This blog post will provide “from the consulting trenches” (Hybrid Cloud) strategies and granular details of EPC Group’s approach to the new Hybrid Office 365 and/or SharePoint 2013 architecture’s growing proliferation and how it may affect your organization.
Hybrid Governance Fundamentals
Users that Ignore Governance and Planning for the Real World
If it’s easy to get around it, they will:
- To ensure it will happen, enforce it transparently
- If it’s too complex, it won’t happen
- Strike a balance between:
Note: Always consider compliance around HIPAA, PHI, and PII related data in Office 365 and/or SharePoint 2013.
EPC Group’s Hybrid Governance Framework
- Step 1 – Understand what to Enforce
- Step 2 – Balance the enforcement
- Step 3 – How and where to enforce
- Step 4 – Prioritize the enforcement solutions
- Step 5 – Continue to Review and Enforce
When and What to Enforce – EPC Group Framework
Governance Feature | Enforce Nothing | Enforce Something | Enforce Everything |
PII | Policy Document (‘here’s our policy on exposing PII’) | Monthly Audit (manual or physical; random or comprehensive) | Automated Audit on Upload |
Site Quota | No Quotas or Suggested Quotas | Tiered Options;business rules | Charge-back model |
Site Creation | Training on Where it Goes | IT creates for you | Fully automated with workflow |
Site Expiration | At owner discretion | Manual email sent to site owners asking.. | Automated notification/expiration based on business rules |
Site Removal | Up to owner | IT manually removes/archives | Automated deletion/archival based on business rules / workflow |
What to Enforce – What is the Balance (EPC Group Framework Example)
Governance Feature | Enforce Nothing | Enforce Something | Enforce Everything |
Site Templates | Let users pick from laundry list | Limit list of templates | Automatically pick site template based on business rules |
Metadata /Document Classification | Users pick metadata columns & manually enter metadata | Document Library templates and managed metadata | Automated metadata population; automated business rule enforcement |
Site Classification | Governance Document | Site Label (i.e. HBI/MBI/LBI) | Automated site placement based on user input & verification |
Mission Critical Classification | Governance Document | IT manually creates site in “special” environment | Automated site placement bin redundant data-center based on user input & verification |
Enforcement Scope – How to Enforce (EPC Group Example)
Governance Provisioning Tools (EPC Group Example)
Object in SharePoint 2013 and/or Office 365 | Automatable | Create Site Collections | Create Sub Webs | Create Hierarchy | Available onOffice 365 |
People | My Sites | Social | ? | ? | ? | ? | |
Web Parts | Apps | ? | ? | |||
List Templates (STP and XML) | ? | ? | |||
Web Templates (WSP and XML) | ? | ? | ? | ||
Site Quotas | ? | ? | |||
Web Event Receivers | ? | ? | ? | ||
SPD Workflows and Actions | ? | ? | ? * | ? | |
Feature Stapling | ? | ? | ? | ? * | |
Workflows | ? | ? | ? | ? | |
Site Definitions | ? | ? | ? | ? | |
Timer Jobs | ? | ? | ? | ? | |
Custom Site Provisioning Handlers | ? | ? | ? | ? |
Matching the Policy to the Office 365 and/or SharePoint 2013 Scope (EPC Group Example)
Policy Type | Scope | Possible Options |
Security\ Identity Management | FarmWeb Application | Provisioning workflowsTimer JobsWeb application policesDNS/Infrastructure |
Reactive reporting | FarmWeb ApplicationSites/Webs | Timer JobsExternal DatabaseEvent Receivers |
Proactive | Sites/Webs | Custom FormsEvent ReceiversFeature ReceiversCustom Field Controls |
Auditing | FarmWeb Application | Timer JobsExternal Database |
Changes | Sites/Web | FeaturesControl Delegates |
Considerations in Complex Environments
- Multi-tenancy (Office 365 Issues when a user goes outside of I.T. to create a new “environment”)
- Multiple farms
- Hybrid on-premise and off-premise
- Security (FBA, SAML claims, Extranets)
- Global Clients with PHI, PII, Safe Harbor, Intellectual Property, EU Push-back, NSA Concerns in recent news
Frequently Asked Questions of EPC Group
- Terms of Service
- Common user interface and navigation
- Site directory and Office 365 and/or SharePoint 2013’s new Layout
- Common header and footer content (standardize and creation of governed branding guide)
- Structured provisioning with workflow
- Site Mapping | Mapping the Owner to Content
- BYOD \ “Bring Your Own Device” Strategies(Mobility)
- Custom Branding| Responsive Design in Office 365 \ SharePoint 2013
- Site Backup and Restore (DR) and Archival
EPC Group’s Nationally Recognized Practice Areas
EPC Group leading SharePoint, Office 365, Infrastructure Design and Business Intelligence Practice areas continue to lead the way in providing our clients with the most up-to-date and relevant information that is tailored to their individual business and functional needs.
Additional “From the Consulting Trenches” strategies and methodologies are covered in EPC Group’s new book, “SharePoint 2013 Field Guide: Advice from the Consulting Trenches” covering not only SharePoint 2013, Office 365 and SharePoint Online but Information Management, ECM\RM and overall compliance strategies in this ever changing world of “Hybrid IT.”