Supplementing SharePoint Governance with Adaptive Tooling – Security Labs Update

SharePoint governance, throughout the various versions of the product has remained a difficult concept and technical task for organizations to tackle. Part of the fundamental problem with SharePoint governance arises from the lack of adaptive tooling within the product to provide organizations with a logical path towards genuine Enterprise Content Governance (ECoG). Organizations are encountering dire needs to lower operational costs while maintaining a competitive edge through controlling and properly structuring content, optimizing their existing investments while improving corporate efficiency. As a side effect of this action, compliance issues can be managed and maintained, as well as the overall footprint of the SharePoint effort is increased.

How does one define what SharePoint ECoG truly is? Simply put, SharePoint ECoG is making certain your organizational content in SharePoint is logically structured, controlled, managed, and secured with the ultimate end goal of:

  • Reducing Total Cost of Ownership (TCO) of the SharePoint information architecture
  • Minimizing exposure to compliance risks
  • Increasing worker productivity
  • Guarding the organization’s key knowledge assets

While all of these goals are crucial when determining the effectiveness of a SharePoint governance strategy, it is also important to maintain a consistent focus on maintaining reasonable content quality that has the appropriate security mechanisms in place.

The balance between the content budding that SharePoint often cultivates while keeping within the constraints of compliance (both internal, as well as external) is a fundamental issue that organizations face with successful SharePoint deployments. Atomic content growth, when unchecked, can cause a multitude of user evident issues such as content not being able to be found, immediate impact on storage, and an assortment of security concerns.

ARB Security Solutions Approach

In order to solve this dilemma, the ARB Security Solutions is in the final testing of the only tooling designed from the ground up as a security and governance platform. The GovernanceCenter for SharePoint™software package tackles governance issues using acclimatized security remediation processes that have been designed in the field by SharePoint security and governance integrators. Nearly 75% of the organizations that have been testing the GovernanceCenter for SharePoint™platform have discovered redundancies and malformed security settings that have the potential to cause operational and financial issues. Coupled with increasing regulations around collaborative storage environments, means to reduce their impact upon a business is bound to be of great financial and user benefit.

Providing the means to take a security model and apply it to an entire SharePoint environment, the GovernanceCenter for SharePoint™software suite tackles regulatory and corporate governance requirements by managing the security and disposition of information. The information governance capabilities built into GovernanceCenter for SharePoint™have helped ARB Security Solutions customers meet requirements for Sarbanes-Oxley, HIPAA, document retention and business continuity. The SecureCenter governance framework delivers seamless and holistic security governance within your environment while increasing service quality. It improves service cost management across service delivery channels, operational SharePoint support systems, and business support systems.

To find out more about how the security integrators at ARB Security Solutions are improving governance in SharePoint 2007 and 2010, please find more about our efforts in the labs.


Department Of Defense SharePoint Architecture Guide (DSAG) Part 1 – Introduction And DIEA

I always wanted to put together SharePoint defense industry documentation because of 90% of my career being contracted with the Air Force but never found the time. Oddly enough, I did when I went private sector and only did part-time side federal contracts though :-)

The SharePoint 2010 Department of Defense Architecture Guide is an effort to minimize the friction of a SharePoint deployment into a DoD owned entity. While the focal point of the document is targeted to SharePoint 2010, the larger target is building collaborative tooling in the federal defense industry, and thus has broader applicability.

This compiled, preliminary effort focuses on structuring the fundamental standards required when constructing SharePoint environments within the defense industry. There are innate difficulties when putting together such documentation. The ostensibly more static federal computing infrastructure assimilating dynamic platforms such as SharePoint is a invariable struggle for those that wish to stay on the bleeding edge within a federal environment. I believe this is because of two main reasons:

1) Investment Guidance – Presently for a DoD owned entity (i.e. an entity that while potentially being under another entity is autonomous enough that they have the capability to fuel single, enterprise projects) understanding the investment and return has no baseline standardization, even for those more esoteric, abstruse benefits. This complicates the decision making process since interim forecasting becomes impossible, making it complex to hash out requirements and activities.

2) Lack Of Context – The implementation process of a SharePoint solution into a federal environment is commonly not parallel to those within the healthcare industry. Most federal solutions require a pre-existing context in which to assimilate SharePoint into. Furthermore, this context is progressively more complicated because it involves high-level consideration for concepts like implementation rules to more low-level considerations like constraints.

In order to solve these as well as other conundrums, there has to be baseline documentation established that does numerous things. Preferably this should allow a description of federal SharePoint resources, how they can be operated and managed within the context of a DoD entity, allowing contemporary solutions to be implemented while still ensuring the needs of the DoD are met. Ideally, this should cultivate more interoperable SharePoint environments that not only enable collaboration within a unit or with unit and parent entity, but rather within a branch and even between branches. Since information is a strategic asset, in order to make the most conversant tactical decisions it is obligatory to institute these collaborative defense semantics, this should facilitate better data sharing.

To do this, several of the foundation DoD concepts are going to be introduced and integrated within the terms of building collaborative tooling, in turn this should allow the exposure of the common foundation attributes that can extend over various deployments. Not only will this fortify the particular entity that is deploying SharePoint, but should also allow better collaboration to be cultivated between mission partners. This means consuming DoD implementation standards and weaving it with SharePoint solution building guidance taking into account current policies, directives, visions, and strategies (i.e. NetOps Strategic Vision). The most important of these that are going to be taken into consideration is Defense Information Enterprise Architecture (DIEA) 1.0. This type of foundation is one that offers support. At the same time though it is able to radically augment the transporting speed for that information to net centric operations (competitive war fighting advantage through the robust networking of well informed geographically dispersed forces) for the DoD. This allows them to be able to more easily identify barriers that they have to permeate.

With the information available through the Defense Information Enterprise (the DoD information resources, assets, and processes required to achieve an information advantage and share information across the Department of Defense and with mission partners), everything is available for review. This includes fundamental information, resources including assets, and the ability for an array of information to be shared through communications that this entity has with other layers of the department. There are standards in place to assist with the various types of operations on the management level. This allows the mission of all the fundamentals to successfully be sent throughout the department.

There are many different components that make up the overall portfolio for the DoD. When net centricity is initiated there is still the ability to continue being in compliance with the investments made by the IT department, even when considering collaborative tooling such as SharePoint. Everything that is part of the policies and procedures for management and guidance are included here. This gives the full range of action to be carried out through the use of this type of information architecture.
The DoD has such a program so that they are able to continue offering excellence in the area of IT. They have been very commanding in the area of developing standards including the Universal Core (UCore) XML-based data exchange standard and messaging framework. This is facilitated through Net Centric Core Enterprise Services known as NCES.

The DoD IT allows benefits from the use of shared commuting and communications. They have an infrastructure that works with the Global Information Grid (GIG). The GIG is The GIG includes any DoD system, equipment, software, or service that transmits, stores, or processes DoD information, and any other associated services necessary to achieve information superiority. The DoD also has stand alone information that can be embedded and that is self-contained. That type of information won’t be accessible through the enterprise network. One of their focuses is on creating policies and guidelines is it offers an opportunity for common goals to be reached. The ability to make important decisions based on what is going on with the net centric operation is very important. This makes it a valuable investment and also opens up ample supplementary opportunities.

With the DIEA there is unity for the various concepts found in the net centric strategies. This allows for common goals and policies to be part of the overall solution, including the acceleration of collaborative tooling deployment. The vision that the DoD has is to be able to offer a united system that all can benefit from. This will offer them many advantages that they can share with their partner groups and mission partners.

These advantages include offering an environment where sharing can take place. The data information will be visible as well as easily manageable to those that need it. Plus, everything will be austere to understand and only accessed through a trusted environment with apposite security measures in place. The network will be protected with an infrastructure that makes it possible for the operations to offer both dynamic and interoperable levels of communications. A variety of capabilities for commuting will be offered so that all of the tasks can be completed within that infrastructure.

Through the DIEA there is the ability to add more content to any policies that are already in place. The goal is to make sure that adequate guidance is in place within that framework for the DoD to function at a very high level. There are many rules, principles, and constraints that allow them to only take part in the very best of practices. This won’t be limited by the components of the program.

It is all going to abide by the compliance measures that have to be in place with the net centric vision. The collaborative efforts will be successful too due to the way in which information sharing is offered. It is important to understand that the current revision, Defense Information Enterprise Architecture 1.0, won’t be replacing any of the underlying policies that are already in place. The basic framework is going to continue as it already is.

However, the main benefit of this program is that it allows all of the different areas of the department to be tied together. They can follow the same types of framework to get addition guidance but to also stay within the set policies. This is going to offer more power to those that have to make decisions regarding the DoD and the components found within the portfolio.

This program is going to have a solid impact on the way in which decisions are made for the DoD. The rules will be linked to policies and standards that are part of the overall model. DIEA 1.0 allows well informed communications on important issues to be discussed. As a result it will also continue to make a stronger net centric environment for the Department of Defense. There is a vision they have in place for the future which should materialize in the next 3 5 years. With this in mind the Defense Information Enterprise Architecture will be seen as a tool by the Department of Defense. They will use it to help them identify objective that they will proceed to attempt to implement.At the same time there will be many components in place that may align the various programs of the system in regards to the vision for the entire enterprise and the use of net centrics. All of this is going to further continue to push forward the quality and benefits from the net centric environment that has been created.

The primary purpose of the enterprise architecture structure is to make sure everyone has the right information for guidance and to help them make decisions. Taken into the context of SharePoint, this means consistent deployment types and usage. Granted, this is chiefly talking about those that have a responsibility for IT, however, there is no limit to the ways in which this can be a benefit behind the scenes.

Next >> Department Of Defense SharePoint Architecture Guide (DSAG) Part 2 Accountability, EL Scope, And DIEA Customers