, global access increases risk of data loss SAP CRM SAP ERP Supply Chain Manager Secure Supply Chain Collaboration  Global supply chain increases risk of IP loss & compliance violations IT Ops Global Process Coordination  IP and Export concerns block system consolidation  Redundant processes, systems reduce competitiveness SAP SCM Security & Compliance Challenges in Global Collaboration
    5. 5. © 2005-2011 NextLabs Inc.Slide 5 What is the cost of Security or Compliance violations?  The US Department of State levied more than $100M in fines for ITAR violation just in the last 2 years. (source: US Dept of State)  In a 2013 study by Ponemon Institute, the average cost of a data breach is $5.4 million per incident. (source: Ponemon Institute)
    6. 6. © 2005-2011 NextLabs Inc.Slide 6 Background- BAE Systems, Inc. Overview Overview BAE Systems, Inc. is a US subsidiary of BAE Systems plc, a leading European Aerospace and Defense Prime Contractor, under a Special Security Agreement (SSA) with the U.S. Government Approximately 35,000 employees and $15B annual revenues. US operations in over 30 states. Global operations in Europe, Central America, and South Africa Business Sectors Electronic Systems Intelligence &Security Land & Armaments Support Solutions Inc (Corporate)
    7. 7. © 2005-2011 NextLabs Inc.Slide 7 Background – Corporate Intranet Objectives Centralize Communication and Sharing The Portal for accessing Applications in BAE Systems Make the right information available to the right people Support collaboration between BAE Systems employees worldwide Minimize the number of Portals across BAE Systems Consolidate a number of Portals that exist within BAE Systems Reduce Operational Costs Prevent Data Spills Automate Audit Automate Provisioning Enforce Compliance
    8. 8. © 2005-2011 NextLabs Inc.Slide 8 Business Requirements - Compliance and Security Export Compliance Requirements Control uploads of Export Controlled Information EAR or ITAR controlled information posted on the site(s) may be or are restricted Procurement/Supplier Management Requirements Prevent disclosure of supplier’s competition sensitive data to a competitor Where another BAE Systems’ Company may be a potential competitor to the supplier Misinterpretation of information if intended use and intent not clearly defined Security Requirements National Security Control Classified information posted onto the site Customer or Company Proprietary Information Control Program specific information General Requirements Information should be properly classified and marked to ensure proper handling Architecture Requirements Ability to support be extended to other BAE Systems Domains Ability to support SharePoint 2010
    9. 9. © 2005-2011 NextLabs Inc.Slide 9 Thank You! Thank you for viewing a preview of our Webinar: Accelerating Secure SharePoint Collaboration while Improving Compliance To watch our complete recording, CLICK HERE. In the remainder of this webinar, you will see the business requirements BAE was looking to address, their innovative use of information risk management technology to drive business value and learn why they were recognized by CIO Magazine as a CIO 100 Honoree for successfully leveraging SharePoint for collaboration while improving compliance.