information governance securing data to manage risk n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Information Governance: Securing data to manage risk PowerPoint Presentation
Download Presentation
Information Governance: Securing data to manage risk

Loading in 2 Seconds...

play fullscreen
1 / 78

Information Governance: Securing data to manage risk - PowerPoint PPT Presentation


  • 185 Views
  • Uploaded on

Information Governance: Securing data to manage risk. Pablo S áez Montequín Enterprise Account Executive pablo.saez@AvePoint.com | @ psaez. Agenda. Why implement Governance Compliance, Risk, and Privacy Out of the Box Information Management Solutions and Summary.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Information Governance: Securing data to manage risk' - brian


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
information governance securing data to manage risk

Information Governance: Securing data to manage risk

Pablo Sáez Montequín

Enterprise Account Executive

pablo.saez@AvePoint.com | @psaez

agenda
Agenda

Why implement Governance

Compliance, Risk, and Privacy

Out of the Box Information Management

Solutions and Summary

importance of information governance
Importance of Information Governance

Gartner Research: 2016 Prediction

in regulated industries

will lose their jobs for

failing to implement discipline of information governance

20%

CIOs

how much governance is needed
How Much Governance is Needed?

Portal

Community Sites

Visibility

Project/Team Sites

Personal/My Sites

Governance

typical policy categories
Typical Policy Categories

Infrastructure

Operations

Information Architecture

Information Management

Project Management

Leadership

Customization

Adoption

Continuous Improvement

typical issues with no governance
Typical Issues with No Governance

No way to know what to recover when

Breaking SharePoint Boundaries

Search results are too generic

Pure Chaos

No capacity planning(read budget!)

Everyone is to blame (SP Admin)

SharePoint is down due to bad code/cannot upgrade

Users loose faith “I will use dropbox”

We will fix next version migration

compliance standards for consideration
Compliance Standards for Consideration
  • Others
  • Records Management
    • Sarbanes Oxley (SOX)
  • Operational Security (OPSEC)
  • Export Control Requirements (ITAR)
  • Brand and Site monitoring
    • Bad or Broken Links
    • Metadata Policy
    • Improper words or phrases
    • Identity mismanagement
    • Marketing Standards
  • Metadata Policy
    • Risk Level Tagging
    • Dublin Core Metadata Initiative
    • Z39.50 Tagging
    • Custom Vocabularies
    • Pointer Records

Accessibility Compliance

Section 508 and 508 Refresh

Web Content Accessibility Guidelines (WCAG) 1.0

Web Content Accessibility Guidelines (WCAG) 2.0

Canadian Government common Look and Feel

Privacy Compliance

Gramm-Leach Bliley Act (GLBA)

California SB1386 and AB 1950

European Union Safe Harbor

US Section 208

Privacy Act of the USA

UK Data Protection Act

Health Insurance Portability and Accountability Act (HIPAA)

Canadian Personal Information Protection and Electronic

Document Act (PIPEDA)

European Union Data Protection Directive 1995/46

European Union Privacy and Electronic Communications

Directive 2002/58

these laws have common elements
These laws have common elements

Information must be accessible and available to the people who should have access to it and protected from the people who should not

Further this information may need to be stored, archived and preserved for some period of time

some specific risks to consider
Some specific risks to consider…

Confidentiality leaks

—Compromised privacy

Loss of data integrity

No access to or availability of data

how much compliance is needed
How Much Compliance is Needed?

Compliance

Portal

Community Sites

Visibility

Project/Team Sites

Personal/My Sites

management controls and scopes
Management controls and scopes

SharePoint Service Isolation

Service Application Configuration and Data

Blocked File Types

SSL

Farm

Zone

Web Application

Service Application

Web Application

Data Storage SLAs

Content DB

Quotas

Ownership(Full Control)

Site collection

Features

Security Permissions

Top-level site

Sub site

List/Library

Sub site

Security Permissions

[Folder]

Item / Document

some new sp2013 features on this topic
Some new SP2013 features on this topic
  • Central Hub
  • Export to NTFS
  • Preserve in Place
  • eDiscovery
  • Identity
  • Content Mgmt
  • S2S authentication
  • Login tokens in DCS
  • Store and App Catalog
  • Site Based Retention
  • Cross-site Publishing
  • Site Policies
  • From 2007 and 2010: Self Service Sites; Content Types; Metadata Publishing; Information Management;
slide19
How we will Proceed with OOTB features

Central Administration - Service Applications (Shared)

Central Administration - Settings

Site Collection Settings

Site Settings

don t panic plan with end in mind example ia
Don’t panic – plan with end in mind… Example IA

On-PremiseFarm

TEAMS*

EXTRANET

TEAMS

SOCIAL

INTRANET

APPS

<LOB>

Content DB

Content DB

Content DB

Content DB

Site collection

Site collection

Site collection

Site collection

HR

Marketing

Finance

Intranet Home

Finance

Marketing

HR

SEARCH

PROFILE

METADATA

BCS

ServiceFarm

bridging the gaps
Bridging the Gaps

Who is the business owner?

What is the criticality of the site?

Business Approval?

Chargeback or cost model?

building the policies
Building the Policies

Configure SC Audit Settings

Configure Content Type Policy (IRM)

Configure Site Policy (Closure).

Create Content types, Site Columns.

labels have been deprecated in sp2013
Labels have been Deprecated in SP2013

Labels are available for use by default!

don t panic plan with end in mind
Don’t panic – plan with end in mind…

On-PremiseFarm

TEAMS*

EXTRANET

TEAMS

SOCIAL

INTRANET

APPS

<LOB>

Content DB

Content DB

Content DB

Content DB

Site collection

Site collection

Site collection

Site collection

HR

Marketing

Finance

Intranet Home

Finance

Marketing

HR

SEARCH

PROFILE

METADATA

BCS

ServiceFarm

slide66
Gaps

How/Can you enforce it?

Can users leverage this?

How do you tie this into the SLA?

What about access (permissions)?

scenario 1 nda delivered to client
Scenario 1: NDA delivered to Client
  • Attorney:
    • Member of Legal Group
  • Container Security:
    • Legal Group Only

Client A Site

Client A NDA

Client B Site

Are security permissions enough?

scenario 2 fire walls in a bank
Scenario 2: Fire Walls in a Bank
  • Trust and Investment Banker
    • Contoso in investment fund
    • Fund manager divest half of Contoso stock
  • Commercial Loan Officer Approval
    • Contoso ask for a loan for machinery
    • Contoso is denied the loan

SEC now audits to see if insider trading occurs. First auditors checks permissions, find shared

permissions in the employees personal sites.

Commercial Loan Officer has a personal site where anyone in the bank can access files and

They accidently posted loan worksheets there….. Since these are personal sites there

Is no audit logs

scenario 3 4 5
Scenario 3,4,5…
  • PII
  • HIPAA, HiTECH, PHI
  • FERPA
  • Accessibility
  • ITAR
  • PCI, SOX….
compliance standards for consideration1
Compliance Standards for Consideration
  • Others
  • Records Management
    • Sarbanes Oxley (SOX)
  • Operational Security (OPSEC)
  • Export Control Requirements (ITAR)
  • Brand and Site monitoring
    • Bad or Broken Links
    • Metadata Policy
    • Improper words or phrases
    • Identity mismanagement
    • Marketing Standards
  • Metadata Policy
    • Risk Level Tagging
    • Dublin Core Metadata Initiative
    • Z39.50 Tagging
    • Custom Vocabularies
    • Pointer Records

Accessibility Compliance

Section 508 and 508 Refresh

Web Content Accessibility Guidelines (WCAG) 1.0

Web Content Accessibility Guidelines (WCAG) 2.0

Canadian Government common Look and Feel

Privacy Compliance

Gramm-Leach Bliley Act (GLBA)

California SB1386 and AB 1950

European Union Safe Harbor

US Section 208

Privacy Act of the USA

UK Data Protection Act

Health Insurance Portability and Accountability Act (HIPAA)

Canadian Personal Information Protection and Electronic

Document Act (PIPEDA)

European Union Data Protection Directive 1995/46

European Union Privacy and Electronic Communications

Directive 2002/58

avepoint compliance guardian
AvePoint Compliance Guardian
  • Compliance Guardian helps organizations:
  • Address Operational Security (OpSec) and Sensitive Security Information (SSI) requirements and securely manage highly sensitive data.
  • Identify and take action to protect environments from privacy violations.
  • Ensure that content complies with requirements for site quality, brand management, and maintains a consistent look and feel across the organization.
  • Easily validate IT systems, applications, and content against standards-based and custom organizational policies for accessibility.
  • File Systems Compliance
  • SharePoint Compliance
  • Web Compliance
management controls and scopes1
Management controls and scopes

SharePoint Service Isolation

Service Application Configuration and Data

Blocked File Types

SSL

Farm

Zone

Web Application

Service Application

Web Application

Data Storage SLAs

Content DB

Quotas

Ownership(Full Control)

Site collection

Features

Security Permissions

Top-level site

Sub site

List/Library

Sub site

Security Permissions

[Folder]

Item / Document

avepoint governance automation
AvePoint Governance Automation

DocAve Governance Automation

Microsoft SharePoint as a service

SharePoint Content Management

SharePoint Permissions Management

SharePoint Provisioning

SharePoint Lifecycle Management

Based on a Service Catalog with Service Descriptions for full lifecycle support and multilevel approvals

The DocAve Difference: Using the entire DocAve 6 platform as a foundation for governance policy enforcement – including modules for migration, data protection, administration, storage optimization, compliance, and reporting

our strengths about avepoint
Our Strengths: About AvePoint

Partners

Technologies

Solutions

Support

Services

Community

our resources learn more avepoint
Our Resources: Learn More AvePoint

eTutorial Videos

White Papers

Visit www.AvePoint.com/Resources

Customer Success Stories

our goal your satisfaction
Our Goal: Your Satisfaction

US: 1-800-661-6588

AvePoint.com

DocAve.com

Sales@avepoint.com

Contact Sales