Ensuring Compliance as Part of an Infrastructure Optimization Initiative

By Matthew Bretzius posted 05-10-2013 09:47


This is a guest post by Dana Louise Simberkoff, Vice President of Risk Management and Compliance, AvePoint

(Note: This is part of our series “Collaborate with Confidence”. Previous posts: Optimize Microsoft SharePoint to Collaborate with Confidence)

In 2013 and for the foreseeable future, enterprise organizations are facing dramatic cuts in their budgets, yet still being held to as high a standard as ever for performance and service. At the same time, they face unprecedented challenges in an ever-changing regulatory and hyper-competitive environment.  Against the backdrop of drastic industry-wide cost cuts that are leading to infrastructure consolidation mandates – and the disruptive technology trends of Bring Your Own Device (BYOD), enterprise social, private cloud, and big data access – IT organizations must focus on providing the right level of infrastructure and strategic systems to enable businesses to be self-sustaining. The need to react to an ever-changing environment is often impeded by the lack of a unified compliance strategy.

Successful infrastructure management creates increasing compliance pressures for enterprise organizations. Organizations face the question of how to adopt a flexible, collaborative platform and social initiatives while simultaneously ensuring compliance with a growing set of regulations and mandates. Common compliance challenges in infrastructure management include the need to:

  • Automate access and permissions control
  • Enhance protection of intellectual property and sensitive customer data
  • Mitigate the risk of accessibility, operational security, privacy, and site quality violations
  • Provide an accessible, unified platform for sharing information
  • Reduce manual reporting to ensure accuracy and the growing needs of auditors
  • Swiftly identify non-compliant events

A compliance program must include three very important pillars – people, processes and technical enforcement. If Microsoft SharePoint is the system around which an organization is designing the compliance program, it is important to understand who within the organization is using it, what they are using it for, and what kinds of requirements (privacy, information security, etc.) are required either by law, statute, or internal policy.

This understanding will allow a company that is undertaking a server and infrastructure consolidation to analyze their existing SharePoint environment in order to identify areas of non-compliance, prioritize the business needs (based on metrics and policy), diagram new security and access boundaries, architect in governance and security, undertake migration to a “compliant environment”, and maintain control.

One proven approach to achieving this end is the creation of a “model farm”. This farm can be developed in a staging environment to prototype the business uses of SharePoint across the organization; appropriate organizational polices for access, privacy, and information security for those business uses; and also the technical implementation or how to technically achieve those business and policy objectives through the use of automation and oversight. This model farm can then be used as a blueprint for development efforts going forward. It can be utilized as part of a centralized deployment strategy and/or as part of a hybrid on-premises cloud environment to ensure standardization and inter-operability. This provides the best of both worlds and ensures that the business maintains an “always on” environment, and that the information required across the business critical systems is always available and discoverable.

This work done in advance of, or as part of an infrastructure initiative will go a long way in ensuring that your company doesn’t experience catastrophic remediation costs should a breach occur where it might have been easily prevented.

In our next post, John Hodges, Vice President of Global Account Project Management, will discuss SharePoint Infrastructure Management and the cost of doing business.

#compliance #Security #InfrastructureManagement #SharePoint #Collaboration