HiSoftware's Kurt Mueffelmann Talks Compliance, Secure Data for SharePoint

6 minute read
Barb Mosher Zinck avatar

As social collaboration becomes more common among organizations, there is a need to balance the ability for employees and partners to work together, yet ensure that information is secure and used properly. I spoke with Kurt Mueffelmann, HiSoftware President and CEO, about these issues and how HiSoftware can help.

Know Your Data, Secure Your Data

Most organizations today are concerned about compliance and the sensitive nature of their information. They want to know how to lock it down, and know who's doing what with it. HiSoftware provides this through secure metadata and forensic activity for SharePoint 2010, 2013 or even good ol'MOSS. Taken even further, let's take those governance capabilities across all your file shares, into the cloud and some of your social collaboration software, especially as SharePoint takes on more social functionality and partners like NewsGator continue to add more social collaboration to SharePoint.

Who needs a high level of governance anyway? It's not just regulated industries, although they definitely have a higher demand. It's CIOs working on a information broader strategy, SharePoint Administrators trying get better ROI on their systems, and any organization that has a risk management and compliance strategy.

The reality is, SharePoint is widely used across a lot of organizations of many different sizes. It may be at the team level, the department level, or enterprise wide. Introduce BYOD into the mix and now you have to identify areas of sensitive document access and proactively ensure that information stays protected but still give employees more options for working unchained to the desk.

Proactive vs Reactive Governance

Are organizations more proactive in their efforts to keep track of their data or reactive? Mueffelmann says it's a mix, but he points out that many organizations really just don't know what's in their SharePoint environment -- whether it's a carefully planned migration process or just opened up for everyone to use. He's heard many horror stories about collaboration environments started and then quickly shut down because information is getting shared or used in inappropriate ways.

But then there are others who use SharePoint and know they have documents that risk exposure who are typically proactive in their approach. these could be government, higher education, manufacturing, anyone with IP leakage concerns. Pharma and healthcare are also driving a lot of HiSoftware's business right now as well.

hisoftware, compliance, sharepoint

HiSoftware Solutions

And you have to ask, why do people use SharePoint if it doesn't offer governance and compliance capabilities out of the box? Mueffelmann says that organizations with limited budgets like SharePoint and want to take advantage of what it offers, but they still want to have secure and compliant environments (which is where HiSoftware comes in). 

“HiSoftware will give us better control over the entire SharePoint environment and document libraries. Using Security Sheriff, we will be able to avoid what we call ‘man-in-the-middle attacks’ where our users send confidential information to external parties without permission to do so. We will also use Security Sheriff to prevent end-users from printing or downloading documents to their desktop without appropriate permissions, and to encrypt content that is distributed from our employees to third parties,” said Jan Juhlin, IT Manager at Dunross & Co, a HiSoftware customer.

BYOD is Not a Problem

Everyone wants to be able to work using their mobile device, be a smartphone or a tablet. HiSoftware provides secure apps to allow them to do just that. The apps leverage SharePoint permissions and admin layer, by adding securing metadata around the classification of documents. It classifies data at the item level and creates a workspace on the mobile device to access that data.

It's important to point out that SharePoint still controls access to the workspace from the HiSoftware app and the UI is the same as users expect with mobile device you are using. If you are connected, you reach directly into SharePoint and get your data, but if you aren't connected you can work locally. If someone has their device stolen, it can be wiped clean.

HiSoftware, mobile, sharepoint, compliance

Hi Software on iPad

Right now the apps are available for iPad and iPhone, but Android apps are expected soon and this fall you should see the apps released for Windows 8.

Cloud Support is Slow Coming

What about Office 365? Mueffelmann says that many of the organizations HiSoftware talks to are hesitant about moving to the cloud-hosted platform, many are looking at a hybrid model where they can leverage Office 365 to collaborate with outside parties.

Learning Opportunities

A hybrid model, which HiSoftware is working towards in the September release, allows organizations to keep their more sensitive information on premises, but still take advantage of the Office 365 cloud for other information and external collaboration.

Securing Social Collaboration

With HiSoftware Compliance Sheriff and Security Sheriff, there is aflexible pricing model that includes these core engines plus theaddition of assets, such as support for social collaboration or fileshares.

HiSoftware can work for social collaboration tools and file shares. One of the collaboration tools it works with right now is NewsGator (the two have a strategic partnerships), in addition to Yammer, which is integrated with SharePoint as well.

As SharePoint 2013 gets implemented and integrates collaboration tools likeYammer and NewsGator, organizations are more concerned about sensitiveinformation getting out accidentally, and there are cases where orgs need to clearly separate working with internal groups and external groups to ensure information is secure.

With SharePoint and NewsGator, HiSoftware has the ability to go in and automatically block incorrect usage of content, but with Yammer, it can only identity issues at this time, although this will likely change.

Reporting in the software is also by asset (or service) and then rolled up on an enterprise basis. This roll up allows organizations to do predictive analytics to help monitor and educate users who may need be more trouble and require additional training.

The Best Approach to Successful Implementations

Is there one way to ensure that a SharePoint implementation can be successful and secure? Mueffelmann says that many organizations have grand plans, but it takes forever to roll them out. He says it's important not to "boil the ocean" or do it all at once. Look for and identify areas of sensitive information right away and non-compliant data, and deal with these areas first, then expand as you need to.

The idea is not to wait, but to get a good awareness of what's in your system. Then put processes in place like tracking and then go from there.

You can implement SharePoint and still ensure your information is secure. Some of that you can do with SharePoint, but usually you get your best support through third party providers like HiSoftware, MetaVis, Axceler, MetaLogix and others. Like Mueffelmann says, don't try to boil the ocean, figure out what you need to do and do it.