Category Archives: 00037ffe94c5dd47@live.com

8 Challenges of BYOD in SharePoint: an Insider’s Tips


You may also be interested in: fpweb.net


 

Editor’s Note: Contributor Ben Henderson is Client Services Manager for Colligo. Follow him @ben3003

2013-11-13-BYOD-01.pngWhen you look at the numbers, the challenges of BYOD in SharePoint reach far and wide. 17,000 organizations now run SharePoint as their enterprise CMS and 125 million SharePoint licenses have been sold to date, according to file-sharing company Accellion. Gartner reports 70% of organizations allow users’ personal devices to access network systems and enterprise applications, and an astounding 78% of white-collar employees in the US use their own laptops, smartphones and tablets for work purposes (Cisco Systems).

You do the math. Thousands of IT departments are dealing with the daily challenges of actively monitoring and managing a myriad of mobile devices, yet delivering SharePoint content in a way that is easy and useful so that employees don’t look to less secure alternative solutions.

So what’s the problem? Two words – data breaches. In March 2011, 40 million employee records were stolen from RSA Security; the year before that Gawker Media experienced compromised email addresses and passwords of about 1.3 million commenters on popular blogs Lifehacker, Gizmodo and Jezebel, plus the theft of the source code for Gawker’s custom-built content management system. Although not on the same scale, corporate data breaches are common. According to research firm, Ponemon, about 85% of all US companies have experienced one or more data breaches.

SharePoint Needs Careful Management

SharePoint is capable of handling more than 200 file types out of the box. Imagine the data it can unleash. Without appropriate and consistent policies around access controls and security measures, such as restricted remote access, critical information can be left to twist in the wind.

Administrative mishaps, incorrectly configured services, and broad access rights all create security vulnerabilities. In the wrong hands, consumer-grade devices open an easy way through these vulnerable holes to enterprise data stored on the device and sometimes into the entire enterprise network.

As experts in SharePoint collaboration, we’ve learned first-hand where our customers face the biggest BYOD challenges in SharePoint, and they broadly divide into two categories: security and ease of use. The two go hand-in-hand to satisfy the needs of the organization as a whole and the individual users. Let’s start with security.

1. I’ve Lost my Phone

The number 1 security concern with BYOD connecting to enterprise networks is loss or theft of those devices. Foreground Security, a consulting firm, reports that 47% of employees have no passcode for their mobile phones. Malicious individuals will have access to any enterprise data stored on the device and possibly even to data stored on enterprise servers.

IT departments need to put in place, and enforce, strong password policies for every mobile device. Further, you should also consider creating password access to apps or browser access points into SharePoint, auto-wiping content after a series of unsuccessful tries, and setting up the ability to remotely wipe content from the device.

2. Authentication

On the topic of remotely wiping content, controlling access to SharePoint content on mobile devices is key. To protect sensitive corporate information, enterprises need to implement more fine grained security mechanisms and access control policies within the centralized or cloud-based SharePoint systems. IT departments need to pay attention to authorization policies that know who is accessing information and what type of data they are accessing, as well as what time of day, from what location and over what type of connection.

To achieve this, there needs to be proper site governance of both the content and structure of the SharePoint site. Note that this goes both ways, so that content that is created and changed on mobile devices need to follow the same set of authorization policies as those on the SharePoint site.

The good news is that SharePoint, Microsoft Outlook and Windows file server provide integration with identity providers like Active Directory Federation Services to enforce fine grained policies on what types of information users are permitted to view and access, even to the point of the specific device the user is connecting with.

Also note, for compliance with some of the more rigorous standards like HIPAA and SOX, enterprises need to go beyond access controls and encryption. To comply with these rigorous standards they need to implement logging and auditing to provide a trail of where the content is and has been.

3. Containerization

At the recent Gartner Security and Risk Management Summit, analyst Eric Maiwald commented: “BYOD means my phone, my tablet, my pictures, my music – it’s all about the user.” We could add to that: my confidential documents, my customer lists, my company financials, my bids and my patent information, and we have the full picture.

Separating corporate and personal data can be a thorny problem. One solution is containerization and this topic deserves an article all on its own. For the purpose of this article, we’re just making a note of its advantage. There are many choices for technologies for separating out and managing corporate email, applications and data. Just beware in making your choice, though, you’ll often need to use the vendor’s API and SDK to link customized apps to the container.

4. Jailbroken Devices

It’s no joke when a jail-broken iOS device appears on your corporate network. These devices pose a serious security risk. Worst case scenario is that malware can be introduced to your network through the use of unauthorized apps, and many jailbroken iOS devices also install a secure shell server that remote attackers can exploit.

Many MDM solutions are able to detect jail-broken devices, but don’t rely on your container solution to do this on its own. According to Gartner analyst Eric Maiwald: “If you have a rooted device, a container will not protect you.” You’ll need a multi-layered approach to jail-breaking, starting with educating employees about the risks and implications of jail-breaking their devices.

5. Malicious Apps or Hackers

What if a malicious app or person tries to access corporate documents? It has to be about the security settings you ensure all employees set on their device. For iOS devices, for example, encrypting vital information and user’s SharePoint credentials with hardware encryption and then storing them in the device’s Keychain will protect sensitive data. You’ll also want to pay attention to rogue apps that use the iPad’s screen capture capabilities, detect any modifications made to the .plist files on the iPad and if content is backed up on iTunes.

6. Preventing Information from Being Shared Externally

Employees often need to share documents with customers and partners, and this does create security issues for IT departments. The biggest issue is when employees send a document as an attachment to an email. Once that happens you lose the thread of who is sharing the document with whom, and there is no knowing who the customer then may share it with.

One solution is to offer the option to email documents as links in SharePoint. This adds extra security as the recipient must have the required SharePoint credentials to access the link and you can set authorization policies around the retrieval of said document.

7. User Interface

On the flip side of enterprise-wide security, we have ease of use for the individual. It goes without saying that if users cannot access SharePoint on their mobile devices or if they cannot access SharePoint content the way they would like to with an easy to use interface, they will look to alternate solutions for collaborating with colleagues and customers.

Out of the box, SharePoint 2013 has paid attention to the mobile experience with four browser-based experiences and the HTML-5-based contemporary view option, as well as the ability to design your own view based on your organization’s usability requirements. Your ability to choose the experiences, though, depends on a number of factors, including the devices you have and the type of site you are trying to enable.

There are also a number of third party solutions that cater to a wide range of devices to ensure employees adopt SharePoint for their mobile experience. Just note, that the user experience is tantamount to the success of your deployment and it starts with the user interface.

8. Working with Documents Offline

Field workers, sales professionals, external auditors are just some examples of employees who spend a large portion of their working days away from the office. To work efficiently, they will need offline access to email content stored in SharePoint. You’ll need a solution that allows users to selectively cache their SharePoint content to give them instant access to remain productive on the road or in the field.

There you have it. My hit list of measures you need to consider for successfully deploying a BYOD strategy in SharePoint.

I got SharePoint for Free, now what?

 

Editor’s note: Contributor Ben Henderson is Manager of Sevices at Colligo Networks. Follow him @ben3003

2013-03-18-SPForFree-01.jpgI read a SharePoint Pro blog post earlier this year, “We Bought SharePoint–Now What?” and it got me thinking, people actually pay for SharePoint?

How do they pay for it?

Do they pay in the time it takes up trying to deploy the software? Do they pay in the amount of time it takes to get end users up to speed? Do they pay for the hardware needed to run SharePoint, or the cloud service of choice? Do they pay for the customization needed to get the software to meet the business requirements? Do they pay for the 3rd party tools that allow them to integrate the software into their environment? Do they pay for the training that end users need?

I remember when SharePoint was free.

If the customer was even slightly sitting on the fence with whether to go for SharePoint or another solution, it seemed like Microsoft would just remove the price tag. Also with the amount of MSDN licenses out there , it’s also got plenty of installations from people just testing the software. But those people are still paying for SharePoint and will no doubt go on paying more and more as time goes on.

What would happen if you didn’t pay?

There are companies out there running the free version of SharePoint, no customizations, and no hardware plan. In fact it’s usually on an old desktop machine under somebodies desk and has grown organically through the organization, as people understand the potential. This is OK though, as it grows people start adopting when they feel like it, not when they are told. When they have a spare Friday afternoon they will look into it and learn it at their pace, if they want to.  The main issue with this (and there are many more) is that it will end up as another system that people can use. It will sit in a bucket with DropBox, File Shares, Box.net, OpenText, and will die a death with only some users using it, and no support from IT or the business to invest in support and maintenance of it.

So back to the blog title, “I got SharePoint Free, now what?”, it’s fair to say you best get your wallet out if you want SharePoint to be even close to a useful business tool.

SharePoint: Get the business to own the content types


You may also be interested in: SharePoint-based solutions by B&R Business Solutions


 

Editor’s note: Contributor Ben Henderson is Manager of Sevices at Colligo Networks. Follow him @ben3003

On a recent engagement we were tasked with building out a content model that would satisfy departments involved in the first phase of a SharePoint implementation.

The primary aim of the process was fourfold:

  1. Brief candidates from all departments through an information sheet asking them to consider the types of documents they use on a day-to-day basis.
  2. Assess their current knowledge and ability through follow up interviews.
  3. Provide an example of what we are looking for.
  4. Provide them with a starting point to work from in order to build up the content model.

I am not saying that this is the perfect solution but I believe that there is a fine balance between handholding, and leaving them to sink or swim. This approach seemed to fit right in the middle of that and worked well with the strategy of the business.

Why did we take this approach really? It was basically because we felt we needed the business to own the content model.

If we had created it for them then there would have been adoption issues, push back, and inaccuracy in the information within the content model. But the issue with getting the business to own the content model is that they need to understand what a content model is. Something even IT Pro’s struggle to understand.

I have seen issues with the understanding of content types. The business likes to define content types as file types (doc, pdf, xls, jpg) and there is a big knowledge jump needed to go from there to full understanding of the concept.

One technique that we used with great effect is asking them to bring some files that they currently have stored and would say they were “business documents”.

An example of this was Invoice_for_Enron_Oct_2012_Final_Signed.pdf and gave us a great starting point to begin to explain how content types are built up.

Explaining that the content type is Invoice, and the other bits of information are properties that pertain to the invoice that was a great start to the conversation.

Perhaps try it with the documents you have saved on your desktop? Or do you use other simple techniques to share with the community?

SharePoint and those little tick boxes that do so much


You may also be interested in: Documentation Toolkit for SharePoint by Acceleratio Ltd.


 

Editor’s note: Contributor Ben Henderson is Manager of Sevices at Colligo Networks. Follow him @ben3003

When you are working with SharePoint you soon learn that there are some little changes you can make which will make a big difference to the way you end up working with the application. An example of this is Content types. Content types are not enabled by default within a document library but as soon as you turn them on they open up a world of opportunity, allowing you to store documents that have different metadata requirements alongside each other in a document library. And that’s just the start of things you can do with content types.

The example I want to explain and go through was brought to my attention as soon as I registered to blog here on NothingButSharePoint (you will see that this is my first post). After being sent the link I was greeted with the My Site homepage; the default out of the box one that has no content and is seen on the majority of the SharePoint 2010 installs that I have visited.

2012-08-22-TickBox-01.png

Now there isn’t a whole heap of work that is needed to turn this into a useful page which users will go to when they click on the My Site link. You need access to central admin, so for that you may need to convince your SP admin to do the work, but it really is just one tick box that needs enabling and it’s probably the case that the background processes are already working.

Have your email administrator go into SharePoint central admin and enable the newsfeeds (Central Admin > User Profile Service > Setup My sites)

2012-08-22-TickBox-02.png

This will make the My Site page useful, and not just an additional page stopping you from getting to where you want to go. If any of the people you have added as your colleagues are active on SharePoint or on their My Site then the content will be aggregated to this site, just like a Facebook wall. If users like documents, comment on documents, change their job info or anything like this, then that information will be shown here too.

I believe it`s the first step you need to make SharePoint a social platform, and it`s just a tick box! I would like to hear your experiences of simple tick box’s making a big difference on your SharePoint environment.