The concerns about information run rampant in SharePoint implementations is still big news. Which is why we wonder, why there aren't more vendors out there offering content governance solutions like those offered by HiSoftware (news, site)?
Are you worried about things like credit card numbers and social security numbers being exposed? Of course you are, everyone is. But add to that the concerns that are rising over information being exposed through our collaboration processes and you have a big job on our hands.
As we start to think about how SharePoint can be strategically used within our organizations, we want to put in place practices that will ensure we implement and manage it properly from the start. Content governance is a critical aspect of that planning and implementation process. We need to be sure that the right information is in the right location and that information isn't being made available, accidentally or otherwise, to the wrong people.
In a conversation with Kurt Mueffelmann, CEO of HiSoftware, what became clear was that while many organizations are thinking about content from a permission-based security perspective, there are other layers of content governance that need to be addressed as well.
Monitoring Compliance in SharePoint
According to Mueffelmann, many organizations are hesitant to deploy SharePoint 2010 because they don't know what is being said. Now this is through not only exposing information in documents and lists, but also via activity streams, updates to Twitter and Facebook and other collaborative means, and SharePoint can offer a lot of ways to share information.
What is needed is proper content governance to monitor and report on information that is considered sensitive to the organization. And this is where solutions like HiSoftware's Compliance Sheriff come into play.
Compliance Sheriff offers a number of capabilities including accessibility compliance monitoring, privacy breach and policy, and brand integrity/site quality. But it's the Data and information security that interests us most when it comes to SharePoint.
The Compliance Sheriff can block blog posts, documents, emails and other content related to defined topics and/or tags from being published or placed in particular folders. This "blocked" information can be placed in an area for review by administrators and reports can be run that show what is being said, by whom and where.
It can also monitor what is being said by employees on Facebook, Twitter and other sites such as Newsgator when these activities are performed at work, behind the firewall (it can't monitor employee activity outside the office)
The nice thing is that these capabilities are seamless to the end-user. All monitoring and reporting is done through web parts and workflows in the background, making compliance a natural step in the process. All the checkpoints (defined topics/tags) are set up in an administration view, where reports can also be viewed and predictive analysis can be performed.
Organizations Have Different Compliance Needs
While accessibility guidelines like Section 508 and WCAG don't change that often, organizations will often implement them with changes based on their own internal best practices. When it comes to content governance, compliance guidelines are very specific to the organization and can change quite regularly. In both cases, a solution needs to be in place that provides the flexibility needed to meet the organization's specific requirements.
HiSoftware comes from an accessibility legacy (we've done past coverage of their solutions in this area). But in the last few years, they have recognized the additional needs and implemented the different capabilities mentioned above. To demonstrate how important content governance and other compliance activities are, consider this: HiSoftware went from making US$ .5 million in 2007 to a company with over US$ 10 million in revenues.
Whether it's the US Federal government or the Financial Services industry, there are organizations across the globe that need to manage content goverance better. And, it's not just SharePoint implementations that are affected. HiSoftware's Compliance Sheriff also works for non-SharePoint environments, with the ability to connect to a number of different enterprise content management systems.
The important takeaway here is that you can successfully implement SharePoint 2010 without the concerns that your sensitive and private information is going to be exposed. You just need to have the right solution in place.