shutterstock_184473665.jpg

Summit 7 Team Blogs

Roadmap and Strategy: Part 2 “Why is SharePoint Strategy Important?”

Is SharePoint a business critical platform for your organization? Why?

  • Is it a front-end for a critical business process?
  • Is it the BPM engine for a critical business process?
  • Is it a content repository/silo for a business critical process?
  • Does your CxO know SharePoint exists and use it regularly?

If you answered “yes” to 1 or more of these questions…then you’ve got BCSP (Business Critical SharePoint). It’s not a disease…it’s a different approach to implementing SharePoint. BCSP requires a structured and methodical approach to your technology platform. What makes it a critical platform? What does it connect to? How bad does it hurt if were out of service for 4 hours? 2 hours? 24 hours? Where your strategy should begin, and the shape it should take, is dependent on many factors, such as:

  • Your organization’s appetite for change
  • Organizational Structure and Accountability
  • Organization’s defined strategy (think of a multitude of defined processes) for building a collaborative model – or  a lack thereof

Last, but not least, don’t make this difficult – if you are part of an organization that has a defined vision and a willingness to fund success, SharePoint can be a pleasure to implement.

 If your organization does not have well defined roadmap (I'm talking about a business road map, not technology road map), this will oftentimes create dysfunction that surfaces in SharePoint – and SharePoint gets the blame. Without a well defined corporate strategy, we need to loosely define the information and process buckets in SharePoint to make it more adaptable. Does this limit enterprise management of things like social, ECM, and BPM? Sure it does- but, trust me, you don’t have much choice. SharePoint cannot solve your organizational dysfunction – our best bet is to architect the platform to be flexible without a solid organizational strategy. Once you have been honest with your organization and yourself, we can start defining a conceptual design for SharePoint.

Step #1: Are you starting big or starting small?

What do I mean by this? Starting small is beginning SharePoint with a small part of the feature set and most likely a small user base. Examples are project sites, process improvement sites, single HR processes, single ECM libraries and the like. Starting small will allow you to get targeted, strategic wins to fund further platform initiatives and expansion. How do you avoid making decisions that negatively impact the platform when it is BIG? Ah….great question. That will take somebody with lots of experience who can assist with items like managed metadata, solutions architecture, ECM, etc. Starting big means building out an entire SharePoint architecture and framework that both aligns with the current state of the business, yet can scale and morph to match the future state of the organization. This is a fine way to architect as well, but it will have a very different roadmap to success than if you are starting small. If you are starting BIG – then you must have a very talented architect that understands SharePoint.

A word of caution: we’ve found that you can do the complex in SharePoint on a small scale or in targeted sites, but if you are going REALLY BIG, then simple SharePoint seldom sucks. Keep it simple and you can grow big, or write some fancy code and policies, and keep those point solutions small.

Ok, if you are with me to this point – awesome. It gets better… Before going into the details of how we now help clients create SharePoint strategy and align with the business, let’s take a look at the Strategy and Roadmap Planning Chart.

Step #2: Point Solution vs. true Enterprise Solution - what’s the difference?

We can be successful with either approach, but it is a very different strategy depending on which direction you take. As you can see above, we measure projects not only in size (small or large), but also if they are driven by executives (top-down) or by business users/IT (bottom-up). Many professionals see the differences of strategy between small/large and top-down/bottom-up, but not all of the above. To truly get an understanding of your direction, you have to know where you fit on the Summit 7 Systems Strategy and Roadmap Planning Chart. 

Having a road map and understanding the total cost of the project before you begin is very important. Otherwise, you get deep into a project and then get to a very expensive roadblock. Common roadblocks are branding, security, mobile and unreasonable stakeholder expectations. A solid strategy and roadmap can overcome these obstacles and usually prevent the risks from becoming issues.

 

Step #3: Define the Branding and User Experience

We do not have to solve the entire Branding and UX issue in the very beginning; Summit 7 Systems uses a three-tiered branding approach with clients:

Tier 1

Tier 2

Tier 3

Core Theme/Colors:
Publishing Sites

Standard Site Templates (Wiki, Team Site, Blank Site)

Document Workspace

X

Blog

X

X

Meeting Sites

X

X

Document Center and Records Center

Basic Search

MySites

X

X

X

Summary Link Web Parts

X

X

X

Content Editor Web Parts

X

X

Predefined Table Grids

X

X

X

Calendar

X

Site Administration/Site Setting

X

Theme-able Color Schemes:
Allow use of Themes

X

Design Layout:
Fluid Width

Fixed Width

X

X

Master Pages:
V4_custom.master (used for Team Site, Blank Site, Document Workspace, Blog*, Group Work Site)

Minimal.master (used for Search Centers)

X

MySsite.master (used for MySite Host)

X

X

X

MWSDefaultv4.master (used for Meeting Sites)

X

X

Customization:
Custom Page Layouts (2)

Custom Controls

X

Third Party Tools

X

X

JQuery

X

X

Custom Web Parts

X

X

Custom Navigation

X

Custom Site Definitions

X

X

Browsers: (current and previous version only)
IE 8 and 9

Firefox

Safari

X

Mobile

X

X

iPad

X

X

Branding and UX are often overlooked in the envisioning stage and seen as a simple process to implement – this misconception could not be further from the truth! Creating a branding and UX strategy can be a very time consuming process that, while not always difficult technically, can be very challenging politically. If IT could simply create and/or approve designs, we could get through branding projects in 2-6 weeks. However, this is never the case. Marketing and Communications get involved, a client’s advertising agency get involved, basically anyone that cares about what their new SharePoint site will look like gets involved!

Once again, who’s in charge? When there isn’t a clear leader in charge of branding and UX we get countless cycles of back and forth on approvals for mockups and graphics. This cycle burns valuable consulting time and, as a result, dollars.

Step #4: Balance Security, Governance, and Usability

Protecting information and information systems from unauthorized use, modification, disruption, and destruction is fundamental to the success of your implementation. All of you old-school CISSPs will readily recognize these words- confidentiality, integrity, and availability. These are the core principals of information security. What is not always apparent is that many of the variables discussed here are mutually exclusive within the context of customer requirements and system constraints. Therefore, it is important to consider both the user’s requirements as well as the infrastructure ramifications of selecting a given alternative. These cannot be done in a waterfall process model – they must be performed in-step and by a professional that understands both the business and the technology. Remember, there is no silver bullet for security planning – it takes time, experience, and refinement for the perfect balance of usability and security.

Usability

A usable system is one that is intuitive, compelling, and aligns with your organization. A common issue we have encountered during real world designs is the resistance of the security team to a Web collaboration platform. Specifically, they are often concerned with the ease of which content is created and authorization is performed. While these concerns can be valid design constraints, the fact is the primary benefit of SharePoint is the ease of collaboration and content management - this includes the delegation of authorization. Old school security specialists learned their skill in a time period where technology had boundaries, was protected by firewalls, and “social” computing networks were mainly limited to computer professionals. Now, everyone has easy access to social computing tools, cloud storage, and Web sites. As you know, the ease of sharing information has far outpaced organizations’ ability to secure those networks. Users are opting for the simple, easy solutions provided by these social and cloud platforms, and bypassing secure systems that organizations have spent small fortunes to create.

What does this have to do with SharePoint platform strategy? Companies can no longer exclusively depend on secure dial-up modems, floppy disks, and firewalls to ensure integrity of data and provide confidentiality. Out of the thousands of users we have interviewed, at some time in the past the vast majority have posted work related material in online mail systems, social Web sites, cloud storage, and external storage media. The challenges we are facing in securing information today has as much to do with providing a compelling and reasonable collaboration platform, as it has to do with user authentication and authorization.

A fascinating question we have asked users’ over the years is “what’s the first thing you did when you came to work today?” The answer: “I opened Outlook and answered emails.” Yes, email is one of the foremost, if not THE foremost, tools used in sharing information. What level of security does that provide? Most likely – it provides very limited authentication and almost no authorization control. In fact, you’ll have confidential files in sent files, inboxes, and scattered across multiple email accounts. SharePoint can do a great deal to centralize this data in a system that can be audited and backed up, with data loss prevention tools successfully leveraged. When your security team balks at SharePoint groups and the ability of site owners to add and remove authorization, remind them that in all likelihood that content is going across email today. While we cannot guarantee this in your organization, it is almost always the case.

Even a SharePoint implementation that follows few best practices generally provides better security than Outlook. With an email client, there are few controls for re-sharing information – emails can be forwarded. What if that content was in SharePoint and the URL was emailed instead of the entire document? Now, if that email is forwarded outside of the organization, it is most likely a dead link.

Don't get me wrong, it is still critically important to secure the servers, application, network, and properly train the users. These points form a cohesive strategy to secure the platform, but know that this is only the beginning of forming a security plan. You need to ensure usability of the platform to retain users in SharePoint, otherwise, they will find other means to collaborate and transmit data.

Data Fragmentation Security Risks

One of the most requested features of collaborative systems is a common place to store and share content. A very common complaint is the lack of ability to easily archive and store information on file shares, thus leading users to heavily rely on Outlook as their primary storage and collaboration tool. This presents many issues, the least being excessive and unnecessary storage on corporate Exchange Servers. Why is Outlook the number one collaboration tool at most companies? It does not require approval of permissions nor the effort to comply with mandated organizational processes. Users revert to Outlook and Exchange Server as the collaboration tool because it’s there, it’s easy, and it’s immediate. This places an organization’s security posture and content management plan in a weakened, and difficult to mitigate state. While no system can address all areas of security and content management concern, we believe that SharePoint, if implemented according to a well-planned road map and governance plan, will enhance most organizations IT security posture and enable you to better audit, report, manage, retrieve, and secure content in the future.

Governance isn’t necessarily security. Governance plans mitigate organizational risk. Other “stuff” needs to be in your training plan, mentorship plan, and baked into your processes.

An additional risk is external storage media. The use of external USB drives and thumb drives has proliferated in recent years. Unfortunately, users quickly took to sharing information on these drives because they 1.) Don’t trust the file share, 2.)Exchange Inbox was full, and 3.) Files were too large to send in email. These scenarios present two primary content management issues: Security and Management. To the first point about security, we simply do not know what is contained on these external drives. For example, let’s assume the finance department has several processes using these drives and we must then further assume there is confidential information, such as social security numbers, on these drives. This confidential information is now  isolated and can be easily lost. Second, there is no doubt duplicated information on these drives. It further fragments data in addition to file shares, my documents, Outlook, and 3rd party Web systems. One of the primary goals of any SharePoint Server implementation will be to create a place that people can easily share information with others, negating the desire to use one of these sub-optimal storage locations. To accomplish this, the user experience is paramount to the success. What IT often considers ‘small things,’ such as password prompts, can wreak havoc on the success of a SharePoint implementation.

For executive buy-in, try an offline client  for desktops and iPads.

Additionally, a carefully thought-out user training and communication plan is very important. If people do not understand when, why, and how to use SharePoint, they will most likely revert to comfortable methods of collaboration, regardless of the inefficiencies. So, this blog is getting long – I’m going to stop for today and leave the rest for part 3 of the “Why is Strategy Important” blog series.

 

Cheers and see you next time!

 

Ben Curry

 

SHARE THIS STORY | |
About Ben Curry