SharePoint sites, growing like weeds, need governance

SharePoint sites can spread like weeds throughout a company, creating big legal risks. It's time to set some rules.

"Like the Wild West" -- that's how Dave Rettig, a senior manager in the strategy and technology alignment group at Raymond James Financial Inc., describes the firm's first implementation of SharePoint 2003. "It was a free-for-all. Everyone just sort of jumped in," Rettig says.

SharePoint is Microsoft Corp.'s software for collaboration, file sharing and Web publishing. "People saw it as just another file server," Rettig says, "and it ended up like someone's garage or attic."

So when SharePoint 2007 came out, a steering group that included Rettig decided to take some control. Instead of automatically upgrading, the group did so manually, porting just 10% of the earlier version's content to the new platform. It also required a "steward" and a backup person for each team's content site.

Security was another concern. Rettig categorized the financial services firm's 14,000 to 15,000 SharePoint subsites into three groups -- team sites, project sites and community sites -- each with different levels of security controls. In addition, the steering group created a specific site to lock down any content containing personally identifiable information, with oversight by the data security staff. "No one can get into that area without security knowing about it," Rettig says. If personally identifiable information is found outside of that boundary, either through an automated scanner or human detection, it's immediately flagged, deleted or moved.

Moreover, forms that enter the SharePoint system from the retail sales force are archived in an optical storage system, with built-in rules for regulatory compliance and security enforcement.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon