Presentation is loading. Please wait.

Presentation is loading. Please wait.

SharePoint & Compliance Marc Dreyfus Sr. Compliance Solutions Specialist, CIPP/US.

Similar presentations


Presentation on theme: "SharePoint & Compliance Marc Dreyfus Sr. Compliance Solutions Specialist, CIPP/US."— Presentation transcript:

1 SharePoint & Compliance Marc Dreyfus Sr. Compliance Solutions Specialist, CIPP/US

2  Intellectual Property and Trade Secrets  Sensitive Customer Information and Data  Competitive Advantage  Personnel information  National Security The Challenge-Legions of compliance obligations and risks to information The onslaught of risk and compliance issues related to Information sharing includes:

3  Persistent Data (once it’s out there, it’s out there)  Simple Authorship  Information Transference  Information Collection  Big Data What’s Changed: Forces Driving Organizational Compliance Obligation Massive amounts circulating content has led to reactive legislative policies and a rethinking of how corporate data is to be managed.

4 Big Data Addresses inefficiencies in Statistical Sampling  Diapers and Beer  Language Translation  Tracking Spread of Influenza  Credit Scores  Identification with NAME / ZIPCODE

5

6 Sign of the times Elizabeth Warren

7 A Sample of Compliance Standards Operational Security Section 508 Refresh Gramm- Leach-Bliley ITAR

8 Regulations have common elements Information must be accessible and available to the people who should have access to it and protected from the people who should not Further this information may need to be stored, archived and preserved for some period of time

9 Building a Compliance Policy Transparency/ Collaboration Data Protection/ Management

10 Texas Health Care Provider - Hidden Salaries

11 An Email Thread from my Mortgage Banker

12 Insurance Company, CT – FINRA 11-06 Compliance © 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. Restricted Use for all employees 1000 Users Regulated by FINRA Excluded from SharePoint 2013 Dirty Word Lists SharePoint 2013 Blogs, Wikis, MySites Social

13 Risk assessment: Don’t just focus on what you can see Risk Awareness Risk Ignorance Never in all history have we harnessed such formidable technology. Every scientific advancement known to man has been incorporated into its design. The operational controls are sound and foolproof!” E.J. Smith, Captain of the Titanic

14 US City – Drug Offenders © 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

15 In thinking of potential privacy breaches, how likely do you think the following risks are for your organization? 15 Source: HCCA;, “Data Privacy: How Big a Compliance Challenge?”; January 2011

16 Pfc. Bradley Manning

17 Notable Government Breaches Published private list of city drug offenders and court judgment on their public website. A laptop was stolen containing the personal information of 26 million veteran and active duty troops. This was the largest of many breaches of VA electronic data. Airstrike videos, war documents, and 250,000 diplomatic cables were downloaded by an Army soldier stationed in Iraq. Soldier was authorized to access systems.

18 Creating and maintaining a compliant environment is a continuous process Balancing transparency and collaboration with data protection and management  People  Policy and Process  Technology  Training  Governance and Oversight  Technical Enforcement

19 What is Compliance Guardian Real-time or scheduled “visible” and “invisible” content Text or element based Include/exclude filters Scan Alerts and role-based reporting Cross-farm, cross version results roll-up Dashboard with drill-down Trend analysis and historical reports Report Move Delete Quarantine Classify Secure with permissions Act

20 Demo © 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

21 Compliance Guardian modular architecture CG Content Scanner Crawls through content source SharePoint sources File Shares, Web Sites, Yammer etc..* CG Compliance Engine Checks against defined conditions Uses the AvePoint Testing Language Checks content, elements, framework, context etc.. CG Reporting Engine Compiles and presents scan results Role-specific dashboard views with summary and drill-down Trend reporting and historical analysis API

22 Undertake Migration Surround Services – Best Practices Approach Assess Design 6 Implement 7 Maintain 1 Diagram New Security Boundaries Architect in GovSec 2 Prioritize 345

23 Review Compliance Requirements Set Scope for Initial Test Initial Smoke Test Review Results/Refine Rules with early project owners Initial Baseline Scan Results Presentation Meeting Results Analysis and Documentation Recommended Mitigation Initial Meeting

24 Compliance Guardian roadmap at a glance… Jan 2013- v3 release Support for SharePoint 2007 and 2010 sources Pre-populated test suites for PII, PHI, Accessibility, Sensitive information Role-based management dashboard to monitor compliance status and trends Support for automated, user assisted and verified manual classification and metadata tagging Real-time or scheduled content actions to reduce exposure and risk Q2 2013- v3 CU1 Enhanced test suite editor for greater efficiency when creating/customizing test suites Allow scanning for previous versions 16 new pre-defined test suites mapped to common regulations and compliance initiatives 40+ new pre-defined test files for common violation types Q3 2013- v3 SP1 Support SharePoint 2013 Sources Scan file system for Compliance and Classification scans Scan non-SharePoint web- server for Compliance scans Enhanced risk calculation formulas and report Enhanced Compliance report dashboard and detail reports Site quality and branding test suites including broken links, missing images, Mobile OK Support for automatic tagging of SharePoint Managed Metadata columns Q4 2013- Service Release Enhanced user preferences settings for Compliance Dashboard Enhance site quality features with performance monitoring and metrics Redaction capability for violations within content “Heat Map” to prioritize risk based on location Enhanced reporting of automated actions taken by Compliance Guardian Q1 2014- Service Release User Path Analysis Encryption of test files to protect operational security test suites Enhanced auditing of actions taken within the Compliance Guardian console Scan File System Scan Websites Redaction Heatmaps Encryption of Test Files

25 Additional Resources (Please Click Images or Visit www.AvePoint.com/resources)www.AvePoint.com/resources Customer Success Stories WhitePapers from AvePoint’s Own SharePoint Experts © 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

26

27 © 2012 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

28 The Compliance Reporting Dashboard… © 2012 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

29 Scan on a schedule, on demand or on upload

30 Track Progress and improvements over a period of time

31 Track trends across data sets and Content

32 © 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

33


Download ppt "SharePoint & Compliance Marc Dreyfus Sr. Compliance Solutions Specialist, CIPP/US."

Similar presentations


Ads by Google