A new study from CMS Watch warns CIOs that implementing SharePoint, Microsoft's Web-based collaboration and document management platform, requires a team of crack consultants, .NET skills and due attention to governance to make it work across the enterprise.
"Just because SharePoint is easy to install and because it works pretty well out of the box for simple file sharing, does not mean that it is a simple platform," said Tony Byrne, founder of CMS Watch, an Olney, Md.-based analyst firm that bills itself as vendor-neutral.
Don't get him wrong. The wildly popular SharePoint -- it's the fastest-growing product in Microsoft's history -- has plenty of out-of-the-box appeal. The Windows SharePoint Services product comes free with the Windows Server operating system. It's easily installed by your average business user. "The power is really alluring," Byrne said, "but the perils are manifold as well."
CMS Watch, which likens itself to a Consumer Reports for buyers of content technologies, spells out its reservations in a 241-page evaluation of SharePoint. The report assesses the product's suitability for the enterprise in nine business services, including collaboration, enterprise content management, business intelligence and application development.
A "fairly complex platform," SharePoint is Microsoft's first .NET application development platform, Byrne said. As such, it is well-liked by the software giant's many channel partners. "We describe it as more consultant friendly than customer friendly," he said.
Bottom line: Enterprise customers are increasingly turning to Microsoft partners to provide capabilities where the platform is lacking or underperforms.
Strategic dilemma when implementing SharePoint
The strategic dilemma for any customer, Byrne said, is how much to invest in the third-party expertise needed to make SharePoint work for the enterprise.
CMS Watch claims "no inside dope" on what SharePoint will look like in its next iteration, except that there will be a next version. Microsoft's MO is to identify the useful and interesting third-party tools developed around its products and replicate them in the next version. "It is rare that they acquire the company," Byrne said.
In other words, CIOs looking for help implementing SharePoint could hire a vendor that might not have a lifespan measured in decades. Bryne recommended doing due diligence on systems integrators, but even a short-lived investment in outside expertise might be the prudent way to go.
"There are certain areas at the enterprise level, for example around backup and performance and archiving, where I would encourage bringing another vendor into the mix, despite the risks," Bryne said.
While you can "install and forget" SharePoint for very basic file sharing, he said, that does not hold true for more complex document management. If you want to do imaging, for example, or manage documents requiring complicated enterprise taxonomy or a more complex rules-based workflow, "then you kind of leave SharePoint behind." An example of the latter would be an expense form that you might want to route one place if it is under $1,000 and another place if it exceeds $1,000.
"What SharePoint gives you out of the box is an expense form and an easy way to route it to your manager, without the intervention of developers. And that is good. But as soon as you need a little more intelligence than that, then you need a .NET developer to get into the guts of the system," Byrne said.
To avoid being overly dependent on outside resources, Byrne recommends you have .NET experts in-house. "You cannot overestimate the need for SharePoint training among your own staff."
Governance is first order of business in any SharePoint implementation
As far as security issues, Bryne praised Microsoft's improvements on its previous SharePoint version. In particular, he cited the ability to lock down content at a file level, as opposed to just a folder level.
That said, he points to two "really big issues" with security. The first is that the levels of access control available out of the box are "coarse-grained." That can be modified, but it takes some work. The second challenge is the difficulty of establishing security policies across multiple instances of SharePoint -- over many team spaces, forcing you "to replicate, enforce and modify different security components in a lot of different places," he explained.
"That is really a subset of the broader issue of enterprise administration with SharePoint. You end up more or less monitoring and administering a series of autonomous departmental implementations as opposed to an enterprise-wide implementation," Byrne said.
Indeed, a governance structure is imperative, "so you are not just throwing SharePoint at the business and not just letting them throw SharePoint at you," Byrne said. Rules and conditions should be set, in particular for the development of new team places.
Analyst Mark Gilbert, author of the October report "Can the CIO Survive Microsoft SharePoint?" from Gartner Inc., agreed that it's important to provide guidelines so usage does not create administrative, technical or compliance problems. He recommended using a SharePoint "site request form." Questions about the nature of the site, who owns it, what types of data will be stored there, is there a need for workflow or imaging, etc., will help drive governance and regulatory compliance.
"Our discussions with clients and systems integrators who are using this approach demonstrate that it is very effective at reducing rogue site creation and sprawl, and as a result can aid significantly in terms of planning and compliance," he said.
Gilbert also advised CIOs to think about the strategic role SharePoint should play in the enterprise as an information infrastructure and whether it can co-exist with other applications. On the tactical front, he urged CIOs to "leverage the burgeoning partner channel" to fill gaps, especially for geographically distributed implementations and application rollout.