I've been planning on writing a Top 5 article on SharePoint administration and management for the past six months, but now that I'm finally doing it I find I must expand the scope. What's different?
The pace of change has accelerated.
Having worked in the SharePoint space for the past 10 years, it's easy to note the changes, the biggest shift being what is happening with Office 365. With OneDrive for Business, Microsoft has taken aim at the online drive space. And just as the competitors, they are trying to replace your hard drive and file shares with a cloud version, providing 1 terabyte of storage for each user.
OneDrive shares some of the SharePoint plumbing and is managed using the SharePoint Administration Portal, but in many ways it’s a different animal, used for a different purpose and often maintained by different people.
As with other “drive” products it has the allure of being “easy” as compared to SharePoint -- and in many ways it is. Your content is available anywhere with a web connection and with a click of your mouse you can share with internal and external users. However, the other side of the coin is with all that content outside the firewall more vigilance is required and often mandated. From knowing what is shared and with whom, to enforcing company and regulatory policies OneDrive presents both a new set of challenges and many of the old ones.
Before I dive into the list, I want to address several misconceptions that are relevant to this discussion.
- The first is the idea that if a customer moves their environment (e.g. SharePoint, File Systems, email, etc.) to the cloud, they no longer need to manage or administer it. That is far from the truth. There is unquestionably a reduction or even elimination of cost and resources associated with maintaining the hardware and infrastructure for those systems when they resided in-house, but the need to monitor and manage the resources in the cloud does not diminish at all (and arguably increases).
- Secondly, there is a lot of literature and a number of polls espousing cloud adoption trends. All of these give the impression that customers are adopting the cloud wholeheartedly and moving into it en masse. Dealing with thousands of customers, I have come to the conclusion that customer’s decisions are as unique as their needs. Some are adamant that all their systems stay in-house; others have quickly moved everything to the cloud, while many are just on the fence. Generally, they have a hybrid environment where some systems like email or SharePoint are totally or partially in the cloud, while others remain in-house.
Regardless of how your environment is architected, here are my top 5 tips for managing and administrating SharePoint and OneDrive for Business:
Managing security is a top priority independent of where your systems are located. SharePoint is a poster child for what can go wrong when giving customers what they ask for. In concept, SharePoint objects inherit their security from their parents. This works well until inheritance is broken. I can probably write a separate article on this but for our purposes let’s just say that having a good grasp of your broken permission inheritance is a good place to start.
To follow up on this, administrators often need to understand who has access or rights to what information and locations. This information is relatively easy to get for a specific SharePoint object such as a list or site, but an overview is a challenge and can leave parts of your system exposed.
With OneDrive, customers now have an authorized way for their employees to share content with internal and external partners. This capability is not without security risks (more about this later) so a comprehensive inventory of who is sharing what with whom is a must.
2. Transferring Permission
On the heels of analyzing and understanding existing permissioning, admins have the responsibility to manage them as a daily activity. However, one aspect of that task is often ignored. If you’ve ever administered Exchange, I am sure you have had the responsibility of forwarding a mailbox when an employee leaves a company. With SharePoint and OneDrive, content belonging to this employee is usually left unaltered, resulting in orphaned permissions and objects. As with email boxes, good practice for administrators is to put together a procedure to transfer these to someone else.
3. Monitoring Use
One of the biggest complaints by SharePoint administrators and users alike is how quickly Sites can become overwhelmed with irrelevant content. While the creation of Sites always starts with the best intentions (e.g. collaborate on a project, store documents for corporate department or to share information with a specific audience), there is a tendency to start dumping data until it becomes virtually unusable.
I recently worked with an admin for a large governmental agency who was trying to manage a library with 14,000 documents. The kicker was that many of these had hundreds of versions. Assuming that storage is not a limitation, at the very least that kind of content sprawl will result in many hours of clean-up that could have been avoided by proper monitoring.
On the flip side, while many Sites are used for a specific task and then cast aside, others are simply never used. In environments with a storage quota such as Office 365, this presents an opportunity to salvage them for other use. In addition, unused sites may have sensitive information that was left behind without any oversight or ownership. There is some irony in the fact that companies spent $46 billion in 2013 on cyber security, but often forget to do basic housekeeping to eliminate the source of this data.
Administrators should also have insight into what type of content is being stored. With Microsoft’s recent announcement of 1 TB of storage for each OneDrive for Business user, space is less of an issue than for SharePoint sites. Nevertheless, it should not become the primary backup and sharing location for personal pictures and videos. Keeping an eye on content growth and distribution can prevent some uncomfortable conversations down the road.
4. Backup, Archiving and Restore
I argued above that moving to the cloud does not relieve admins from essential administrative tasks. I would include Backup and Archiving as part of this. Undoubtedly the benefit of the cloud is that the provider takes care of the heavy lifting such as redundancy, disaster recovery and updates, but when it comes to Backup, the solution provided is “one size fits all.” For example, Microsoft maintains a 14 day backup of sites for disaster recovery (and it may take a day or two to recover a site upon request). In addition, deleted content is maintained in the Recycle Bin for 30 days (90 days for Admins) and then disposed.
Many SharePoint environments are too critical to fit into this offering and should be backed up to local storage or another cloud provider. Besides having easy access to their content in the event of an outage or data loss, admins can do granular restores of individual items, lists or sites well beyond the standard time limitation. In addition, with highly secure environments it is also a good idea to backup the permissions. In the event they are maliciously or accidentally altered, a quick restore can be made.
In many ways OneDrive for Business is analogous to email boxes. If you are considering or have implemented a centralized backup for your email, OneDrive should also be included in the conversation. Having a centralized OneDrive backup allows admin to quickly recover lost, deleted or corrupted files or the contents of an entire OneDrive if it is removed.
As part of the section on Monitoring Use, I discussed the problems with unused or discarded SharePoint sites. The same logic applies to OneDrive when an employee leaves the company. Many incidents of information leaks occur when ownership to content lapses for one reason or another. Once unused content is identified through monitoring, a policy to archive and off-board should be in place. With a standing backup and archive plan, unused SharePoint sites and OneDrive can be removed without concern.
5. Content Discovery
The concept of understanding the content that is uploaded to SharePoint or OneDrive for Business is not usually something that is a priority of most administrators, but with the abundance of cloud storage it probably should be. While companies have both fiduciary and regulatory responsibilities to protect and secure their content, they also need to balance that with the need to collaborate. So you should be considering how to gain an understanding of what information is actually stored in Sites and OneDrive.
There are several ways to do that. As I touched on previously, getting an overview of the types of content (e.g., pictures, videos, documents, spreadsheets, etc.) is step one. A more advanced option is to scan or search content for specific patterns. Some basic ones include social security and credit card numbers. Many organizations must also comply with government regulations, such as HIPPA and PII and/or have specific company policies. A more sophisticated rules engine may be required for this type of discovery.
I realize that the admin tasks that I identified in this piece are not universal. So, if you are an administrator for SharePoint or OneDrive, on-premises or in the cloud, I’d love to hear back with your tips and challenges for version 2.0 of this article.