The only way you can truly manage your content is to understand it. Depending on who you are, that may sound really simple. The reality? It’s something organizations struggle with every day.
SharePoint libraries, lists, file shares, Dropbox folders, Google Drive, Amazon EC2 storage, SkyDrive -- need I go on? Your employees can, and likely already do, store documents in one or more locations. So how do you ensure that your data is secure? How do you ensure that compliance is enforced? That your governance processes are being followed?
The answer is simple -- you monitor all the locations where your content can be and you manage it appropriately.
Have You Tagged Your Data Lately?
One of the most common issues with SharePoint today -- lack of taxonomy. SharePoint environments have been thrown into place and handed out to employees like candy. Without even realizing it, organizations have thrust their own data into chaos by not putting proper taxonomy structures in place for employees to use. The result is a ton of data dropped into SharePoint whenever and wherever it made sense to the employee who put it there.
Here’s a common scenario: SharePoint is set up in an IT consulting firm with the intent to help manage projects. That firm is ISO 9001 compliant, which means it has strict rules for the documents it must create for a project and store after the project is over. The required documents and associated metadata is standard across project size and type.
Unfortunately for this organization, no time was put into creating a taxonomy based on those ISO requirements and each project that sets up its own project team site has done things differently: different folder structures, different file names, etc.
In fact, some of the people working on the project aren’t even using the project team site for their work in progress documents. Instead they are storing them in their own personal MySite, or in a file share, or in SkyDrive so they can easily work from home. In this common scenario, the company can barely find its data, letting alone properly governing it.
Tagging and classification are important capabilities that SharePoint offers, especially in SharePoint 2010 and SharePoint 2013. This is not the first time I’ve spoken about proper information architecture, and to be honest, it’s unlikely to be the last. I also won’t go into the challenges related to migration, but that’s another situation in which you really need to know your data.
Not Only a SharePoint Problem
Proper tagging and classification of information are only one part of the problems organizations are facing today. It’s also important to know what information you are storing in your documents, especially when you are dealing with personally identifiable information such as social security numbers, credit cards or health information.
Financial institutions and health organizations are two great examples of organizations that need to maintain a lot of personal information. This means they are heavily regulated by industry standards such as HIPPA, FISMA and GBLA, among others. Each of these standards have stringent rules for how personal information is stored, who can use it and how it can be used.
For example, consider the credit card company that takes all that personal information when a credit application is completed. Now consider all the data stored as that card is used and reports are made to help decide who should get credit increases, or warning notices.
Although SharePoint gets special attention when it comes to governance of data, (especially considering all the reports about how it’s used -- or misused), it isn’t the only place we see governance and compliance concerns. With so many organizations (and individual employees) using cloud storage technologies to store documents, the whole of idea of “know your data” and “control your data” becomes even more important.