using a compliance compass to navigate sensitive content is available upon request. using a...

Download Using a Compliance Compass to Navigate Sensitive   content is available upon request. Using a Compliance Compass to Navigate Sensitive Content within Your IT Environment IAPP Europe: Data

Post on 24-Apr-2018

214 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Accessible content is available upon request.

    Using a Compliance Compass to Navigate Sensitive Content within Your IT Environment IAPP Europe: Data Protection Intensive 2013 Ralph OBrien EMEA Compliance Specialist AvePoint UK

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Understanding the Challenge The Context

    The Players

    The Prism of SharePoint

    A Best Practices Methodology Achieving Compliance

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Understanding the Challenge

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    IT

    Business

    Compliance

    Boundaries

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Governance

    Risk

    Compliance

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Governance is the set of policies, roles, responsibilities, and processes that guides, directs, and controls how an organizations business divisions and I.T. teams cooperate to achieve business goals.

    Microsoft Governance Model of SharePoint Definition

    http://bit.ly/nmNSbj

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Effect of uncertainty on objectives.

    According to - ISO 31000

    http://www.praxiom.com/iso-31000.htm

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Conformity in fulfilling official requirements.

    Merriam-Webster - Compliance Definition

    http://www.merriam-webster.com/dictionary/compliance

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    At the very highest level we are talking about: Making information available to the people who should have it

    Protecting it from the people who should not

    This may come from requirements: Regulatory

    Statutory

    Internal Policy

    All the above

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Issues Include: Intellectual property and trade secrets

    Sensitive customer information and data

    Employee data

    Collaborations on strategy

    Personal information and health information

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Want the same data protection rights across the EU

    Special Eurobarometer 359 Attitudes on Data Protection and Electronic Identity in the European Union, June 2011.

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Accidental Breaches

    Employee Third Party

    Intentional Breaches

    Employee Third Party Hackers

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Designing a Compliance Policy How do we protect the most important data in the enterprise?

    How do we reduce the risk of exposure?

    How do we quickly find information?

    How do we prepare for litigation and eDiscovery?

    How do we ensure policy consistency?

    How do we scale the compliance solution to the enterprise?

    How do we control costs?

    What is our Cloud Strategy?

    What is our current compliance status or our as is?

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Dont just focus on what you can see

    Risk Awareness

    Risk Ignorance

    Never in all history have we harnessed such formidable technology. Every scientific advancement known to man has been incorporated into its design. The operational controls are sound and foolproof!

    E.J. Smith, Captain of the Titanic

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    The Prism of SharePoint

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Business Intelligence

    eDiscovery

    Compliance

    Enterprise Content Management

    Records Management

    Social

    Search

    Web Content Management

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Content that changes all day, every day Massive Data Stores

    Document Management, Collaboration, Social, Cloud, Communications

    Now Can be Searched and Accessed by EVERYONE

    Internet, Extranet and Intranet website content

    Enterprise Content Growth by 2014 (Gartner Research)

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Accountability

    Who owns the sites? Is the site still

    accessed & used?

    Discoverability

    Are search results relevant?

    Is it easy to find relevant content?

    Adoption

    Was there training prior to granting elevated permissions?

    provisioning services causing bottlenecks?

    Infrastructure

    Storage footprint ? Duplicate content? Backup files growing

    with no pruning? Application

    development?

    Appropriateness

    Is there PII content uploaded?

    Is there content stored in a site that should be in a different site?

    Quality

    Is the site still active? Is the content still

    relevant?

    Compliance

    PII data? HIPAA requirements? Section 508?

    Restrictions

    How can we prevent sharing of confidential documents?

    Who has access to what content?

  • AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

    Personal/My Sites

    Governance

    Vis

    ibili

    ty

Recommended

View more >