The SharePoint Customer Journey Turn SharePoint into a Broadly Adopted Compliance and Security Asset

Transcription

1 The SharePoint Customer Journey Turn SharePoint into a Broadly Adopted Compliance and Security Asset Eric Darbe Vice President of Marketing HiSoftware

2 Agenda What if? The compliance and security case for SharePoint Incidents and Accidents Information Security Challenge The SharePoint Information Security Confidence Gap Customer Case Study SharePoint Security and Compliance is a Team Sport Content-Aware Compliance & Security for SharePoint Q&A

3 3 What If?

4 Incidents and Accidents March 2011: University of York leaks students addresses, phone numbers, date of birth, emergency contacts and A-level results. April 2011: Yankees Leak Personal Info Of 20,000 Season Ticket Holders. January June 2011: Surrey County Council x3 breaches of personal information costs 120,000 in fines. January 2012: Secret dossier detailing plans for policing London Olympics left on a train.

5 The Information Security Challenge Diverse, unstructured content that changes all day, every day Documents uploaded / edited communications sent Social collaboration through blogs, wikis and forums External and internal website content Partners and Business Associates Enterprise content will grow 650 percent by percent unstructured - Gartner

6 SharePoint for ECM Microsoft at SharePoint Conference ,000,000 licenses to 65,000 Customers 62,000,000 licenses for SharePoint % of Fortune 500 have SharePoint 700,000 developers working on SharePoint, 1,062 books Organisations want to use SharePoint as their Enterprise Content Management (ECM) platform AIIM s 2011 State of the ECM Industry report: 60% of organisations using SharePoint; 70% in larger organisations. More than half of respondents consider SharePoint their primary ECM system.

7 The SharePoint Confidence Gap Gartner 2011 ECM Magic Quadrant: Enterprises want to use ECM to Achieve Regulatory Compliance and E-Discovery Goals Demonstrate best efforts at organising and managing their information in a proactive manner to meet legal needs. AIIM s 2011 Using SharePoint for ECM report AIIM reports that only 20% of organisations have sufficient confidence in SharePoint security to store sensitive information. Over 60% of organisations have yet to bring SharePoint into line with existing compliance policies.

8 Governance and Site Proliferation SharePoint governance poorly applied, sites blossom scatter like petals* *Jim AdCock Winner of AIIM SharePoint Haiku Contest

9 On the Road to Adoption, Confusion Reigns For adoption you need: Corporate Strategy Defined Governance Compliance Policies Regular Training Content-aware Security User Confidence

10 What you don t know can hurt you? Print VPN Work Stations Mobile????? Hackers?? Virus USB Network Access

11 What is Content-aware? Automatically classify and protect information in SharePoint based on a content scan Look at the entirety of the content Not metadata values or content index Not left up to the user to determine Allows for item-level security in SharePoint

12 Security Sheriff SP Flexible, Content-Aware Rules Engine UK Data Protection Act PHI PII Privacy ICO Guidelines WCAG 2.0 Internal Corporate Policies IP Protection Site Quality Operational Security Accessibility EU Data Protection Directive REPORT CLASSIFY ENCRYPT NOTIFY PREVENT TRACK WORKFLOW

13 Identify Risk Scan Analyse SharePoint content risk Quantify the amount and location of sensitive information Classify Tag sensitive information with metadata indicating type of risk SharePoint metadata field+ HiSoftware controls the field, it cannot be changed

14 Protect Sensitive Information Restrict Limit access to an individual document Regardless of where it physically sits in SharePoint Prevent Stop sensitive content from leaving SharePoint through , print or save as. Ensure s are sent only to appropriate recipients based on classification of attachment. Block inappropriate content from being added to SharePoint Encrypt Ensure that only properly credentialed users are able to read the content, both in and out side of SharePoint

15 Track, Report and Manage Track Know the entire lifecycle of the content in SharePoint. See if a document was ed, printed and by whom Report High level trend reporting and tasks within SharePoint Workflow Manage review and remediation of compliance and security issues

16 SharePoint Security is a Team Sport

17 SharePoint Security is a Team Sport COMPLIANCE Regulations Internal Policies Best practices SECURITY Physical Network Theft SHAREPOINT Site Proliferation User Adoption Governance

18 Case Study: Dept. of Veteran Affairs Need Provide IT services to more than 20 million veterans and over 350,000 agency employees. Safeguard protected health information as well as other personally identifiable information Ensure accessibility compliance for both employees and veterans Solution Proactively ensuring Web accessibility, privacy and data security using Compliance Sheriff to audit and report on: 3,000+ VA sites and Petabytes of Information. Working with HiSoftware to develop model farm to showcase SharePoint in an accessible and compliant environment.

19 What to do tomorrow? 1. Stop playing defence: Use security and compliance as a way to sell benefits of SharePoint. 2. See what line of business managers are using SharePoint for; what they are not and why 3. Take your compliance/security officers out to lunch. 4. Start an information governance conversation with your colleagues. 5. Buy HiSoftware.

20 HiSoftware Solutions for SharePoint Content-aware scanning and classification Item-level security Restrict, encrypt, track and prevent Out of the box regulatory checkpoints Flexible, able to be customised for your unique needs Optimised for SharePoint Easy to deploy and cost-effective

21 Who We Are Provide Solutions for content-aware compliance & information security Founded in 1998; More than 750 public sector and corporate customers globally Based in Nashua, NH; Additional locations in Seattle, WA; Melbourne, AUS

22 Questions Eric Darbe Vice President of Marketing HiSoftware Inc

23 hank You