SPTechCon Preview

I am going to take a break from my normal style blog entry to talk about that banner off to the right. SPTechCon is next week, and I will be speaking there on Friday. If you are attending the event, I hope you will attend my presentation. If you are not attending SPTechCon, or can’t make my session, I want to let you know what you are going to miss.

My presentation is about extending application systems to include SharePoint (or not). Actually, that is the subtitle of my presentation – the title is “Where Angels Fear to Tread”. This is not only my presentation, it is my job description at the moment. We are working to access SharePoint from our in-house developed applications, and to use SharePoint to augment and even replace some of those systems. The goal is reasonable, the benefits are obvious but my concern is control. How do I control SharePoint with the same level of confidence that I have with SQL Server or DB2, or my applications for that matter? You might ask “why is he so concerned over controls?” I can answer that in seven letters ‘Auditor’ – financial auditors and auditors from the State of CT look at the way that we control our automated systems. Years ago, I used to audit systems controls for Peat Marwick; now I am on the other side of the desk.

The good news is that I think SharePoint can be controlled well enough to be a trusted platform for application systems. The bad news is that it involves more work than many people might want to take on. The reason that SharePoint is hard to control is the same thing that makes it great, the fact that it ownership is distributed. Distributed control can result in some amazing failures when the developer (me) relies on data or documents being available to an end-user that someone else made unavailable at a later date. Remember, you can make things unavailable in SharePoint by deleting them, moving them, renaming them or by changing permissions.

I can think of three main ways to control SharePoint. First, you can educate your user community on the importance of controls, and… OK, I can’t finish that sentence without laughing. It’s not that our users don’t care about security and control, but educating them to the appropriate level would require them to know way more about SharePoint than they care to know. A second approach would be to combine SharePoint audit features with workflows and carefully crafted permissions to make the SharePoint environment secure. It won’t be as secure as an application system, but someone would have to work hard to eliminate or circumvent controls. The third approach is the Star Trek approach, inspired by all the times Jean-Luc Picard ordered Georde LaForge to “extend the Enterprise shields around…” some inadequately protected object. In this last case, the application system has to monitor and control the SharePoint environment. This is actually easier than it sounds, it gives me greater comfort and it is fast becoming my favorite approach.

If you are attending SPTechCon next week, consider attending my session. I know it is a hard choice, there are several sessions in my time-slot that I would like to go to. As an added incentive, I am also offering a chance to win something with the word ‘nuclear’ on it. If you are not attending SPTechCon in Boston, consider attending in San Francisco in February 2011; in my opinion, SPTechCon is the best SharePoint education conference out there. There are so many great sessions on the schedule that I am having a hard time deciding what to attend during every time slot.