In a conversation with Brian Babineau, a senior analyst at Enterprise Strategy Group who talks to a lot of IT folks, as well as vendors, Brian mentioned to me that he’s hearing that a lot of IT shops are turning to Microsoft’s SharePoint as an easy unstructured document repository. I find this both believable and puzzling. Believable because it’s close to free for many large Windows customers and puzzling because, as a user myself, I’ve found its access controls to be rather blunt. Of course, that’s all a simple matter of programming, ultimately, but then, if SharePoint is the quick and dirty winner, who’s going to do that programming?
I’m interested in hearing from all of you about whether SharePoint has a place in your compliance plans, whether you’ve rejected it in favor of something else, or what else you are considering. In fact, are you paying much attention to unstructured docs at all at any level, except file server backup?
Leave your comments below. And check out my conversation with Brian Babineau on the infrastructure for compliance — it’ll be up March 10. As well, he will be doing a more thorough webcast soon going into detail on how to weave a compliance infrastructure out of the best parts you already should be using for other reasons.]]>
Recent research into the buying habits of you, our readers, showed that half of our midmarket CIOs are running Windows shops. That information comes as no shock to anyone. Most of the world lives on a Windows desktop, despite the recent inroads made by Mac OS X and Linux. There’s no question that heterogeneous computing environments are a concern for many a sysadmin. That said, Windows compliance is the crucial topic of the day.
So here’s a question for you: Are there unique issues that arise out of Windows compliance?
I’m certain that the answer is “yes” but I’d like to hear more about what system administrators, CCOs and CIOs are experiencing in their everyday working lives. Let me know what you think in the comments or at firstname.lastname@example.org.
In the meantime, here’s that roundup:
If you’re looking for a comprehensive resource, try The Windows Manager’s Guide to IT Compliance e-book. Chapter 1, for instance, offers best practices on establishing an event log audit trail, maintaining the event log, encrypting email or files and keeping an inventory of stored data. You can also download each of the three chapters separately:
Rebecca Herold has been a prolific contributor on the topic of Windows compliance as well. She’s an adjunct professor for the Norwich University Master of Science in Information Assurance program and is well into writing her 11th book. Her articles can be found at PrivacyGuidance.com, Realtime-ITcompliance.com and, of course, at SearchWinIT.com. (You’ll note she’s in our blogroll, down to the right.)
Earlier this month, Herold explained how to keep Windows shops in compliance with data protection laws. Protecting personally identifiable information is a key aspect of compliance in 2009, given new regulations coming down the (Mass) pike. Even if the Massachusetts data protection and encryption law deadline has been extended, it needs to be on your radar.
In past articles, Herold has also explored how to meet data retention compliance in a Windows environment. In her view, Windows managers must take an active role in learning data retention policies and creating procedures to support them.
Similarly, in her tip on meeting compliance requirements in a SharePoint Server environment, Rebecca suggests that before deploying SharePoint Server, IT managers should examine the compliance implications of using the collaboration tool in their Windows environment .
Herold also has written about how the service desk can help Windows shops meet SOX compliance objectives by using IT governance frameworks like COBIT and Microsoft Operations Framework.
Finally, if you’re still procrastinating on completing your IT compliance documentation, do it now.