SharePoint 2013, on-premises, and SharePoint Online (a component of Microsoft’s Office 365 application suite) present stakeholders with a set of challenges. Perhaps this is nothing new, and normal for any decision to implement a computer technology solution for a specific organization, and its unique set of characteristics. But for any organization with a long-standing commitment to SharePoint, planning a migration to either platform from a predecessor can be especially daunting if a set of custom applications already exists. In this case the question becomes one of how best to migrate this already amortized investment in custom software over to a new platform.
The introduction of the Office and SharePoint App Model certainly did little, if anything, to make the process of deciding on a best path forward any easier. A lot has been written on this topic. We are participants in this process as anyone running a search for the keywords App Model on our site will note.
There is another article on the topic which readers may find helpful. Matthias Einig, a SharePoint Server MVP has written a piece titled Custom Code: The Missing Piece of the SharePoint Governance Puzzle. I recommend readers take a look at Einig’s article. By considering the process of building custom solutions for SharePoint from the perspective of governance, Einig, in my opinion, illuminates what will likely amount to another gap in a typical migration plan for the usual community of SharePoint users planning to upgrade to either SharePoint 2013 on-premises, SharePoint Online, or a hybrid computing scenario built with both components.
As anyone with experience will likely attest, reverse-engineering code already in place, but undocumented and without clear authorship can be a very difficult (not to mention costly) challenge to correct. So Einig, in my opinion, is absolutely correct pointing out why any plan to build full trust custom solutions for SharePoint should start with mandatory requirements for clearly defined authorship and system documentation.
I also think he is absolutely correct presenting the respective security considerations posed by the new Office (SharePoint) App Model and the traditional approach to building custom solutions with full trust components. He may understate the obvious takeaway, which I will put forward here — there is no clear simple solution for this security consideration, so, if for no other reason, than simply to ensure a solution is chosen which does the best possible job of supporting system security, stakeholders must very carefully consider just how they are going to proceed (and the ramifications of any path they may opt to take) before stepping forward even an inch on the task.
If organizations spent more time following the steps Einig defines in his article and, perhaps, some of the complementary pieces he cites in his presentation, SharePoint may actually perform better in an enterprise content management (ECM) role than other writers have recently expressed. I wrote about a couple of these in the prior post to this blog.
©2014, Ira Michael Blonder & Rehmani Consulting, Inc. All Rights Reserved