5 W’s to Securing SharePoint 2013 in an Information-Sharing World

5 W’s to Securing SharePoint 2013 in an Information-Sharing World

By Kurt A. Mueffelmann

Today's work environment no longer centers around an office and a desktop computer; it's on our mobile phones, laptops and tablets. One thing has remained constant: We need rapid and efficient access to information. And we also need to share that information, often securely, with the right people.

Many companies are turning to SharePoint 2013, the latest version of the dominant enterprise collaboration and content solution that boasts new social features to encourage information sharing.

These companies must balance the additional opportunities to collaborate inside SharePoint 2013 with strategies for keeping private information secure and out of the public scope. Here are five questions to consider in planning your organization's strategy.

#1 Why is Social Collaboration Important?

In 2010 a Forrester analyst was quoted as saying, “Social computing is not a fad, it will impact on almost every role, at every kind of company.”

Fast-forward three years and Forrester was right; enterprise social computing is an important strategic platform for increasing workforce collaboration and knowledge management. It affects how every person in an organization works together and shares information.

The benefits of social computing are vast, including improved productivity, streamlined communications, retention and engagement of employees, and process innovation.

The big question for companies adopting a social approach isn’t "why collaborate," but rather, "how do we balance collaboration with securing sensitive content?"

Consider the Securities and Exchange Commission rule change allowing publicly listed companies to make official announcements to investors using social media. The implications are huge as millions of people make investment decisions based on information posted to social sites.

Recently one supplier had a billion-dollar impact on Apple’s share prices after reporting a disappointing revenue forecast. Imagine if an employee made a mistake and released confidential information about your company or even a partner program?

#2 Who Can Collaborate and On What?

Enterprise social can be a risky business, especially in highly regulated industries such as financial services or healthcare. However, if organizations can understand exactly where the risk lies and how to reduce it, enterprise social doesn’t have to be hazardous.

·        For example, do you need information barriers between internal communities, such as research groups and traders in financial securities companies?

·        How do you keep regulated personal or healthcare information on employees and customers out of discussions?

·        Is there confidential company information like M&A information or trade secrets that shouldn’t be shared publically or within the general organization?

Keep in mind that collaboration benefits are possible only if social sites are carefully monitored and managed for governance, compliance, and appropriate content.

Answering the question of “who can collaborate?” can help an organization avoid risky business and reap the productivity benefits enterprise social offers.

#3 What Content Should I Monitor?

What sensitive and regulated content is shared within the social enterprise? Any data that can, on its own or with other information, help to identify, contact, or locate a single person, needs to be kept out of social conversations. For starters, that includes any employee or customer data with the following:

·        Names

·        Addresses

·        Date of birth

·        Telephone numbers

·        Social security numbers

·        Bank details

·        Routing numbers

·        License numbers

·        Email addresses

·        IP addresses

·        Medical record numbers

Now combine it with regulations from the US Department of Health and Human Services’ HIPAA rules, SEC and other federal agencies governing sensitive content. This isn't the only content that needs securing.

What about company confidential and intellectual property? What about inappropriate content and obscene language, or other HR guidelines for online behavior?

Identifying what information should and should not be communicated in the social enterprise is crucial to protecting the organization from risk and providing employees and customers with a trusted online environment.

#4 Where Do I Start?

Starting is actually a multi-step process that focuses on evaluating risk, then putting strategies and technology in place to deal with these risks, while continuously monitoring this process. 

The process flow involves the following:

·        Identifying key red flag risks

·        Establishing a compliance strategy

·        Automating the process of enforcing policies

·        Securing sensitive content

·        Regularly reviewing those strategies

 

Key questions to ask at first include these:

·        What regulations do you need to comply with?

·        What confidential information needs to stay out of the public domain?

·        Are we complying with our governance policy?

·        Are we exposing ourselves to potential financial risk?

Organizations can better assess areas of content and social risk by answering these questions. Involving stakeholders that can suggest policies for each department should be part of the process.

As you move to the next phase of the starting process, you will need to establish a compliance strategy aligned with the business strategy. This will help embrace social collaboration and minimize risks. Stakeholders within the organization will once again play an important role in this process.

Of course, it’s not just about setting a policy on paper and storing it within the organization for employees to read and understand.

The likelihood of each employee applying it to everyday work will be hard to monitor. Policing social portals for compliance with paper-based corporate communication policies, privacy guidelines and other industry-specific compliance regulations is no simple task.

Manual processes for enforcing these policies are not enough. Using established policies, automate as much of the scanning and monitoring of content to identify any violations.

Better yet, use the policies to identify and prevent issues before they are posted.

If a security breach occurs and the organization finds out after the fact, the damage has already been done. However, it still needs to clean up the mess. Within the health industry, that might mean coming clean to the HHS and facing its wrath.

It might mean reporting to customers that their social security details were compromised because a member of the staff accidently posted the wrong document.

In addition to monitoring social communications for violations, think about putting methods in place to secure sensitive content stored in SharePoint 2013 by restricting access to, encrypting, tracking and preventing the publishing of the content. This will help secure and prevent sensitive content from even making its way into enterprise social conversations and can ensure that documents can’t be accessed if they do.

The best way to secure content in social computing is by preventing publishing of non-compliant content.

But policies and regulations governing content are always changing; organizations should have a flexible system in place to easily update policies to ensure they are in compliance with the latest requirements.

They should also look at and understand how employees are using information and make policy adjustments accordingly.  

#5 When Do I Need to Start Securing Social Collaboration?

Companies using SharePoint 2013 must start thinking about securing social collaboration immediately. Waiting could mean the difference between costly fines, lost customer confidence, or missed revenue.

Don’t be afraid to embrace enterprise social collaboration. The benefits to productivity and your organization overall can be invaluable.

There are however, steps that you need to put in place to ensure the right content is communicated to the right audience in our information-sharing world.

Supporting both social and security will protect and avoid damage to the organization, employees, customers, and partners.

 

Kurt A. Mueffelmann is president and CEO of HiSoftware.  Mueffelmann draws on over 15 years of experiences in helping high-tech companies reach their growth potential. He is responsible for defining and directing HiSoftware’s worldwide strategic and operational direction, product strategy, sales and market expansion and international growth activities. Additionally, Mueffelmann is a member of HiSoftware’s board of directors.

 

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish