SPC14 – Day 2 – Overview of compliance in SharePoint and Office365

SPC14-logoWell it’s the second day of the SharePoint Conference and I’ve survived the AvePoint Red Party 🙂 And now it’s time to look at the first session of the day. And this is a purely business track: compliance!

During this session the Microsoft vision on compliancy was explained. The Microsoft vision entails:

  • Do not effect the end-user;
  • Empower the compliance officer;
  • Easy for IT.

One of the conclusion of this: leave the data were it is and use in-place records (do not effect the end-users). Compliance officers are empowered by the new Compliancy Center. This is great: all auditing, IRM and other settings are now available from one administration page. Cool.

Some other cool new features:

  • Retention policies are now called “Document Deletion Policy Center” and these can be assigned to site collections and site collection templates.
  • In-place hold. When a site is placed in an in-place hold, all information is preserved. When a user deletes a document, the document is placed in the hold. This enables you to go back in time to when the document was created (for example).

Data loss protection (DLP)

Data protection is very important. Most of the time data is not lost because of malware, but by accident. Either way, data loss should be protected. Data protection is already available in the form of s/mime, IRM and  TLS. Microsoft now offers in Exchange and SharePoint some more options.

During the session this was demo-ed using an email. This email contained a phony credit card-number. When this number was changed to a valid number, the system (Exchange) noticed and Outlook showed a warning. Even when using an attachment containing credit card-numbers, Outlook was able to detect the problem and show a warning. Very cool.

A bit big brother, but useful. Off course, these policies are managed using the compliance center.

WIN_20140304_094239

In SharePoint, sensitive information is going to be protected using 51 (!!) build-in document classifications (for example: “credit card”). These can be used in eDiscovery, search, policies, et cetera.

A very nice new feature in the Office365 audit-log was: “View the datacenter admin audit-log”. In other words: see what the Microsoft datacenter admins have been doing in your tenant. Very nice!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s