Data leaks and document duplication in global #sharepoint ops #qsharepoint @cmcnulty2000

I was working on an upcoming presentation for next month’s SPTechCon in Boston, and I was reviewing some prior materials on SharePoint governance and security management.


SharePoint information architecture can be hard. When IA is done correctly, contexts and navigation flow smoothly. Users are more likely to put documents in the “right” place and keep them there. Conversely, if users aren’t sure where to put a new document or find an existing one, they may create their own version or add a new site. And the more points of entry you have the more places you may need to control or inspect for improper security. Native functions, and solutions like Quest’s Site Administrator for SharePoint can help catalog and rein in an unruly information architecture – but ultimately, this is an information governance question.


What occurs to me is the same problem on a large scale. It can become really convenient to add documents for convenience sake to multiple different areas. I’ve added extra documents to SharePoint Team Sites, My Sites, SkyDrive, and Drop Box as I’ve demoed different aspects for each for collaboration. And I noticed that, of course, I don’t keep all the copies in sync. It’s not really critical if all I need to do is shows the Word Web App client as part of SkyDrive.


In ordinary collaboration, many users inadvertently “extend” their IA when they share docs via e-mail. “I’ll just email it to myself so I can work from home this weekend” is a starting point. Pretty soon, versions of the same content are showing up in Office 365, corporate SharePoint, Google, Facebook, Drop Box, YouSendIt, etc. That’s not a bad thing – if you can remember where all the copies are.


And lets even suppose you have a handle on all the required user security for each of those locations. What could possibly go wrong?

Not all clouds are good clouds…


We may be “One World” on the Internet – but we are far, far away from One World of regulations. On one hand, we have applications of US-based regimes like HIPAA which mandate that certain classes of health related personal information cannot leave US controlled servers. And on the other hand, some non-US companies are careful to keep their corporate data away from US-based “cloud” services because of the international impact of USA PATRIOT and other regulatory regimes.


Clear guidance on intended usage helps. Information governance is as much about policy as enforcement. But sometimes the best approach is one that steers people toward “preferred” collaborative stores, so user behaviors don’t inadvertently create security or regulatory issues. (This is part of the rationale for our AttachThis solution, now in public beta.)


What do you think? How do you engage information sprawl outside SharePoint?