Helping you know your content

MetaVis Technologies Phone: (610) 717.0413 Email: info@metavistech.com www.metavistech.com

5 tips for Managing and Administrating SharePointand OneDrive for Businessby Steve Pogrebivsky CEO, MetaVis Technologies

Before I dive into the list, I want to address misconceptions that are relevant to this discussion.

The first is the idea that if a customer moves their environment to the cloud, they no longerneed to manage or administer it. That is far from the truth. There is unquestionably a reductionor even elimination of cost and resources associated with maintaining the hardware andinfrastructure for those systems when they resided in-house, but the need to monitor andmanage the resources in the cloud does not diminish at all (and arguably increases).

Secondly, there is a lot of literature and a number of polls espousing cloud adoption trends. Allof these give the impression that customers are adopting the cloud wholeheartedly andmoving into it en masse. Dealing with thousands of customers, I have come to the conclusionthat customer’s decisions are as unique as their needs. Some are adamant that all their systemsstay in-house; others have quickly moved everything to the cloud, while many are just on thefence. Generally, they have a hybrid environment where some systems like email or SharePointare totally or partially in the cloud, while others remain in-house.

1. SecurityManaging security is a top priority independent of where your systems are located. SharePoint is aposter child for what can go wrong when giving customers what they ask for. In concept, SharePointobjects inherit their security from their parents. This works well until inheritance is broken. I canprobably write a separate article on this but for our purposes let’s just say that having a good graspof your broken permission inheritance is a good place to start.

To follow up on this, administrators often need to understand who has access or rights to whatinformation and locations. This information is relatively easy to get for a specific SharePoint objectsuch as a list or site, but an overview is a challenge and can leave parts of your system exposed.

With OneDrive, customers now have an authorized way for their employees to share content withinternal and external partners. This capability is not without security risks (more about this later) soa comprehensive inventory of who is sharing what with whom is a must.

2. Transferring PermissionOn the heels of analyzing and understanding existing permissioning, admins have the responsibility

Helping you know your content

MetaVis Technologies Phone: (610) 717.0413 Email: info@metavistech.com www.metavistech.com

to manage them as a daily activity. However, one aspect of that task is often ignored. If you’ve everadministered Exchange, I am sure you have had the responsibility of forwarding a mailbox when anemployee leaves a company. With SharePoint and OneDrive, content belonging to this employee isusually left unaltered, resulting in orphaned permissions and objects. As with email boxes, goodpractice for administrators is to put together a procedure to transfer these to someone else.

3. Monitoring UseOne of the biggest complaints by SharePoint administrators and users alike is how quickly Sites canbecome overwhelmed with irrelevant content. While the creation of Sites always starts with thebest intentions (e.g. collaborate on a project, store documents for corporate department or to shareinformation with a specific audience), there is a tendency to start dumping data until it becomesvirtually unusable.

I recently worked with an admin for a large governmental agency who was trying to manage alibrary with 14,000 documents. The kicker was that many of these had hundreds of versions.Assuming that storage is not a limitation, at the very least that kind of content sprawl will result inmany hours of clean-up that could have been avoided by proper monitoring.

On the flip side, while many Sites are used for a specific task and then cast aside, others are simplynever used. In environments with a storage quota such as Office 365, this presents an opportunityto salvage them for other use. In addition, unused sites may have sensitive information that was leftbehind without any oversight or ownership. There is some irony in the fact that companies spent$46 billion in 2013 on cyber security, but often forget to do basic housekeeping to eliminate thesource of this data.

Administrators should also have insight into what type of content is being stored. With Microsoft’srecent announcement of 1 TB of storage for each OneDrive for Business user, space is less of anissue than for SharePoint sites. Nevertheless, it should not become the primary backup and sharinglocation for personal pictures and videos. Keeping an eye on content growth and distribution canprevent some uncomfortable conversations down the road.

4. Backup, Archiving and RestoreI argued above that moving to the cloud does not relieve admins from essential administrativetasks. I would include Backup and Archiving as part of this. Undoubtedly the benefit of the cloud isthat the provider takes care of the heavy lifting such as redundancy, disaster recovery and updates,but when it comes to Backup, the solution provided is “one size fits all.” s for Admins) and thendisposed.

Helping you know your content

MetaVis Technologies Phone: (610) 717.0413 Email: info@metavistech.com www.metavistech.com

For example, Microsoft maintains a 14 day backup of sites for disaster recovery (and it may take aday or two to recover a site upon request). In addition, deleted content is maintained in the RecycleBin for 30 days (90 day

Many SharePoint environments are too critical to fit into this offering and should be backed up tolocal storage or another cloud provider. Besides having easy access to their content in the event ofan outage or data loss, admins can do granular restores of individual items, lists or sites well beyondthe standard time limitation. In addition, with highly secure environments it is also a good idea tobackup the permissions. In the event they are maliciously or accidentally altered, a quick restore canbe made.

In many ways OneDrive for Business is analogous to email boxes. If you are considering or haveimplemented a centralized backup for your email, OneDrive should also be included in theconversation. Having a centralized OneDrive backup allows admin to quickly recover lost, deleted orcorrupted files or the contents of an entire OneDrive if it is removed.

As part of the section on Monitoring Use, I discussed the problems with unused or discardedSharePoint sites. The same logic applies to OneDrive when an employee leaves the company. Manyincidents of information leaks occur when ownership to content lapses for one reason or another.Once unused content is identified through monitoring, a policy to archive and off-board should be inplace. With a standing backup and archive plan, unused SharePoint sites and OneDrive can beremoved without concern.

5. Content DiscoveryThe concept of understanding the content that is uploaded to SharePoint or OneDrive for Businessis not usually something that is a priority of most administrators, but with the abundance of cloudstorage it probably should be. While companies have both fiduciary and regulatory responsibilitiesto protect and secure their content, they also need to balance that with the need to collaborate. Soyou should be considering how to gain an understanding of what information is actually stored inSites and OneDrive.

There are several ways to do that. As I touched on previously, getting an overview of the types ofcontent (e.g., pictures, videos, documents, spreadsheets, etc.) is step one. A more advanced optionis to scan or search content for specific patterns. Some basic ones include social security and creditcard numbers. Many organizations must also comply with government regulations, such as HIPPAand PII and/or have specific company policies. A more sophisticated rules engine may be requiredfor this type of discovery.

Helping you know your content

MetaVis Technologies Phone: (610) 717.0413 Email: info@metavistech.com www.metavistech.com

Steve Pogrebivsky is an expert in information management and content management systems with over 20 years ofexperience. As co-founder and CEO of MetaVis Technologies, he is responsible for overall management and productstrategy for the company. Steve has worked at a number of technology companies developing software for contentmanagement systems and enterprise integration. Steve was a co-founder of Stelex Corporation, a software andservices vendor to FDA regulated industries. Steve developed and managed many of the company’s product andservice offerings from its launch in 1991 to its acquisition in 2002.

Steve holds Computer Engineering and MBA in Information Systems degrees from Drexel University. You can followMetaVis on Twitter@MetaVisTech or read the MetaVis blog at http://blog.metavistech.com/

About the Author