QUERCUS BLOG
Industry Insights from Our Experts

Tag Archives: privacy

Organizations Struggle with SharePoint Data Security Governance

Comments Off
Filed under Cloud Practice, SharePoint

(re-post from the blog of PaulSPatterson.com)

This article is not quite specific to my cloud security bandwagon context, however I was just reading an interesting report from Aberdeen Group. The report, titled SharePoint Collaboration Secure and Mobile, talks to a couple of SharePoint data security concerns that I found interesting. Most notably, how organizations are not performing well at data governance with their SharePoint environments.

Data Security and the Cloud Sprawl

Keeping track of corporate data is harder today than it ever has been. Introduce the use of cloud services for data management, and now your looking at whole different dimension end-points to worry about.  Adding the elastic and organic nature of the cloud, specifically in how cloud services are used to host data, seems to only compound security and privacy concerns.

And it’s tough to keep up. As quickly as we move to adjust and implement governance models, a new way of doing something in the cloud is made available. SharePoint is arguably the most commonly used collaboration software used today. Consider the massive amount of documents, lists, and knowledge that is managed by today’s enterprise SharePoint environments, and the number of users that have access to those environments. Those same users are also accessing elastic cloud services and social networks that when combined, represent a sprawl of new risks that are sometimes impossible to map and keep track of.

SharePoint Concerns

Coming back to SharePoint, Aberdeen presents some points about what organizations are performing well at with SharePoint, and what they are not doing well at. Two pieces of insight are presented in the report; how well are organizations doing when they use complementary security technologies for SharePoint, and how they are struggling with SharePoint data governance.

The use of complementary security technologies seems to be what most are doing well at. Measurements of security-related incidents, non-compliance incidents, and human related errors, were each used to determine how organizations fared.  Strategies such as; disk encryption, data classification, data loss prevention, and rights management are used. According to the report, best-in-class users of SharePoint are leaders in the use of disk encryption and data classification, while the lagging performers seem to have more issues due to data loss, and rights management security.

Clearly understanding expectations of how data is accessed and used seems to be a challenge for most organizations using SharePoint. SharePoint empowers users with the ability to do a lot of things, including the ability to define very granular security permissions. Without a clear and defined expectation of what users should or should not do, users can wreak havoc with the data. Organizations, according to the report, are struggling with data governance.

What Can Be Done?

As per the report, there are some steps that can be taken to mitigate a more secure SharePoint environment.

  • Data Classification. Taking an inward-out strategy by putting controls on the data. The idea that information about the data follows the data wherever it goes, even it happens to go outside of the SharePoint environment – such as into the cloud sprawl.
  • Prioritize Security Objectives. Create, or apply existing, data security and compliance protocols to SharePoint data.
  • Policies and Procedures. Especially important for publicly traded companies, data in SharePoint needs to meet legislated compliance regulations, as well as organizations guidelines.
  • Knowledge and Training. Teach users how to do things right the first time.
  • Best Practices. Using security best practices will scaffold the privacy and protection of the data.
  • Complementary Tools. There are many complementary data protection tools for SharePoint. Use them.

I can see much of the above being applied to pretty much any other internal, and external cloud-based, environment. What attracted me to this report were data security concerns, and how poorly many organizations are doing with data governance.

Do you see any of this being a concern? How about in your own organization?

Canadian Cloud Law

Comments Off
Filed under Cloud Practice

(re-post from the blog of PaulSPatterson.com)

One of my favorite sites these days is David T.S. Fraser’s Canadian Cloud Law Blog (www.cloudlawyer.ca). I can easily answer objections related to using cloud services; especially from people here in Canada. However, I am just one person, and having resources such as David’s blog certainly helps add credibility to the objection handling in my cloud context conversations.

If you are a Canadian organization, or doing business with a Canadian organization, then I encourage you to visit David’s blog. If anything, browse through the Cloud Computing Privacy FAQ on the site. The information on the FAQ is fantastic, and is a great reference point for further cloud privacy conversations.

Remember, using the cloud is not an all-or-nothing proposition. There are private and hybrid cloud opportunities that will address privacy concerns, while still offering real value to the organization. Canadian enterprises specifically can take advantage of these types of integrated cloud scenarios to benefit in ways that will offer a great return.

Data is just a part of the overall solution. Keeping data on-premise while leveraging public cloud services to offload processing, for example, is one scenario that has been proven to be successful. Keeping the data private and within the organizational boundaries keeps data concerns private. Leveraging the elastic nature of cloud services to take care of “spinning up” services when needed takes the load of otherwise important internal IT infrastructure. Data doesn’t need to be stored externally, and when the data is used it is compressed and encrypted for use by external services but not stored externally.

There are plenty of options and opportunities for Canadian enterprises to leverage the cloud. Feel free to send me a note, or contact me directly, with whatever questions or conversations you have. I love talking about this stuff.

Curious to know more about what the cloud means to Canadian organizations? I’d be more than happy to chat about it.

Cheers!

Copyright 2017 by Quercus Solutions
Login