enterprise compliance in sharepoint and office 365
DESCRIPTION
A look at compliance in the cloud, compliance in social, and an exploration of social policy with a focus on SharePoint and Office 365.TRANSCRIPT
Tweet me: @joeloleson #AIIM14
SharePoint 2013, Office 365 and Yammer Enterprise Social Compliance
Joel Oleson Director Technical Evangelism ViewDo Labs @joeloleson CollabShow.com
SharePoint Joel “Most Connected Man in Collab”
• Forbes: #1 SharePoint Influencer 2012 • Voted Most Popular SharePoint Blog 2012
SharePointJoel.com now CollabShow.com • Global Epic Traveler -‐ TravelingEpic.com -‐ Over 115 UN
Countries
hVp://www.collabshow.com hVp://www.traveligepic.com
2
Tweet me: @joeloleson #AIIM14
Agenda
• Compliance in the Cloud Wave • Compliance in the Social Wave • Social Policy Explora[on…
Conductor…
hVp://www.ted.com/talks/itay_talgam_lead_like_the_great_conductors.html 19:15
Tweet me: @joeloleson #AIIM14
Compliance in the Cloud Wave
Tweet me: @joeloleson #AIIM14
Understanding Compliance
The act or process of doing what you have been asked or ordered to do… -‐ Webster's Dic[onary
www.aiim.org/infochaos�
Do YOU understand the business challenge of the next 10 years?
This ebook from AIIM President John Mancini explains.
Microsoa Vision for Compliance Features
Empower the User Enable the Compliance Officer
In Place and Extensible
Easy for IT
Exchange, SharePoint, Windows
Outlook, Word, PowerPoint, SharePoint, Mobile Apps
Exchange, SharePoint, Lync, AD, File Server, third parEes Exchange, SharePoint
Microsoa Strategy: In-‐Place
Build compliance into the applica[ons
Index or Ingest to extend
Unify compliance experience and configura[on across the suite
Bloomberg
Immutable
SharePoint
Immutable
Exchange Lync
3rd Party Archives
Compliance
Delete Discover Archive Encrypt Audit DLP Preserve
…
Exchange
SharePoint
Others Archive
eDiscovery and Compliance
Tradi[onal Compliance
Enable Compliance Officers New Compliance Center
Tweet me: @joeloleson #AIIM14
IT Governs Tools Not People
Tweet me: @joeloleson #AIIM14
SharePoint ECM Features Over Time
Tweet me: @joeloleson #AIIM14
SharePoint 2013 eDiscovery • The eDiscovery Center -‐ central SharePoint site used to manage
preserva[on, search, and export of content stored in Exchange and SharePoint across SharePoint farms and Exchange servers.
• SharePoint In-‐Place Hold -‐ preserves en[re SharePoint sites. In-‐Place Hold protects all documents, pages, and list items within the site but allows users to con[nue to edit and delete preserved content.
• Exchange In-‐Place Hold -‐ preserves Exchange mailboxes. In-‐Place Hold protects all mailbox content through the same UI and APIs used to preserve SharePoint sites.
• Query-‐based preservaKon -‐ allows users to apply query filters to one or more Exchange mailboxes and SharePoint sites and restrict the content that is held.
Exchange In-‐Place Archive SharePoint Records Center
Outlook OWA
Retain folder hierarchy
Exchange Dele[on Policies SharePoint Document Dele[on Policies
Exchange Preserva[on SharePoint Preserva[on
Tweet me: @joeloleson #AIIM14
Create an eDiscovery Center
Tweet me: @joeloleson #AIIM14
eDiscovery On Prem & Cloud
Tweet me: @joeloleson #AIIM14
Case Study from Microsoa LCA: Average from FY11-‐13
45 people under legal hold 1.3TB
13 people’s data searched 288.8GB
Reviewed 16.8GB
Produced 4GB Used 249 pp.
Courtesy Microsoa
Pre-Office 2013 eDiscovery workflow at Microsoft Exchange Mailboxes Local Data SharePoint File Shares
Li[ga[on Data
Repository
Data Minimiza[on Tool
Linear Review Tool
Review AVorneys
Tiffing and Produc[on Tool
Produc[on Set
• Completely Outsourced
• Inside Corp Firewall • Managed by MSIT • En[rely MS technology
• Outside Corp Firewall • Co-‐managed by MS FTEs
and Data Center Vendor • Third party technology
Courtesy Microsoa
Office 2013 eDiscovery workflow at Microsoft
• Completely Outsourced
• Inside Corp Firewall • Managed by MSIT • En[rely MS technology
Exchange Servers
Local Data
SharePoint
Linear Review Tool
Review AVorneys
Tiffing and Produc[on Tool
Produc[on Set
File Shares
.pst content Non-‐.pst content
Courtesy Microsoa
Tweet me: @joeloleson #AIIM14
Compliance in the Social Wave
“Controlling Social is like Herding Cats”
courtesy EDS
hVp://www.youtube.com/watch?v=Pk7yqlTMvp8
Business Governs People Not Tools
Key Roles Role DescripKon ResponsibiliKes
Community Manager(s)
Responsible for managing the Yammer community (Typically from Communica[ons or Marke[ng)
Vision/Strategy, User Account mgmt, manages adop[on & policy enforcement
Yambassadors Business embedded influencers who have strong use of the platorm
Provide vision and direc[on for their business units. Explain soc bus value. Report policy viola[ons
Group Admins Manage groups on Yammer and cul[vate conversa[on within teams and groups
Keeps harmony within the group. Monitors conversa[on and engages.
Power User/Contributors
User who has a good understanding for crea[ng polls, following topics, noteboards and leveraging the platorm
Keep policies and engage with the community
Sys Admin Installs apps, configures webparts, AD sync, Profile config
Manages Technical requirements.
Tweet me: @joeloleson #AIIM14
The Problem with Social… So much of the intellectual property in a company is Eed up in the interacEons between people. We see it crisscross many organiza[ons today as email and aVachments… We see it show up as conversa[ons and documents in the network. Jared Spataro, Sr. Director Office Divison, “Puung Social To Work” hVp://blogs.technet.com/b/microsoa_blog/archive/2012/11/12/puung-‐social-‐to-‐work.aspx
Tweet me: @joeloleson #AIIM14
Go Yammer! Yammer is our big bet for enterprise social, and we're commiVed to making it the underlying social layer for all of our products. It will power the social experiences in SharePoint, Office 365, Dynamics, and more. -‐-‐ Jared Spataro, Senior Director, MicrosoI Office Division hVp://blogs.office.com/b/sharepoint/archive/2013/03/19/yammer-‐and-‐sharepoint-‐enterprise-‐social-‐roadmap-‐update.aspx
Yammer of the Future…
Yammer Security • Monitor Keywords • All connec[ons are SSL • Encrypted Email TLS transport if you
support it on your side • All data is considered • Yammer’s offsite SSAE16 SOC1 data
center provides 24/7/365 video surveillance, biometric + pin-‐based locks
• Data is backed up mul[ple [mes per day strong disk encryp[on. Backup SSH
• Internal and external vulnerability scans and penetra[on tests
• Third-‐party in-‐depth quarterly security reviews
Social Compliance Recommenda[ons
• Determine reten[on policies – Regularly export conversa[on streams (i.e. daily, weekly, or monthly)
– Add export CSV file as Record in ECM
• Social Policies • User Agreement
Informa[on Architecture
Cloud Enterprise Informa[on Architecture
Unstructured Structured
Intranet Central Portal
Departmental Sites
Groups and Team Sites & Workspaces Yammer • Groups Office 365 • Team Sites • Email
Personal Storage Fav & Follows • SkyDrive Pro • My Site • My Tasks • My Documents • Docs I’m following • People I’m following
On Prem Cloud
SharePoint 2013 • Department ECM • Doc Mgmt • Workflows • Custom Apps
SharePoint 2013 • Search • News • Naviga[on
Enterprise Informa[on Architecture
Structured
Intranet Central Portal
Departmental Sites
Groups and Team Sites & Workspaces (Non Customized Light branding) Yammer • Groups Office 365 • Team Sites
On Prem Cloud
SharePoint 2013 • Department ECM • Doc Mgmt • Workflows • Custom Apps
SharePoint 2013 • Search • News • Naviga[on
Personal Storage Fav & Follows • SkyDrive Pro • My Site • My Tasks • My Documents • Docs I’m following • People I’m following
Unstructured
Hybrid Enterprise Informa[on Architecture
Unstructured Structured
Intranet Central Portal
Departmental Sites
Groups and Team Sites & Workspaces Yammer • Groups Office 365 • Team Sites • Email
Personal Storage Fav & Follows • SkyDrive Pro • My Site • My Tasks • My Documents • Docs I’m following • People I’m following
On Prem Cloud
SharePoint 2013 • Department ECM • Doc Mgmt • Workflows • Custom Apps
SharePoint 2013 • Search • News • Naviga[on
On Premises Lives On
“When it comes to the cloud, we're "all in," but we're also realis[c. We have a large on-‐premises installed base that's important to us, and we're commiVed to future releases of the server.” -‐-‐ Jared Spataro, Senior Director, MicrosoI Office Division hVp://blogs.office.com/b/sharepoint/archive/2013/03/19/yammer-‐and-‐
sharepoint-‐enterprise-‐social-‐roadmap-‐update.aspx
Third Party Tools Examples
• SharePoint Governance and Compliance – Metalogix – AvePoint
• SharePoint Encryp[on and Security – Cipherpoint – Stealth Soaware
• Yammer Analy[cs and Compliance – ViewDo Labs – Good Data
Takeaways… Q&A
• eDiscovery center is designed for Office 365 and On Premises and requires both if you have both.
• Social Compliance requires governance and policies to be created.
• Establish Social Policies that can be enforced through rou[ne maintenance and with community leader(s)
• Lead and govern don’t try to control