Migrating to Office 365 or SharePoint Online? Part 4: Enforcing your data and security policy

data-breachesMost SharePoint environments have grown organically and as a result SharePoint sites have become digital landfills with no monitoring, reporting and or enforcement. Its not that IT departments don’t want to do the right thing, they simply can’t in most cases due to lack of staff and tools. In addition, no control plan and executive support to execute and manage the control plan ongoing. Unfortunately, until there is a serious breach or lawsuit most executives are oblivious regarding the risks and the steps required to correct the situation. For my 12 step plan for moving to the cloud, read Migrating to Office 365 – 12 steps that will help you get there.

In Part 3, you were tasked with updating and reporting on all the site collection owners. Completing Part 3 the site collections ownership has been updated to include the business area executive, primary and secondary owners to reestablish security and data policy compliance, billing and audit requirements.

In Part 4, you will focus on a detailed data classification and mapping exercise that will enable your organization to enforce its data and security policy. For example, migrating data to the appropriate platform (Cloud / On premise) based on your policy. Transitory data that isn’t classified confidential or non-public can be moved to the cloud. Data that is confidential will be kept on premise. In addition, cleaning up permissions before the migration is recommended as most environments have not been setup and managed by untrained site owners. It’s common to find permissions issues ranging from numerous sites owners, lack of group usage and broken permissions at all levels of the sites and sub sites.

Sounds like a lot of work doesn’t it? It is and many skip it and risk data loss and law suits from exposing client information and or other non-public information. As one of my colleagues said to me once “Pain me know or pain me later”.

The following are the tasks that must be carried out:

  • Data Mapping – This exercise focuses on mapping the data in SharePoint to the new information architecture. It’s critical that this step occurs and that a high degree of communication and sign off occurs with the business users. To carry out this activity you will require a tool (e.g. NextLabs Enforcer) that scans your site collections and tags data based on your data policy. Work closely with your vender of choice as they will be able to provide you with the support and guidance required. Most scanners have options for scanning based on PCI for example. To determine what you must scan for speak with your Security Manager – request the Control Plan and Data policy documents. These documents will provide you with the information required to run scans and classify data. Keep in mind you’re not conducting an exhaustive classification exercise, that would take much to long in many cases due to the sheer amount of data that exists in many organizations and lack of resources. What your aiming for is traceability back to your Data policy so you can demonstrate compliance to an Auditor. Note that some may choose to simply migrate to Office 365 and then utilize Microsoft Compliance Center in Office 365. The key outcome of this exercise is an itemized listing of sites that must remain on premise and or data removed from SharePoint sites to remain compliant and a updated control plan (e.g. how to handle non-compliance such as notifying site owners and removing PCI data from cloud).
  • Security Model – Your security will provide guidance to SharePoint Admins and Site Owners for applying and enforcing security for site collections and the data that resides within them. Microsoft offer some guidance with a series of documents. I highly recommend keeping this model very simple (and building in measures, enforcement and reporting) as most likely your organization won’t invest much in site security. Here are some simple guideline and feel free to adjust them to your needs:
    • Utilize SharePoint Site Groups as the standard.
    • For data requiring different permissions (e.g. confidential vs public) utilize another site or create a library and break permission inheritance.
    • Allow site owners to manage all groups except Site Collection Admins and Site Owners.
    • Provide online how to videos – quick 1-2 minute how to.
    • Provide your help desk with support scripts.
    • Make site owner SharePoint training a yearly mandatory exercise.
    • Automate the deletion of users that have left the company.
    • Create procedures for audits and the work involved. Provide links to the site owners for the procedures.
    • Updated control plan that details how security will be configured, training required, reported on and enforced by tools, policy and staff.
  • Security cleanup – Here you will report on the current state of security for each site collection. This involves running reports on the site collection security and itemizing each entry and correcting if required. Sounds exhaustive? Yes, it is but in regulated industries you must provide such reports to Auditors to demonstrate compliance. There are many scripts available that can help you with this step such as https://gallery.technet.microsoft.com/office/SharePoint-20132010-68415a22. As with any such resource and time intensive process utilize common sense. You have site collections that your SharePoint admin knows are a mess, focus on those first – think 80/20. The outcome of this exercise is a plan that addresses the highest risk site collections, how to address audit exercises and a plan for enforcing ongoing that is endorsed by the executive sponsor.
  • Ongoing scanning – since you have deployed tools to scan you should (MUST) consider implementing scanning on your destination environments so that you can enforce data policy. For office 365, utilize Microsoft Compliance Center and for on premise utilize Enforcer.

Note that as you address your data and security needs, auditors do not like SharePoint (My Audit training in NJ 2008 was valuable, it gave me insight into how auditors think and how companies handle them) Why? Its distributed security model (e.g. Think AD which is centrally managed with rigor vs SharePoint sites which is in many cases a free for all) and lack of enforcement and structure. If you can demonstrate that your enforcing security and data policy to the best of your ability (e.g. executive support and funding) your ahead of the game.

Found this blog helpful or have suggestions? Contact me roncharity@gmail.com


Looking back on 2016…

On the way into work this week I was thinking about what to write this year and for ideas I read my past “Looking back…” posts all the way back to 2008. The posts reminded of how much has happened the past eight years….some life lessons.

With any decision and related actions there are pros and cons and I guess in a way you roll the dice and take a chance with anything you do. If you don’t you’ll end up in a state of limbo afraid to do anything – not a good place to be. My style has always been one of taking risks, forging ahead and learning from the outcomes. Can I go back a few years and start over but keep what I’ve learned?


Jenna made the honors list for Social Studies, time has flown the past few years and understand what they mean by “They grow up fast…”.

Dealing with Cancer not a fun experience for sure, cant imagine what its like to deal with having that sort of disease – I could only be supportive.

Played a lot of gigs the past two years and many this year, learned much about myself, playing, performing, my gear and what I want to do next. I quit the band I was in and am reforming a new band with some energetic types focused on music targeted at venues we want to play. First off I’m working on my vocals aggressively for acoustic performances and possible lead vocals :)


Out on the Harley Nightser and Specialized Rockhopper a lot :)


The Bird was out a few times :)


Vacationed in Kelowna BC this past September and explored the surrounding areas such as Kamloops and Revelstoke. Really enjoy the west coast, as one of my colleagues once said you’re a west coast guy – I enjoy the outdoors and am not a stodgy business type.



Keeping in touch with colleagues from past employers its concerning to hear about the changes and struggles within companies these days. Downsizing and outsourcing creates a toxic work environment. Hadn’t worked with people that had taken medical and stress leave before or had colleagues breakdown and cry in front of me – had never witnessed anything like it. Another employer that purchased several software and services companies and has now sold off the business units. Friends in Europe have survived and people in North America are mostly gone. Recently, a software company I worked for closed their Toronto office, fired everyone – a customer called me asking what happened and where he could get support. He told me he heard the company exited Canada – really odd.

For the remainder of the year I’m working on music and relaxing while the winter settles in over Toronto. It’s this time of year I miss my job at HP and travelling to California, Florida and Sydney – much better weather there for sure.

Product Review for ITUnity – QIPoint – A Feature Rich Broken Link Reporting Solution for SharePoint

linksMany organizations have made a substantial investment in technologies such as SharePoint and the business users have embraced the technology for their everyday work. Generating thousands of sites and documents, organizations now have a user experience and maintenance issues managing the links contained with sites and embedded within documents. In many cases, the sites and links have become outdated and their value reduced because the creators of the sites and documents have left the company or moved on within the organization. Additionally, the sheer volume of sites and documents that contain links has grown to the point where it has become unmanageable using manual day-to-day processes. The impact to the user is a confusing experience where browsing results in errors and, as a result, users sometimes cannot carry out job tasks and lose confidence in the content. What’s required to prevent this is an automated process for scanning sites and documents on a regular basis and providing a report to site and document owners so they can best determine how to update the links.

Read full article here

Product Review for ITUnity – FlowForma – A Powerful Workflow Solution for SharePoint

workflowThere are several reasons to consider using workflow tools in your organization. For example, they can simplify, standardize, automate, reduce errors and accelerate business processes. Many organizations have business processes that are cumbersome and rely on a mix of tacit knowledge, email and printed forms that are slow, error prone and unstructured. Some organizations had adopted InfoPath but in January 2014, Microsoft announced that their investment in InfoPath had come to an end. With no recommended migration path in the SharePoint ecosystem, this is where FlowForma shines, with its usability and rich feature set. While some organizations had thought that their processes were too complex to be brought online, FlowForma is proving them wrong. The solution has already been highly successful in automating some of the most complex and fundamental business processes within large organizations.

Read full article here

Migrating to Office 365 or SharePoint Online? Part 3: Update your site and site collection ownership

ownershioMost SharePoint environments have grown organically and as a result the ownership hasn’t been kept up to date with employees, moving, leaving and changing roles. Why be concerned? Keeping ownership up to date is critical to enforcing data and security  policy, communicating migration plans to the business areas and site users. Expect to find many out of date and requiring time and attention to update.

As discovered in Part 2, your Information Architecture for SharePoint whether it be SharePoint 201x and Office 365 or simply Office 365 is critical for several factors such as usability, scalability, compliance and begin touching on your data custodian policy (Site ownership). Focusing on this exercise to document your organizations taxonomy (organizational lingo) and incorporate data and security policy is best practice.

For Part 3, you’re tasked with updating and reporting on all the site collection owners and in some cases sub sites as well depending on how your organization has managed site ownership. In many cases the site collections are owned by a business area with two owners and an executive sponsor to satisfy security, billing and audit requirements. In some cases this ownership is fully up to date and passed audits (have reported on ownership for audits and its 100% up to date). In other cases the ownership has not been kept up to date and audits failed.

Where do you start? The steps for Part 3 include the following:

  • Generate a report on site collection ownership – this script can help if you don’t have tools in place https://gallery.technet.microsoft.com/office/Get-collection-owners-for-13336f43 .
  • Have site archival process and policy ready as some site owners my ask you to delete the site collections rather than deal with the cleanup and preparation. Work with your records Management and or Compliance team.
  • Create and deploy a tool / process for updating site collection ownership. Some software venders offer tools for managing site lifecycle as opposed to developing your own which I have worked with. Here is a good blog on the topic http://community.aiim.org/blogs/mike-alsup/2011/01/31/sharepoint-information-lifecycle-governance. Here is an example of a toolset https://www.premierpointsolutions.com/products/user-request-automation-solution-for-sharepoint/ .
  • Create and deploy a communication plan to reach out to each site collection owners to 1) confirm ownership and 2) update ownership if it’s outdated. Corporate communication policy and process aside, here is an interesting script that might help http://sharepointjack.com/2013/powershell-to-build-a-mailing-list-of-every-site-owner-in-sharepoint/ . The communication must consist of a multifaceted approach for communicating as no one approach will reach the masses. Such as mangers speaking with staff, email, messages posted on corporate Intranet, lunch and learns and coffee talks.
  • Create and deploy an escalation process for situations where ownership cannot be confirmed or reassigned. Work with corporate communications and your SharePoint user group to carry out this step. It must include an executive sponsored process and policy for contacting business owners and or management to request and obtain updated owner information.
  • For those with corporate provisioning systems that are currently being used to provision sites and manage lifecycle, loop in the team that manages the system to provide you with support for your project. This support could be reporting on site ownership, archival status (Retire as opposed to migrate), updates to ownership to name a few.
  • Leverage your SharePoint user (consists of business users) group. It will help communicate site ownership updates, help you get direct business user feedback which is very important. Its surprising how many companies have not yet established an open line of communication with the business.

The team required to carry out this work consists of an executive sponsor, corporate communications officer, Corporate provisioning team, SharePoint Admin, Developer, coordinator and SharePoint Product Manager.

Simple to carry out? Well it depends on the size of your organization (1000 vs 100,000), its culture (traditional hierarchical vs. team and goal centric) and how out of date (10% vs 50%) the ownership is for site collections.

Migrating to Office 365 or SharePoint Online? Part 2: Information Architecture and Control Plan

ExplainIA-Poster1-1024x791In Part 1, we focused on the discovery which focused on six critical reports that detailed your SharePoint farms and business data. Part 1 can be found here Migrating to Office 365 to SharePoint Online? Part 1: How to get started

Part 2 will focus on your Information Architecture for SharePoint whether it be SharePoint 201x and Office 365 or simply Office 365. The focus of this exercise is to document your organizations taxonomy (organizational lingo) and incorporate data and security policy as well. The desired outcome is a series of documents that will help you make decisions, set policy and its consistent enforcement and to configure your SharePoint 201x and Office 365 environment.

Why do organizations struggle with this topic? Information Architecture is a unique skill set very different from typical IT skills of technical infrastructure and applications. Information Architecture requires library science, facilitation and domain (e.g. Pharmaceuticals, health) knowledge because you’re dealing with information, its value in relation to job activities and its classification so it’s surfaced, protected and can be leveraged providing value to the organization. The value of such a role depends on how your organization views the value of its information, complying regulatory guidelines, passing audits successfully and your ability to leverage information assets. The value is compounded when you introduce cloud technologies because now you have a vehicle for storing data on a service residing within a vender’s data center – which introduces data protection risks.

So how do you get started?

  1. Assemble a team that consists of the required skills sets (Information architect/facilitator, scribe…) and business representation. In a small organization this team might consist of a SharePoint Service Manager, Records Manager, Cloud vender and representatives from each line of business. In a large organization team might consist of a SharePoint Service/Product Manager, Records Manager, Compliance Office, Security Officer, and Representatives from each line of business and service management team (Operation team and or service providers).
  2. Review your organizations security policy and understand how that policy applies to protecting information – location, tagging, permissions and ownership chain. This information can be collected from a couple sources such as the Security team who should be able to provide data security guidelines and or policy documents and control plans. Also, auditor reports may also be made available which provides your insight regarding how your environment scored from an Auditors perspective. In general, auditors dislike the distributed permission control within SharePoint and the lack of ongoing data scanning and policy environment – view SharePoint as a black hole of sorts.
  3. Review your organizations data policy and understand how that policy applies to retaining information, tagging and classification. This information can be collected from a couple sources such as the Records Management team who should be able to provide data protection and retention guidelines and or policy documents and control plans. Also, auditor reports may also be made available which provides your insight regarding how your environment scored from an Auditors perspective. In general, auditors dislike the distributed permission control within SharePoint and the lack of ongoing data scanning and policy enforcement – think control plan, more on that later.
  4. Work with each line of business to itemize the documents, applications, people etc. they work with to get their jobs done. This exercise would be conducted for the major lines of business and departments and refined ongoing by working with department SMEs. For example, when I think about corporate information, the following questions come to mind. What information does the business collect? How is it used? How much of it is stored and where? Why is it kept? For how long? Here are some focused questions that will help but keep in mind you require someone that has done this before successfully:
    • What are all the different types of data and how are they classified? Do data owners exist for each data type or aggregate data collections?
    • How is data obtained? From whom? Why? Associated business process and or task?
    • What format is the data in? Application? Documents? Persons contact details?
    • How is data shared? With whom? Why? Associated business process and or task?
    • What are the business information availability requirements? Why?
    • What confidentiality, integrity, and availability requirements apply?
    • What is the legal environment surrounding the organization’s industry and the data it uses?
    • What issues have they experienced in the past?
  5. Once you have completed steps one through four the information architecture for the SharePoint environment(s) is documented to include the environments purpose (e.g. Office for external team collaboration or business partner collaboration), web applications, site collections, site templates (with branding), content types and related meta data (e.g. Dublin Core) and settings such as quotas, permissions settings and information management policy settings. Additionally, a control plan detailing the Information Architecture upkeep roles (e.g. data custodians, provisioning, exception handling etc., monitoring (e.g. site security and data scanning), and enforcement and reporting must be created so that Governance knows how to steer and enforce the Information Architecture. Finally, document any risks that have not been addressed and assign ownership to an executive sponsor whose mandate is complying with data policies and maintaining end user experience.

It’s important to note that your Information Architecture will evolve over time, refining it is very much an iterative process. As they say you cant boil the ocean and if you try, it will be a frustrating and unsuccessful experience. Hence why a diverse team and executive support is so important. Most organizations I’ve been asked to help focus on plumbing and not user experience from an information and content perspective. What’s the use of a highly available environment if the content is hard to find and of no relevance to the business?

Want to read up on the topic?


Migrating to Office 365 or SharePoint Online? Part 1: How to get started

cloud-whiteboardIn a prior blog I outlined a best practice approach for migrating to Office 365. Whether your just getting started or have had some false starts this blog and the series that follow will help you kick off your project or get you back on track. This blogs is written for the technical PM or the technical staff looking for guidance on the subject.

To get started I will assume you have gone through your initial feasibility assessment and are a go. You are now at the stage of building your plan so you can execute your migration. If have not read my blog 12 steps to get to the cloud please read it now so we are on the same page regarding the work required to migrate successfully. For now i will assume steps 1 and 2 are complete, note that step 2 is critical as if you have issues with your farm such as errors and or capacity issues those will impact steps 3 onward – please correct those.

The discovery (step 3) will provide six critical reports that detail your SharePoint farms and business data. For the SharePoint farms, site owners, a detailed inventory of their configuration, customizations, data policy violations, third party tools to name a few. This inventory is very important because there could be elements of your configuration that cannot be migrated to the cloud (e.g. customizations, third party tools not available for the cloud).  For the business data, a detailed inventory of the site ownership, data contained within the sites, meta data, classification and security information. This report is critical to understand SharePoints current state regarding data and security policy compliance. Your records manager and security manager will be able to provide significant guidance in this area. For discovery tools, most venders provide tools for conducting the discovery exercises.

SharePoint farm data includes:

  • Server hardware and operating system information, location, capacity details, SharePoint version and patching details and third party tool/in-house developed add ons/customizations. It also includes a list of web applications, sites collections, sites and detail regarding each. For example, site collection type, features enabled, managed paths, site ownership, customizations consumed and inventory of sites, data, workflows, content types, templates and lists. Some useful scripts if you don’t have tools.
  • Network and security systems must also be assessed to make sure there is sufficient capacity, data policy enforcement tools, process and people in place to ensure compliance – control plan enforcement. This will help come audits to demonstrate compliance. If your not familiar with the topics visit SharePoint Pro for some of my articles and webinar recordings.
  • Security and data policy scans and reports must be completed of production environment to confirm sites are secure. If your organization doesn’t scan again open sites, run scans for NT\Authenticated user and Everyone as this is a security whole in most cases. Also run Credit Card and Personal Information scans as well to identify non compliant sites.
  • Application inventory is a detail view of each application that will be used to access its viability in the cloud or as a hybrid. Working with the business and IT owners to review requirements documentation (Functionality, architecture, SLAs etc.) and assessing workload requirements. For example the application may be an ideal candidate for the cloud running on Azure or it may be so old that it requires updating to run on the latest OS. There might also be interdependencies and latency might cause code to break. Worst case the developers are gone and there is no source control or documentation.
  • Business data  inventory is a detailed review of data residing on the farm with emphasis on data and security management policy compliance. The data on the farm is assessed for compliance to prevent customer data and or company confidential data from being placed in the cloud – security and risk teams nightmare. The data assessment requires a detailed scan of all site collections and sites using a tool (Nextlabs, Symantec, Quest, Metalogix and ShareGate are good companies to work with on this.) that can scan the data and look for patterns such as credit cards, social insurance numbers and the like. The tools also enable you to create your own patterns that enable you to scan on information related to your custom business processes such as account codes.

Key outcomes from this step are as follows:

  • You have an up to date list of site owners.
  • The farm configuration is documented.
  • Customizations and documentation uploaded to source control library.
  • The site collections and sites are documented.
  • Data residing on SharePoint that’s not within policy is listed in a document.
  • Security settings on SharePoint that’s not within policy is listed in a document.
  • Network impact assessment and recommendations.
  • The aforementioned documentation/reports are dynamic and can be updated by running tools.

Once you have the data its time for step 4, Develop an Information Architecture. That will be the next blog.

Have feedback? Would like to hear from you and your experience.

SharePoint Migration Dashboard Template

Migrations are complex and managing end user expectations and activities associated with migrating an end users site more so. If you have a very large environment, using email to communicate will lead to chaos and unprofessional appearance to the business.


To help manage the complexity of migrations I’ve used a Dashboard of sorts in the past. The dashboard is the focal point of the migration activities which include:

  • More professional front for end users and overall project team
  • Communicating the purpose of the migration
  • Scheduling migrations
  • Providing status on site migrations
  • Providing end user support and training
  • Managing communications overall
  • Managing exceptions

The dashboard functionality helps both the end user and IT keep on top of migration activities in a proactive and efficient manner. Its a site collection and sub sites with sample data to help you get started.

Interested in the template? Contact me at roncharity@gmail.com and provide a DropBox or alternative share with room for 20mb.


Comparing SharePoint 2016 and Office 365 – Which SharePoint Is Right for You?

SharePoint2016A few years back choosing a SharePoint technology was simple. You had two choices; 1) SharePoint Server or 2) SharePoint Foundation. Fast forward and now you have SharePoint 2016, Office 365 and SharePoint online. Note that Foundation is no longer offered.

With the approaching general availability of SharePoint 2016, you are likely looking toward the new platform and trying to determine whether it is right for your organization. At one time, the latest version of Microsoft’s on premises platform was your only option for an upgrade, but with the rise of cloud and hybrid computing, those days are long gone. Now, you have a variety of options to choose from – and one of them is probably right for you.

Deciding whether to deploy (or migrate to) SharePoint 2016, Office 365, SharePoint Online, or a hybrid model that combines the two depends on your organization’s compliance, business, and technical requirements. In this blog post, I will review your options and provide steps you can take to make an informed decision on which path to choose.

Getting Started

To get started, you need to obtain requirements and collect supporting materials that will enable you to design your organization’s SharePoint environment. As you tackle the work ahead, you will engage a variety of people that will help you determine which option is best for your organization. You shouldn’t expect to obtain all the information you require on your own – you’ll need to work with various stakeholders to document what is available and create what isn’t available.

The Team You’ll Require

Before you begin the requirements and design process, you must assemble a team that will contribute to both the analysis of and decision regarding which option is best.

  1. Business – This representation is critical and often overlooked, which can lead to poor adoption and perceived failure of a project by the business. The role of the business representative is to provide insights as well as prioritize requirements and substantiate them.
  2. Security and Data Managers – You will need to know your organization’s security policy when it comes to SharePoint – especially if you’re considering the cloud. In some cases you might have compliance requirements and strict guidelines to follow. Staffing your project team with a security manager and records manager is a must.
  3. IT – This includes all the disciplines in the IT department that are involved with technology solutions across your organization. It should include architects, operations (administration, monitoring, and help desk), infrastructure (servers, storage, and network), identity management, and project management.
  4. Third Party – This could include outsourcing partners, product venders, and consultants involved in the project. The best way to identify the parties is to list products incorporated into the solution as well as any parties involved with support and administration. Some maybe obvious, especially if any infrastructure is hosted offsite or third-party staff is helping operate the solution.

To manage the team and decisions effectively, having an established governance policy and team is recommended. Governance will help you by providing:

  • A forum to assess the cultural impact of project and required change management
  • Access to executive stakeholders
  • A forum for expediting activities
  • Guidance and an escalation mechanism for the project team

Comparing the Cloud to On Premises

Before we dive in the options available to you, let’s first review the differences between on-premise and a cloud offering such as Software as a Service (SaaS). The following diagram contrasts on-premises (SharePoint 2016) and SaaS (e.g. Office 365 – SharePoint Online).







Options Available to You

The following are the most common options available to organizations for deploying SharePoint:

  1. SharePoint 2016 – This is the SharePoint most of us are accustom to: SharePoint physically resides within the organization’s on-premises data center. The data resides within the organization’s walls, servers are physical or virtual, and the platform is managed by your organization’s operations team. Hardware (servers, storage, and network) is either purchased or leased from your hardware vender(s) and software is purchased under a licensing agreement with Microsoft. More information
  2. Office 365 – Is a rich offering of Office applications such as SharePoint Online, Exchange Online, Word Online, PowerPoint Online, Excel Online, Delve (for front end search), OneNote, and Sway (to create interactive documents). As a SaaS offering, Microsoft owns and manages the platform, which includes the data centers, and servers as well as storage, network and management tools.  Your organization administers access, licensing, and manages data. More information
  3. SharePoint Online – This is the standalone version of SharePoint available from Microsoft. Unlike Office 365, which includes the full Office suite, this offering is SharePoint only. Similar to Office 365, Microsoft owns and manages the platform which includes the data centers, servers, and storage, network and management tools.  Your organization administers access, licensing, and manages data. More information
  4. Hybrid – This is generally a blend of options 1 and 3. Your organization has an on-premises installation of SharePoint 2016 in addition to a SharePoint Online tenancy. The environments are connected through a trust, sync service, and proxy so that accounts and can be managed and search results are integrated across both the on-premises and online environments.  More information

Do Your Homework to Make an Informed Decision

As you can see, your organization has many options, but which do you chose? First off, it’s not just a technology choice, it’s about making an informed decision so that your organization achieves the expected outcomes. The following steps will help you collect the information required, present the necessary decisions, and get buy in in order to make an informed decision.

  1. Get facts on paper – As you meet with stakeholders and team members, document and distribute information. Document all requirements, decisions, issues, and risks throughout the project – make sure there is measurable traceability. This will be important because projects can take a significant amount of time to complete and people forget what the team agreed to. If you’re on SharePoint already, use a site to house, distribute, and track content. Finally, create a communication plan that details the communications, to whom, how often and the format.
  2. Conduct a risk assessment with the team – The project team must work collaboratively to identify any risks, their likelihood of occurring, the impact if they occur, and a plan for each (e.g. mitigate or accept). The risk plan should be maintained by the project manager throughout the project. Also, the risks should be assigned to the team members to be addressed.
  3. Conduct a data analysis – You probably have multiple data sources in your organizations such as file shares, existing SharePoint farms, and legacy applications such as Lotus Notes. Each data repository must be assessed against your data and security policies utilizing discovery tools.
  4. Conduct a farm analysis – For each existing SharePoint farm, document the configuration (site collections, services, and features activated), third party tools, and customizations. In addition, conduct an inventory of the sites to determine which are using the third party tools, customizations, and if site ownership is up to date.
  5. Define service level objectives and end user agreements – Services levels build on metrics for success and are focused on SharePoint as a service. These metrics include availability, performance, provisioning timeframes, and the responsibilities of each party involved. Responsibilities should include the specifics on what each party is responsible for to deliver the objectives.
  6. Design for functionality, service levels, and capacity requirements – By designing your new environment with functionality, service levels, and capacity requirements in mind, you have substantiated requirements that can be utilized to determine the best platform for SharePoint. This will help you decide whether to utilize physical or virtual servers, or move to the cloud.

Making the Decision

Once you learn about your options, gather requirements, design an operational plan, and gain stakeholder buy in, how do you decide what’s next? The following table will help you decide which option is best for you.



Armed with the information above, you should be able to begin to work through the process of determining which SharePoint option is best for you. Most importantly, your organization must do it homework to determine compliance and data/security policy as well as business, technical, and operational requirements. Once you have completed this work with the appropriate parties in your organization, the decision process will become clearer and easier to sell.

The State of SharePoint Land – Where its been and where its going

discovering_the_soul_of_tibet112aaf1f7a1926bafcbbFor those of you that have worked with we me you know I love what I do. Whether its SharePoint, Guitar or something else I put  in 110% effort. They also know I cut through the vender hype and offer an unbiased viewpoint that sometimes isn’t politically correct. Before assembling this blog I spoke with several peers in the industry and reviewed reports from research companies regarding SharePoint and Office 365 trends.

On the topic of SharePoint, looking back to its beginnings, the wild west comes to mind. What do I mean? Lots of opportunity for software and consulting companies such as installation, backup and monitoring – there was margin in mystery. It was an unknown, many were using eRoom or Lotus Notes (Great products) for collaboration and document management. I remember chatting with Microsoft around 2001 and they said “SharePoints immature at the moment but the next few versions will make a killer impact”.

Most the work I performed was travelling the world providing consulting to executives regarding how to best leverage SharePoint, Lync and Livemeeting. I conducted executive briefings, demos at the customer office or at Microsoft technology centres (for example Boston and New York). I also trained field staff in UK, US and Australia to deliver SharePoint consulting services. My consulting went beyond Microsoft tools and covered topics such as culture and office design (Thank you Chris Hood for your office design insight). Having worked with change management and office design experts I presented a holistic view of collaboration and labeled it “The high performance office” – essentially how to mobilize your workforce. That solution made its debut at TechEd in Boston 2006. From Boston I flew to California to meet with Disney who was preparing the launch of the movies Cars and Pirates and required a collaboration solution to launch movies.

Fast forward to 2016 and SharePoint is now a household topic – people love it or hate it. SharePoint has matured and the availability of skills has increased but its still difficult to hang onto SharePoint people because it requires such a diverse skill set. Toolset venders are struggling because traditional needs (Backup, migration, administration etc.) have declined (become commodity), competition has increased and as a result most are in negative growth with declining margins whether they want to accept that or not. Have you noticed the price reductions and various marketing promotions from some? Heard about the CEOs being fired/leaving? Management team changes and offices closing outside of North America? Sweat shops will continue the churn of staff, hire and fire puzzled by their lack of consistent financial results. I expect more consolidation will occur, companies will shrink to adjust to market changes. Leaders such as HP, IBM and Dell/Quest will succeed because they have diversified (Not SharePoint only) and are marketing focused and not engineering focused. As one of my clients said “If Nortel and DEC had not been lead by engineers, they would still be around”.

So whats next? Once the Office 365 migration wave is over software venders and SIs will have a tough time looking for growth areas. I think of Office 365 projects as “walking the plank”, once your customer has migrated your opportunities are greatly reduced. What are the growth areas? Consulting, Office 365 applications and outsourcing are options for revenues but moving from a traditional software sale and product enablement services model to more complex services model is a tough journey – refer to my earlier post regarding building a services organization. I expect some will fail miserably at this unless they hire an experienced management team, hire more experienced staff and adjust the culture. But this sort of change is a fundamental shift for organizations, the new hires will not necessarily fit in to the old mould the organization is accustom to and young management is generally arrogant and inexperienced. Some say they have had their day…

Have feedback? I’m always interested in hearing from others and can be reached at roncharity@gmail.com