Injustice - Developers Among Us (SciFiDevCon 2024)
Enterprise Compliance in SharePoint and Office 365
1.
Tweet
me:
@joeloleson
#AIIM14
SharePoint
2013,
Office
365
and
Yammer
Enterprise
Social
Compliance
Joel
Oleson
Director
Technical
Evangelism
ViewDo
Labs
@joeloleson
CollabShow.com
2. SharePoint
Joel
“Most
Connected
Man
in
Collab”
• Forbes:
#1
SharePoint
Influencer
2012
• Voted
Most
Popular
SharePoint
Blog
2012
SharePointJoel.com
now
CollabShow.com
• Global
Epic
Traveler
-‐
TravelingEpic.com
-‐
Over
115
UN
Countries
hVp://www.collabshow.com
hVp://www.traveligepic.com
2
3.
Tweet
me:
@joeloleson
#AIIM14
Agenda
• Compliance
in
the
Cloud
Wave
• Compliance
in
the
Social
Wave
• Social
Policy
Explora[on…
5.
Tweet
me:
@joeloleson
#AIIM14
Compliance
in
the
Cloud
Wave
6.
Tweet
me:
@joeloleson
#AIIM14
Understanding
Compliance
The
act
or
process
of
doing
what
you
have
been
asked
or
ordered
to
do…
-‐
Webster's
Dic[onary
7. www.aiim.org/infochaos
Do
YOU
understand
the
business
challenge
of
the
next
10
years?
This
ebook
from
AIIM
President
John
Mancini
explains.
8. Microsoa
Vision
for
Compliance
Features
Empower
the
User
Enable
the
Compliance
Officer
In
Place
and
Extensible
Easy
for
IT
Exchange,
SharePoint,
Windows
Outlook,
Word,
PowerPoint,
SharePoint,
Mobile
Apps
Exchange,
SharePoint,
Lync,
AD,
File
Server,
third
parEes
Exchange,
SharePoint
9. Microsoa
Strategy:
In-‐Place
Build
compliance
into
the
applica[ons
Index
or
Ingest
to
extend
Unify
compliance
experience
and
configura[on
across
the
suite
Bloomberg
Immutable
SharePoint
Immutable
Exchange
Lync
3rd
Party
Archives
Compliance
DeleteDiscoverArchive EncryptAudit DLP Preserve
…
Exchange
SharePoint
Others
Archive
eDiscovery
and
Compliance
Tradi[onal
Compliance
11.
Tweet
me:
@joeloleson
#AIIM14
IT
Governs
Tools
Not
People
12.
Tweet
me:
@joeloleson
#AIIM14
SharePoint
ECM
Features
Over
Time
13.
Tweet
me:
@joeloleson
#AIIM14
SharePoint
2013
eDiscovery
• The
eDiscovery
Center
-‐
central
SharePoint
site
used
to
manage
preserva[on,
search,
and
export
of
content
stored
in
Exchange
and
SharePoint
across
SharePoint
farms
and
Exchange
servers.
• SharePoint
In-‐Place
Hold
-‐
preserves
en[re
SharePoint
sites.
In-‐
Place
Hold
protects
all
documents,
pages,
and
list
items
within
the
site
but
allows
users
to
con[nue
to
edit
and
delete
preserved
content.
• Exchange
In-‐Place
Hold
-‐
preserves
Exchange
mailboxes.
In-‐Place
Hold
protects
all
mailbox
content
through
the
same
UI
and
APIs
used
to
preserve
SharePoint
sites.
• Query-‐based
preservaKon
-‐
allows
users
to
apply
query
filters
to
one
or
more
Exchange
mailboxes
and
SharePoint
sites
and
restrict
the
content
that
is
held.
17.
Tweet
me:
@joeloleson
#AIIM14
Create
an
eDiscovery
Center
18.
Tweet
me:
@joeloleson
#AIIM14
eDiscovery
On
Prem
&
Cloud
19.
Tweet
me:
@joeloleson
#AIIM14
20. Case
Study
from
Microsoa
LCA:
Average
from
FY11-‐13
45
people
under
legal
hold
1.3TB
13
people’s
data
searched
288.8GB
Reviewed
16.8GB
Produced
4GB
Used
249
pp.
Courtesy
Microsoa
21.
Pre-Office 2013 eDiscovery workflow at Microsoft
Exchange
Mailboxes
Local
Data
SharePoint
File
Shares
Li[ga[on
Data
Repository
Data
Minimiza[on
Tool
Linear
Review
Tool
Review
AVorneys
Tiffing
and
Produc[on
Tool
Produc[on
Set
• Completely
Outsourced
• Inside
Corp
Firewall
• Managed
by
MSIT
• En[rely
MS
technology
• Outside
Corp
Firewall
• Co-‐managed
by
MS
FTEs
and
Data
Center
Vendor
• Third
party
technology
Courtesy
Microsoa
22. Office 2013 eDiscovery workflow at Microsoft
• Completely
Outsourced
• Inside
Corp
Firewall
• Managed
by
MSIT
• En[rely
MS
technology
Exchange
Servers
Local
Data
SharePoint
Linear
Review
Tool
Review
AVorneys
Tiffing
and
Produc[on
Tool
Produc[on
Set
File
Shares
.pst
content
Non-‐.pst
content
Courtesy
Microsoa
23.
Tweet
me:
@joeloleson
#AIIM14
Compliance
in
the
Social
Wave
24. “Controlling
Social
is
like
Herding
Cats”
courtesy
EDS
hVp://www.youtube.com/watch?v=Pk7yqlTMvp8
26. Key
Roles
Role
DescripKon
ResponsibiliKes
Community
Manager(s)
Responsible
for
managing
the
Yammer
community
(Typically
from
Communica[ons
or
Marke[ng)
Vision/Strategy,
User
Account
mgmt,
manages
adop[on
&
policy
enforcement
Yambassadors
Business
embedded
influencers
who
have
strong
use
of
the
platorm
Provide
vision
and
direc[on
for
their
business
units.
Explain
soc
bus
value.
Report
policy
viola[ons
Group
Admins
Manage
groups
on
Yammer
and
cul[vate
conversa[on
within
teams
and
groups
Keeps
harmony
within
the
group.
Monitors
conversa[on
and
engages.
Power
User/
Contributors
User
who
has
a
good
understanding
for
crea[ng
polls,
following
topics,
noteboards
and
leveraging
the
platorm
Keep
policies
and
engage
with
the
community
Sys
Admin
Installs
apps,
configures
webparts,
AD
sync,
Profile
config
Manages
Technical
requirements.
27.
Tweet
me:
@joeloleson
#AIIM14
The
Problem
with
Social…
So
much
of
the
intellectual
property
in
a
company
is
Eed
up
in
the
interacEons
between
people.
We
see
it
crisscross
many
organiza[ons
today
as
email
and
aVachments…
We
see
it
show
up
as
conversa[ons
and
documents
in
the
network.
Jared
Spataro,
Sr.
Director
Office
Divison,
“Puung
Social
To
Work”
hVp://blogs.technet.com/b/microsoa_blog/archive/2012/11/12/puung-‐social-‐to-‐work.aspx
28.
Tweet
me:
@joeloleson
#AIIM14
Go
Yammer!
Yammer
is
our
big
bet
for
enterprise
social,
and
we're
commiVed
to
making
it
the
underlying
social
layer
for
all
of
our
products.
It
will
power
the
social
experiences
in
SharePoint,
Office
365,
Dynamics,
and
more.
-‐-‐
Jared
Spataro,
Senior
Director,
MicrosoI
Office
Division
hVp://blogs.office.com/b/sharepoint/archive/2013/03/19/yammer-‐and-‐sharepoint-‐
enterprise-‐social-‐roadmap-‐update.aspx
30. Yammer
Security
• Monitor
Keywords
• All
connec[ons
are
SSL
• Encrypted
Email
TLS
transport
if
you
support
it
on
your
side
• All
data
is
considered
• Yammer’s
offsite
SSAE16
SOC1
data
center
provides
24/7/365
video
surveillance,
biometric
+
pin-‐based
locks
• Data
is
backed
up
mul[ple
[mes
per
day
strong
disk
encryp[on.
Backup
SSH
• Internal
and
external
vulnerability
scans
and
penetra[on
tests
• Third-‐party
in-‐depth
quarterly
security
reviews
31. Social
Compliance
Recommenda[ons
• Determine
reten[on
policies
– Regularly
export
conversa[on
streams
(i.e.
daily,
weekly,
or
monthly)
– Add
export
CSV
file
as
Record
in
ECM
• Social
Policies
• User
Agreement
33. Cloud
Enterprise
Informa[on
Architecture
Unstructured
Structured
Intranet
Central
Portal
Departmental
Sites
Groups
and
Team
Sites
&
Workspaces
Yammer
• Groups
Office
365
• Team
Sites
• Email
Personal
Storage
Fav
&
Follows
• SkyDrive
Pro
• My
Site
• My
Tasks
• My
Documents
• Docs
I’m
following
• People
I’m
following
On
Prem
Cloud
SharePoint
2013
• Department
ECM
• Doc
Mgmt
• Workflows
• Custom
Apps
SharePoint
2013
• Search
• News
• Naviga[on
34. Enterprise
Informa[on
Architecture
Structured
Intranet
Central
Portal
Departmental
Sites
Groups
and
Team
Sites
&
Workspaces
(Non
Customized
Light
branding)
Yammer
• Groups
Office
365
• Team
Sites
On
Prem
Cloud
SharePoint
2013
• Department
ECM
• Doc
Mgmt
• Workflows
• Custom
Apps
SharePoint
2013
• Search
• News
• Naviga[on
Personal
Storage
Fav
&
Follows
• SkyDrive
Pro
• My
Site
• My
Tasks
• My
Documents
• Docs
I’m
following
• People
I’m
following
Unstructured
35. Hybrid
Enterprise
Informa[on
Architecture
Unstructured
Structured
Intranet
Central
Portal
Departmental
Sites
Groups
and
Team
Sites
&
Workspaces
Yammer
• Groups
Office
365
• Team
Sites
• Email
Personal
Storage
Fav
&
Follows
• SkyDrive
Pro
• My
Site
• My
Tasks
• My
Documents
• Docs
I’m
following
• People
I’m
following
On
Prem
Cloud
SharePoint
2013
• Department
ECM
• Doc
Mgmt
• Workflows
• Custom
Apps
SharePoint
2013
• Search
• News
• Naviga[on
36. On
Premises
Lives
On
“When
it
comes
to
the
cloud,
we're
"all
in,"
but
we're
also
realis[c.
We
have
a
large
on-‐
premises
installed
base
that's
important
to
us,
and
we're
commiVed
to
future
releases
of
the
server.”
-‐-‐
Jared
Spataro,
Senior
Director,
MicrosoI
Office
Division
hVp://blogs.office.com/b/sharepoint/archive/2013/03/19/yammer-‐and-‐
sharepoint-‐enterprise-‐social-‐roadmap-‐update.aspx
37. Third
Party
Tools
Examples
• SharePoint
Governance
and
Compliance
– Metalogix
– AvePoint
• SharePoint
Encryp[on
and
Security
– Cipherpoint
– Stealth
Soaware
• Yammer
Analy[cs
and
Compliance
– ViewDo
Labs
– Good
Data
38.
39. Takeaways…
Q&A
• eDiscovery
center
is
designed
for
Office
365
and
On
Premises
and
requires
both
if
you
have
both.
• Social
Compliance
requires
governance
and
policies
to
be
created.
• Establish
Social
Policies
that
can
be
enforced
through
rou[ne
maintenance
and
with
community
leader(s)
• Lead
and
govern
don’t
try
to
control