We sat down with three of our Microsoft MVPs Tobias Zimmergren, Erwin van Hunen, and Waldek Mastykarz to talk SharePoint. What followed was an intriguing conversation which formed the basis for this MVP blog series special. In this weeks installment, Tobias and Waldek talk about governing, managing and mitigating SharePoint application risks.
Blog posts in this series:
- MVP Take: Deprecating features in SharePoint – are you prepared?
- MVP Take: How do organizations use and extend SharePoint?
- MVP Take: What are the consequences of extending SharePoint?
- MVP Take: Govern, manage and mitigate SharePoint application risks (this article)
- MVP Take: Where are your SharePoint applications?
- MVP Take: How do you consistently maintain SharePoint applications
Tobias Zimmergren is a 10 year Microsoft MVP and works as product Owner at Rencore. He plans, architects and develops software and distributed cloud systems.
Tobias: “You can mitigate SharePoint application risk in various ways, and a good application governance plan is really important and should consist of the following:
- An inventory of how and where all applications are being used
- How applications are being linked
- An analysis of the contents of every single application
- A tight grip on general practice
You should plan how you implement applications, train users, power users and citizen developers. I recently had a discussion with someone in the community about citizen development and the summary, after pointing out both advantages and disadvantages, was that citizen development isn’t a bad thing – it’s a very good thing because it can help you increase the return of investment (ROI) from your SharePoint. But a lot of time, you don’t know what’s being modified, what’s being changed, what scripts and third-party libraries are being used. This is where the risk comes in but being aware and mitigating these risks is the key to extending SharePoint safely.
So, your plan for mitigation should be the following:
- Discover what is in your SharePoint environment
- Plan for application governance
- Plan for training
We have talked about our training – 15 years is a very long time. As a consultant, every day is training. It’s very important to understand the risk but also the possibilities you have going forward and extending SharePoint effectively and securely.”
Guiding hands will help you deploy SharePoint solutions to production safely.
Waldek Mastykarz is a 10 year Microsoft Office Development MVP and Product Owner at Rencore. He reinforces our product development and is also a member of the SharePoint PnP Core Team
Waldek: ” So, to summarize, you would train users to become more aware of the things that they are about to change so they can make a correct judgement on what to change – not just how to make a change.”
Tobias: “Yes. I would never say avoid extending SharePoint or don’t be a citizen developer. Most organizations are benefiting a lot from having people outside of IT who can quickly go in and change a list or add a web part. It needs to be this way because one of the great things about SharePoint is the extendable capabilities. It’s important to understand the consequences of a poorly governed SharePoint environment where users fail to comply with industry standards.”
Free Risk Assessment
Rencore’s Risk Assessment will help you discover application activity in your SharePoint environment and highlight the requirement’s needed for application longevity. Furthermore, it detects real production security issues and builds a risk report based on your data. Learn about quick wins for application security, governance and mitigation when extending SharePoint. Try our Risk Assessment for free today.