SharePoint, eContent and the GRC Challenge

By Eric Darbe (@hisoftware) Aug 4, 2011

Every time an employee innocently sends a forgotten password to a co-worker over the system, every time an HR staffer forwards a resume to a hiring manager, every time a website content writer posts a new blog entry with an old brand mark — there’s a question of violation of GRC rules.

The Shattered Web

Just a few years ago, the term “eContent” would have been dismissed as a typo. Today, it’s a term that almost every organization has to deal with. With the enterprise moving online to a greater and greater extent, companies are finding enhanced efficiencies in electronic documents and collaborative workflow — creating a new kind of management challenge. Suddenly, Web 2.0 and 3.0 realities have come up against compliance requirements for privacy and risk management.

Customers are becoming more comfortable in providing their personal information, such as credit card numbers, addresses and financial data. But they are counting on the companies handling that information to do so in a confidential and secure manner. Within the enterprise, employees’ personnel files, pay data, passwords and other material have to be secure even as they are updatable. Every single day, more content is created and uploaded into the company’s store of material — perhaps into the Cloud.

Not too long ago, information created by a company was generally static, or perhaps updated only quarterly. Today, companies know that to keep up with the marketplace, they must provide continuous digital content — every day, sometimes every hour, to external audiences. Simultaneously, within an enterprise, work teams are creating even more content: documents, videos, presentations, audio files and more.

Into this Wild West of eContent comes SharePoint. This platform opens up collaborative possibilities across the enterprise, allowing everyone to contribute and participate in projects, even remotely. Because of its ease of deployment, low initial cost, and high business value for facilitating collaboration among team members, SharePoint has experienced a “viral spread.”

Content is exploding in both structured and unstructured formats — it is virtually all electronic and subject to corporate and regulatory policies governing its dissemination, accessibility and security. In fact, analysts at such research firms as Forrester Research and The Gartner Group are confidently predicting that within five years the current Terabytes of data that many private and public sector organizations are responsible for will become Petabytes, and will continue to grow exponentially.

The Growing GRC Problem

At the same time that content is growing exponentially, compliance standards for risk protection are becoming more stringent. Regulations include COPPA, accessibility requirements such as Section 508, an enterprise’s own governance policies for defining inappropriate content and brand integrity, and, finally, industry-specific rules, such as HIPPA 5010. What’s a CIO to do in the face of these complex and seemingly endless demands? It seems that every quarter brings new regulations, along with new technologies, designed to open communication channels ever further and at the same time increasing GRC challenges.

Is it possible to train everyone, to keep that training up to date, and to ensure compliance all the time? Do you even want to be regularly pulling people from their productive work to make sure they are trained in all the rules? And even if a company does so, will it actually work? Human error is a fact of life — not even factoring in the disgruntled employee or hacker — routine risks that every enterprise faces in this day of instant communication.