Proven Practices for Content Management
The goals of any enterprise content management (ECM) system are to connect an organization's knowledge workers, streamline its business processes, and manage and store its information. Microsoft SharePoint has taken hold as the leading content management system in today's hyper-connected and hyper-competitive business landscape as organizations look to foster information transparency and collaboration—by providing efficient capture, storage, preservation, management and delivery of content to end users.
A recent study by the Association for Information and Image Management (AIIM) found that 53% of organizations currently utilize SharePoint for ECM. SharePoint's growth can be attributed to its ease of use, incorporation of social collaboration features, as well as its distributed management approach, allowing for self-service. With the growing trends of social collaboration and enhancements found in the latest release of SharePoint 2013, Microsoft continues to facilitate collaboration among knowledge workers.
As SharePoint continues to evolve, now becoming the very fabric of information worker workloads and an integral part of Microsoft's unified communication technology stack, it is essential to deploy an integrated end-to-end solution that will achieve the vision of efficiency and collaboration without compromising on security and compliance. In this way, organizations can stitch together a seamless solution across heterogeneous environments into a cohesive content management and enterprise collaboration strategy—one that ultimately lowers the cost of today's operations while significantly improving business connectivity, innovation velocity and competitiveness.
The growing usage of SharePoint for ECM, however, is not without risk. AIIM also estimated that 60% of organizations utilizing SharePoint for ECM have yet to incorporate it into their existing governance and compliance strategies. With Gartner positing that 20% of chief information officers will lose their jobs by 2016 for failing to implement disciplined information governance, it's imperative that organizations establish effective information management strategies to support secure collaboration.
In order to most effectively utilize SharePoint for content management, there are several best practices that must be incorporated into information governance strategies as part of an effective risk management lifecycle. The goal of any comprehensive governance strategy is to mitigate risk—whether this entails downtime, compliance violation or data loss-to the organization. In order to do so, an effective lifecycle must be established that, at a high level, includes the following components:
Developing a plan. When developing your plan, it is necessary for organizations to fully understand the types of content SharePoint is required to support before establishing rules and regulations. Performing this initial discovery is imperative to involving the appropriate business owners and gathering any regulatory requirements. These requirements will help drive information management policies for content security, information architecture and lifecycle management. When determining the best approach to implement and enforce content management and compliance initiatives, chief privacy officers, chief information security officers, compliance managers, records managers, SharePoint administrators and company executives will all have to work together to establish the most appropriate processes for their organization as well as an action plan for how to execute these processes. During the planning phase, your organization should perform an assessment, set your organization's goals, and establish appropriate compliance and governance requirements and standards based on the results of the assessment to meet the business objectives outlined.
Implementing your governance architecture. Once your organization has developed a good understanding of the various content-and its requisite requirements-that will be managed through SharePoint, it is time to implement the governance architecture that will act as the framework to support these policies and requirements. In this phase, it's important to plan for technical enforcement, monitoring and training for employees that address areas of risk or noncompliance. It's important to note here that while SharePoint is renowned for its content management functionality, there are specific challenges that come with utilizing the platform as a content management system for which your governance architecture must account: content growth and security management.
In order to implement effective content lifecycle management, organizations must address and plan to manage growth of sites, files, storage, and the overall volume of content. Gartner estimates that enterprise data will grow 650% by 2015. Organizations without a governance strategy often struggle with proliferation of content, or sprawl, with no solutions to manage or dispose of it. This is a near ubiquitous problem with file servers. Over time, file servers grow to the point where they become a bit like the file cabinet collecting dust in the corner of your office, near the accounting department. It's easy to add in a new file, but can you find it later when you need it? The challenge comes from our planning on how to organize and dispose of out-of-date content. (For more information on available solutions for managing file share content, please read the sidebar, "Managing File Share Content in SharePoint with AvePoint".)
SharePoint offers much better technology to address these challenges, but only if it is enabled as part of your governance plan. Information management policies can be used to automatically delete documents, or you may be using third-party solutions to archive documents, libraries and sites to cheaper forms of storage. By default in SharePoint 2013, Shredded Storage is enabled to reduce the overall storage footprint of organizations that are utilizing versioning as part of their document management strategies. Remote BLOB Storage (RBS) can also be enabled natively or through third-party tools to reduce SharePoint's storage burden on SQL Server.
Tagging and classification plays a key role in information management. Proper classification can improving content findability—from a user perspective to continue to drive collaboration, as well as from a management perspective as many native records management and retention policies can be established based on metadata. Organizations can utilize SharePoint's extensive document management and classification features, including Content Types and Managed Metadata, to tag and classify content accordingly and support the automation of content lifecycle management. Third-party tools that extend SharePoint's native capabilities can also filter for specified content when applying management policies for storage, deletion, archiving, or preservation. Ultimately, however, the people in your organization will play the biggest role here. As such, your plan should identify who the key data stewards are and the areas for which they are responsible. This role is often filled by a "site librarian" or those responsible for risk management in the enterprise.
Addressing security management concerns also play a critical role in establishing an effective governance architecture for your SharePoint deployment. In order to minimize risk to the organization, it is imperative to ensure information is available and accessible to the people that should have it, and protected from the people that should not have access. As with any process that governs how people interact with information and technology, SharePoint's highly customizable and configurable nature means that there is a great deal of leeway with regard to how automated you can make the process. Manual processes might involve more manpower, lots of documentation and, as with any manually intensive process, may be prone to human error. Fully automating processes, however, means trusting the technology and often requires us to be able to audit any action technology solutions take on SharePoint environments and assets. Technology solutions can be incorporated into overall compliance processes to allow the implementation of automated access and content controls for enterprise-wide SharePoint systems and the content stored within it, enabling key stakeholders to understand how their SharePoint sites are being used and subsequently establish appropriate controls to maximize efficiency and access while also helping to prevent breaches.