As cloud-hosting options for SharePoint mature, organizations are hoping to capitalize on cloud benefits while mitigating many of their risks. One way to hedge your bet is to incrementally migrate certain workloads to the cloud, while keeping others on-premises. In this session, we’ll walk through a number of hybrid scenarios and consider how governance plans and compliance policies may be affected and how to maintain a hybrid-healthy security posture. Whether your plans are for Office 365, Amazon, Azure, or other providers, we’ll share practical guidance to help you vet your hosting strategy.
7. No Up-Front Capital Pay Only for What Low Cost
Expense You Use
Self-Service Easily Scale Up and Improve Agility &
Infrastructure Down Time-to-Market
Deploy
12. “Public” “Public”
EC2 “Classic” EC2 “Classic”
Instance
VPC VPC
AMI
EBS EBS EBS EBS EBS EBS
Availability Zone Availability Zone
Virtual Machine Running or
Configuration Stopped VM
EBS
Snapshots S3 Buckets
S3
Region
13. Windows, SQL, Active AWS Security, Virtual Private
Directory Cloud, Active Directory
Standard, Enterprise, Search, On Demand, reversed
BCS, etc. instances, etc.
Quickly deploy, rapidly scale „Extended Enterprise‟ using
VPC/VPN, SaaS, etc.
Networking, security, etc.
27. assess the risks and potential costs of non-
compliance against the projected expenses to
achieve compliance,
28.
29. The onslaught of risk and compliance issues related to
Information sharing includes:
30.
31. Strategy is to consistently set a “high bar” around privacy practices
that support global standards for data handling and transfer
No Advertising
No advertising products out of Customer Data
No scanning of email or documents to build analytics or mine data
Data Portability
Office 365 Customer Data belongs to the customer
Customers can export their data at any time
No Mingling
Choices to keep Office 365 Customer Data separate from consumer services
32. Microsoft is the first and only major cloud based productivity to offer…
ISO27001
ISO27001 is one of the best security benchmarks available across the world.
EU Model Clauses / EU Safe Harbor
EU Model Clauses a set of stringent European Union wide data protection requirements
Data Processing Agreement
Address privacy, security and handling of Customer Data
Going above and beyond the EU Model Clauses to address additional requirements from individual EU member states
Enables customers to comply with their local regulations
US Health Insurance Portability and Accountability Act (HIPAA)
HIPAA is a U.S. law that requires HIPAA covered entities to meet certain privacy and security standards with respect to
individually identifiable health information
33. Transparency/ Data Protection/
Collaboration Management
Editor's Notes
As cloud-hosting options for SharePoint mature, organizations are hoping to capitalize on cloud benefits while mitigating many of their risks. One way to hedge your bet is to incrementally migrate certain workloads to the cloud, while keeping others on-premises. In this session, we’ll walk through a number of hybrid scenarios and consider how governance plans and compliance policies may be affected and how to maintain a hybrid-healthy security posture. Whether your plans are for Office 365, Amazon, Azure, or other providers, we’ll share practical guidance to help you vet your hosting strategy.
From Jeremy’s article: Now that essentially every employee is a “content contributor”, how do you address the inherent new risks associated with meeting regulatory, statutory and organisational compliance mandates? According to a recent study conducted by the Society of Corporate Compliance and Ethics as well as the Health Care Compliance Association, fears of an accidental breach far outweighs the fears of an intentional one - 61 percent of those surveyed believed an accidental breach by employees was “somewhat or very likely”. Fear can be a motivator, but it seems that for SharePoint deployments, many organisations are turning a blind eye to incorporating the platform into overall compliance strategies. According to a report from AIIM, while 53 percent of those surveyed consider SharePoint their primary ECM system, more than 60 percent of organisations have yet to incorporate their SharePoint deployments with existing compliance policies.
Fortune 500 energy company in California -- Lawsuit involved $60M in fine records that should have been expunged were found.
VA – patient record sharing – Google Docs – huge trouble privacy (PHI)Dropbox – innovation demandsCompliance Officers overwhelmed by compliance alerts – 20M alerts per month – 700 SP Servers – how do you manage all of this?