Intellectual Property and Trade Secrets Sensitive Customer Information and Data Competitive Advantage Personnel information National Security The Challenge-Legions of compliance obligations and risks to information The onslaught of risk and compliance issues related to Information sharing includes:
Persistent Data (once it’s out there, it’s out there) Simple Authorship Information Transference Information Collection Big Data What’s Changed: Forces Driving Organizational Compliance Obligation Massive amounts circulating content has led to reactive legislative policies and a rethinking of how corporate data is to be managed.
Big Data Addresses inefficiencies in Statistical Sampling Diapers and Beer Language Translation Tracking Spread of Influenza Credit Scores Identification with NAME / ZIPCODE
A Sample of Compliance Standards Operational Security Section 508 Refresh Gramm- Leach-Bliley ITAR
Regulations have common elements Information must be accessible and available to the people who should have access to it and protected from the people who should not Further this information may need to be stored, archived and preserved for some period of time
Building a Compliance Policy Transparency/ Collaboration Data Protection/ Management
Risk assessment: Don’t just focus on what you can see Risk Awareness Risk Ignorance Never in all history have we harnessed such formidable technology. Every scientific advancement known to man has been incorporated into its design. The operational controls are sound and foolproof!” E.J. Smith, Captain of the Titanic
Notable Government Breaches Published private list of city drug offenders and court judgment on their public website. A laptop was stolen containing the personal information of 26 million veteran and active duty troops. This was the largest of many breaches of VA electronic data. Airstrike videos, war documents, and 250,000 diplomatic cables were downloaded by an Army soldier stationed in Iraq. Soldier was authorized to access systems.
Creating and maintaining a compliant environment is a continuous process Balancing transparency and collaboration with data protection and management People Policy and Process Technology Training Governance and Oversight Technical Enforcement
What is Compliance Guardian Real-time or scheduled “visible” and “invisible” content Text or element based Include/exclude filters Scan Alerts and role-based reporting Cross-farm, cross version results roll-up Dashboard with drill-down Trend analysis and historical reports Report Move Delete Quarantine Classify Secure with permissions Act
Compliance Guardian modular architecture CG Content Scanner Crawls through content source SharePoint sources File Shares, Web Sites, Yammer etc..* CG Compliance Engine Checks against defined conditions Uses the AvePoint Testing Language Checks content, elements, framework, context etc.. CG Reporting Engine Compiles and presents scan results Role-specific dashboard views with summary and drill-down Trend reporting and historical analysis API
Undertake Migration Surround Services – Best Practices Approach Assess Design 6 Implement 7 Maintain 1 Diagram New Security Boundaries Architect in GovSec 2 Prioritize 345
Review Compliance Requirements Set Scope for Initial Test Initial Smoke Test Review Results/Refine Rules with early project owners Initial Baseline Scan Results Presentation Meeting Results Analysis and Documentation Recommended Mitigation Initial Meeting
Compliance Guardian roadmap at a glance… Jan 2013- v3 release Support for SharePoint 2007 and 2010 sources Pre-populated test suites for PII, PHI, Accessibility, Sensitive information Role-based management dashboard to monitor compliance status and trends Support for automated, user assisted and verified manual classification and metadata tagging Real-time or scheduled content actions to reduce exposure and risk Q2 2013- v3 CU1 Enhanced test suite editor for greater efficiency when creating/customizing test suites Allow scanning for previous versions 16 new pre-defined test suites mapped to common regulations and compliance initiatives 40+ new pre-defined test files for common violation types Q3 2013- v3 SP1 Support SharePoint 2013 Sources Scan file system for Compliance and Classification scans Scan non-SharePoint web- server for Compliance scans Enhanced risk calculation formulas and report Enhanced Compliance report dashboard and detail reports Site quality and branding test suites including broken links, missing images, Mobile OK Support for automatic tagging of SharePoint Managed Metadata columns Q4 2013- Service Release Enhanced user preferences settings for Compliance Dashboard Enhance site quality features with performance monitoring and metrics Redaction capability for violations within content “Heat Map” to prioritize risk based on location Enhanced reporting of automated actions taken by Compliance Guardian Q1 2014- Service Release User Path Analysis Encryption of test files to protect operational security test suites Enhanced auditing of actions taken within the Compliance Guardian console Scan File System Scan Websites Redaction Heatmaps Encryption of Test Files