5 Thoughts – The Ashley Madison Hack


cube-482035_640As most of you know by now, Ashley Madison (“Ashley Madison is the most famous name in infidelity and married dating.” quote from their site) was hacked last month and much of the data the hackers stole was released this week, on the dark web. Like many of you, I’ve been reading bits and pieces of the saga. Anyway, here’s five things that struck me about the whole affair:

  1. With a 6:1 ratio of men to women, a guy’s chance of “getting some” via AM are slightly less than they were in high school.
  2. Anyone (private sector, public sector, military, whatever) stupid enough to use a work email address and corporate assets (computer, network) to access AM ought to be dealt with according to corporate acceptable use policies and morals clauses in their employment contracts. It’s akin to using corporate assets to surf porn; just don’t. For what it’s worth, I don’t believe that morals clauses belong in employment contracts. We’re all adults and what I do on my own time is none of my employer’s (I don’t actually have one) business, provided it can’t be linked back to an employer and cover them in poop.
  3. There are a lot of morally superior and judgemental people on the planet. What they’re losing sight of is: 1 – Other people’s lives that don’t affect you are none of your ******* business; 2 – the hack was a criminal act. FULL. STOP.
  4. If what the hackers allege about AM’s security and not cleaning out data is true, the folks at AM are monumentally, irredeemably, irrefutably stupid and negligent.
  5. Lawyers and lawsuits – that didn’t take long. Tied with “Holy crap did we all of a sudden get a lot of downloads”, said the folks responsible for the TOR browser.

Apologies for jumping on the bandwagon and adding to the nonsense.

The Hybridization of EFSS and ECM


work-in-progress-24027_1280Consumer and enterprise file synchronization and sharing popped up because people needed a way to easily share and collaborate on business content. This gave rise to the “Dropbox problem”, which is just stupid and ignores the real problem; organizations didn’t provide their people with policies and tools that allowed them to GSD[1]. Today there are plenty of options, consumer and business grade, that provide a cool experience with the security and controls that business and IT need.

Organizations that haven’t sanctioned business grade file sync and share are foolish and open to a world of pain. If they think that their people aren’t chucking content around in the wild, well, think again. Go fix that problem, it’ll take all of 5 minutes.

The bigger problem today is figuring out what goes in the cloud and what doesn’t, and then providing access to it (don’t use this as an excuse to do nothing, start with something easy and low risk). The reality is that, for any number of reasons, not everything can be chucked into cloud based repositories. Even if an organization were committed to putting 100% of its content and processes into cloud services and repositories, that would not happen overnight. That reality means many, many organizations are going to require hybrid solutions.


Cloud On-Prem Arch


The image above is not an unreasonable representation of what many organizations are faced with. It’s fair to say that even if you remove the cloud based services, organizations can’t adequately provide a single point of access to all of the on-premises content people need on a day to day basis. The problem is exacerbated when that content must be shared and collaborated on by disparate groups of stakeholders. Now add in other information governance and management requirements, such as metadata, classification, retention-disposition, e-discovery, process integration, legal and regulatory compliance, and security and the challenge is more difficult still. Toss in some cloud services and repositories and what do you end up with?

The real initial challenge was conceptually pretty simple: “I want access to content from wherever I am, using whatever device I want, and I want to work on that content with whomever I need to work on it with.”

The likes of Google, Dropbox, Microsoft (OneDrive, not SP online), Box, etc. solved that problem, but in doing so created other problems, both real and perceived. The perceived problem they created was a security one. Trust me, it’s less of a problem than most organizations storing stuff in their own data centres or networks is. The real problem they created was around information governance and management, which is a strong suit of many Enterprise Content Management (ECM) vendors.

ECM vendors like Alfresco, EMC (prior to selling off Syncplicity), OpenText, and Oracle tried to solve the initial problem, and did a fair job of it. The big problem there was cost. In order to use their file sync and share capabilities you had to be using their repositories. Sure, you could opt for a cloud deployment, but you’re still running a full-blown ECM platform (which is not necessarily a bad thing).

Google, Dropbox, Microsoft, Box, Alfresco, OpenText, and Oracle all work on the premise that your content is in their repository. If it isn’t, oh well. Syncplicity allows access to Documentum and SharePoint content, so I’ll categorize that one as a not quite semi-open option, though it does work on-premises and in the cloud.

Accellion, AirWatch (VMWare), Egnyte, and Citrix all offer hybrid solutions that may or may not work with ECM repositories in a limited capacity. However, from what I’ve seen from some of those guys the user experience is not always, shall we say, pleasant.

Of the ten vendors I’ve identified, not one is capable of providing secure, mobile access to all an organization’s content, and governing and managing it. Not one. Go and check out the latest Gartner (MQ) and Forrester (Wave) reports ranking the best of ECM and EFSS (silly market categorization); of all the vendors in those reports combined, not one can provide that combination of access, search, security, and governance.

Now, if a service were providing access to content in an ECM repository there would be no real need for that service to also provide all the information governance and management capabilities. Maybe I’m making the problem bigger than it really is. On the other hand, OneDrive, Google, and Dropbox have no governance / management capabilities to speak of, and what’s available from Box is 1st version functionality that has improving to do.

As far as I’m concerned:

  1. The initial problem has only been partially solved;
  2. There was not, is not, never will be a “Dropbox problem”;
  3. Sharing and collaborating on content is easier today than it was a couple of years ago;
  4. Platforms, apps, and API’s are the way forward;
  5. There’s still a long way to go, but holy crap have opportunities for innovation and transformation opened up.

[1] GSD – Get Sh!t Done

Jeetu Patel Joins Box – 5 Things I Like About This


Jeetu_Patel_color_1His intentional, horrible pun 🙂 aside, Jeetu Patel joining Box is a major big deal for the following reasons:

  1. Any time you can scoop a competitor’s senior executive away, you’re doing something right. Patel is a veteran in the content management, collaboration, and social spaces and understands them really well and knows how to succeed in those spaces. Will Wall Street understand the potential impact of Patel’s move?
  2. Jeetu Patel has major ECM and information governance chops. I’d be seriously shocked if he’s not going to imbue some of that background and thinking into Box.
  3. He just gets that it’s all about content as a service and apps on top.
  4. He’s seen the good, the bad, and the ugly when it comes to managing and collaborating on content. My feeling is that he’ll be really good a finding that elusive balance between control and usability.
  5. Jeetu’s hiring is another justification for what I’ve been saying for ages; EFSS must die and the right vendors, Box among them, are going to be the new generation of ECM.

Enterprise File Sync & Share Should Just Go Away


Image source: https://www.flickr.com/photos/125799907@N07/15386549097Gartner released their 2nd annual Enterprise File Sync & Share Magic Quadrant (EFSS MQ) recently (2015-07-22). Coincidentally, this is my 2nd annual post taking issue with it.

It’s not that I’m denying the existence of vendors that provide EFSS capabilities, I just don’t think that they deserve a market all their own. EFSS as a unique market is pretty much next to useless. Without being an extension of other markets or software categories WE. DON’T. NEED. IT. And don’t even get me started about the definition of what the market actually is. I read Gartner’s description and, if it were describing an animal, it would be a hippo-leprechaun-smurf-wombat-grouper-shark-budgie-chipmunk looking thing with a unicorn horn for a willy. Or maybe a light sabre – I dunno.

File synchronization and sharing capabilities are required for doing business today. Whether you get them from a so called EFFS vendor, an ECM vendor, or a collaboration vendor makes no difference. Hell, maybe your use cases and environment mean you’ll need all three. What matters is that you’ve got a bunch of information that you need to get to a bunch of people that may or may not have yourorg.com email addresses. What matters is that all this information needs to be governed, managed, secured, and integrated into work processes. EFSS tools that don’t do any of these things are plug-ins to other stuff (nothing wrong with that). EFSS capabilities that are found in other stuff are, well, functions in other stuff (nothing wrong with that either).

I hope by this time next year there won’t by an EFSS MQ, Wave (a Forrester eval thing), or any other thing defining EFSS as a unique market. I hope, instead, that we’ll start seeing EFSS capabilities as must-haves in other markets, like, I dunno, ECM for instance. And instead of just sitting around hoping, I’ve done something about it.

Check out The Next Generation of ECM, a Box sponsored whitepaper (no pitch, no registration). It lays out my thoughts about the coming changes – driven by EFSS – in the ECM market.

If you want to get your very own copy of Gartner’s 2015 MQ for EFSS you can head over to this post on Box’s blog and click away.

Dear Recruiters & Hiring Orgs


horse-shoe-110987_640Over the last couple of weeks I’ve been approached by recruiters that wanted to chat with me about taking on some Information governance and information management work. Two of the opportunities are in Calgary, a little over 300kms from where I live, the other is local. One was for a credit union, one for a pipeline company, and the last for a provincial government ministry. All three organizations are looking for a senior resource that could deal across the enterprise to get programs in order, drive change, and be THE subject matter expert for all things related to governing and managing information.  The proposed rates are as follows:

  • Credit Union in Calgary , 3 days/wk onsite – $70-$75/hr, no travel expenses
  • Pipeline company in Calgary, 5days/wk onsite – +/-$90/hr, no travel expenses
  • Gov’t ministry in Edmonton (local) – $70/hr

Travel alone would cost me approximately $350/day, plus the mileage to drive between Calgary and my home (approx. 600km*$0.48/km = $288/trip). Add the expenses up, and over a 5-day week I’d need $51.25/hr just to cover my expenses. Obviously the travel thing isn’t an issue for local projects.

The travel thing is bad enough, but what really gets me is the total lack of value a recruiter or client places on my time or skill. These people have to understand that what I know and do is not a commodity skill set. I didn’t just learn this stuff in school last year. I, and my peers, spend a ton of time educating ourselves and getting better at what we do. We’ve got many, many years of experience that makes us the experts we are. We are not a bunch of generalists that are a dime a dozen. In every sense of the word we are professionals and deserve to be treated, respected, and compensated as such.

The other thing that really bugs me about this situation is that it’s indicative of many organizations not having a clue about the value of information. Information is an organization’s most or second most important asset. By going cheap on the resources that they’re trying to engage, they are going to get burned; it’s like hiring a barely qualified bookkeeper to manage financial assets. IT. WILL. END. BADLY.

You’re all familiar with ERP, right? Nobody complains when an SAP consultant comes in with a high hourly rate. They bring skills and experience that are hard to find, and they deserve to be compensated accordingly. As I told an executive at a Swiss bank several years ago, “This stuff’s (ECM) way harder than ERP.” He agreed. Prior to his role then, he’d spent 15+ years working on SAP projects, and we were about 3 months in on an ECM project. The way I figure it is if one is willing to pay premium rates for the skills needed to manage an organization’s financial assets, one should also be willing to pay premium rates for skills needed to manage information. After all, not everyone in an organization touches or is touched by ERP, but if it’s done right every soul in an organization and all their stakeholders ARE touched by information, whether they realize it or not.

My billing rates aren’t cheap, but they are reflective of my experience, skills, and the value I add. I’m nowhere near as expensive as the big consultancies, by the way. I understand the current situation with the Canadian economy and that our currency is taking a massive beating right now, but that does not mean I will be bent over just to win a project. It means that if there’s a good match between me and the potential client, I will be flexible, within reason.

If organizations are going to get serious about governing and managing information, and leveraging it as the asset it is, they are going to have to pay for the expertise they don’t have in-house. If they continue to try and cheap out, well, you get what you pay for. Good luck to ‘em, here’s a couple horseshoes.

Ah Linked, Are You Worth It?


LinkedIn_logo_initialsSo the bright sparks at Linkedin thought it would be a good idea to no longer let me export my contacts.  Read that again – MY CONTACTS – not theirs. So that got me thinking about the value of Linkedin to me. Note that I am not paying for Linkedin other than with my data and privacy.

Update – it appears enough LI users objected and we can once again export contacts, for now.

My Profile

Apparently my profile strength is at All-Star level; that’s pretty cool. Know what’d be even cooler? Being able to prevent anonymous profile views. Hey, the way I figure it is if you’re gonna check me out at least have the stones and courtesy to let me check you out as well. Granted this may not entirely be LI’s fault, but you’d think that after this long they’d figure out that some of their users don’t want to be viewed anonymously, and allow us to set our profiles accordingly.

Pulse

Mostly fluff or pitches. Very little of what I see on LI Pulse is worth my time. LI told us it was a content platform. Yeah right.

Endorsements

Thanks to all who’ve never met me or worked with me for all those endorsements for a bunch of skills I don’t even have. Yup, I could go and delete stuff, but it’s not worth the effort.

Recruiters

Oh yeah, get found for that ideal job. It’d help tremendously if recruiters actually read my profile. I took the time to put it together, including links to my resume (which is mostly up to date); the least you could do is read it. In the years I’ve been using LI I’ve been approached a lot by recruiters. From all of those approaches I think maybe three have been relevant.

I saw this on twitter today (July, 31, 2015). Draw your own conclusions. I’m fully expecting to see stuff from deposed African princes any day now. And yeah, I have no objection to naming and shaming when it’s deserved.

LI Stupidity

Groups & Discussions

More pitches than real discussions. Twice I had someone pitch their products/services in response to discussions I had started. Not cool.

Connections

I’ve got more than 700 connections, and a cull is overdue. It seems that most connection requests I’ve been getting lately have been from scammers or people that want to connect for no other reason than to increase the size of their network. Uh, not gonna happen. I use a handy, dandy flowchart to help me decide whether or not to accept a connection request.

LI Connection Request

LI Connection Request Workflow

Here’s an example of a good connection request:

Best connection request ever

Best connection request ever

Value

The value I get from LI comes from the ability to check out people I’m potentially going to be working with. That’s useful to me and I am hesitant to give it up because it may expose me as a hypocrite. See, when I look someone up and they’re not on Linkedin, I immediately react negatively towards them. Hey, it’s harsh and unfair, but that’s the age we live in today. LI is also an easy way for me to promote content, via Pulse and the groups I belong to.

I’m still not certain how long I’ll stick with Linkedin. Will I no longer be “legitimate” if I kill my account? I don’t know. And I’m not sure if it’s a risk I’m willing to take right now. It comes down to deciding whether the value I gain is enough to offset the nuisance that LI has become. Surely I’m not the only one thinking about this.

Microsoft Signs GE – Good or Bad for Box?


Satya and AaronOn July 19, 2015 it was announced that Microsoft landed GE as an Office 365 customer. A little over a month ago Box for Office Online was announced. Now, the Box-MSFT thing isn’t really a partnership in the sense that Box-IBM is, but it is more than just OEMing or white labelling, it seems to me. It also seems that, if cards are played correctly, the MSFT-GE announcement could prove to be quite good for Box.

First of all, I do not have any knowledge of how GE is using Box or how many folks at GE it’s been deployed to; everything in this post is speculative on my part. Anyways, what follows is my pretend version of a fictitious conversation between Aaron Levie and Satya Nadella (apologies in advance to both – no disrespect is intended).

Satya and Aaron chat about the O365-GE deal.

And there you have it. Can Box leverage the opportunity that’s in front of them? I know how I’d play it if I were Aaron Levie. However, if GE opted to go with OneDrive (why would they?) this story could have a less than happy ending (in the GE context, I mean).

The Sky’s NOT Falling – A Missed Opportunity


sky-is-fallingI read Use of File-Sharing Service Leads to $218,400 Fine for HIPAA Violation this morning (2015-07-17); it set me off.

I have no issue with the facts as reported in the article; what I do have issue with is the complete lack of balance. The article is written by Eric Packel of BakerHostetler (law firm in a buncha U.S. cities). As a lawyer, as someone who advises and counsels, he should know better than to leave things as they ended in the article. Yes, the company in question screwed up by stuffing a bunch of sensitive data in what I can only assume was a consumer-grade or mickey mouse type of cloud based file sharing system. They got what they deserved, hopefully learned a lesson, and hopefully not too many patients were compromised or inconvenienced.

No, what really, REALLY irks me about the article is that Eric did not conclude with concrete advice on how to prevent this type of situation. As a consultant, it’s my obligation to provide advice whether it’s directly on a client engagement or when I’m writing a post or article; and I hope I meet that obligation. The author of that article has the same obligation as I do, albeit at multiples of my billing rate.

It would have taken about three minutes to write a closing paragraph along the lines of …

“Hey! Don’t let this happen to you. There are many, many (130+ according to Alan Pelz-Sharpe until he stopped counting) cloud-based storage and sharing services out there. Pick one that’s certified for [whatever you need] and go. And don’t forget – you can outsource data but you can’t outsource accountability (paraphrasing Ann Cavoukian – former Info & Privacy Commish for Ontario).”

… how hard was that?

As it is, Eric feeds the FUD (fear – uncertainty – doubt). The cloud deniers have another “holy cow look what happens when you store stuff in the cloud!” incident to feed their paranoia.

Eric, buddy, you missed a glorious opportunity to make your point and educate the market a bit.

Box Announces Governance – Another Step Towards #ECMnext


mis-megaphoneSo Box came out and announced Box Governance this week. For those of you thinking that Box is just one of the surfeit of file sharing providers on the planet, think again. Box has been steadfast in stating that they are providing content management and this week’s announcement is further proof of that.

Box Governance provides three important capabilities: 1) Retention Management; 2) Content Security Policies (really should have something about “sensitive information” in the name); 3) Defensible eDiscovery. While having these capabilities available is in and of itself a major step forward, it’s also important to note that organizations that choose to deploy Box can now claim compliance with a number of government and industry regulations and standards (e.g.: PII, FINRA, SOX, SEC 17a-4). However, the most important thing about this announcement, in my opinion, is that it serves to remove additional barriers to including Box in the conversation when talking about Enterprise Content Management vendors (pay attention Gartner, Forrester, IDC, et al). Coupled with Box’s Enterprise Key Management (my post on the topic) announcement earlier this year, organizations relying on FUD (Fear, Uncertainty, Doubt) to exclude Box from consideration are losing rationale for doing so. Security and information governance are what separates true managed content from just another shared drive, and Box has them. Bleat all you want about cloud not being secure and cloud content repositories being unmanaged messes, it’s not working anymore.

Since BoxWorks last September (my thoughts) Box has made a number of feature additions, announcements, integrations, and alliances that are moving it closer to being able to deliver the right balance of System of Record and System of Engagement. At this point it’s still a little ugly and cumbersome for administrators to configure the backend to deliver the various governance, workflow, and security bits to work properly, but that’s what the team at Box Consulting is paid to help with. Those paid to worry about security, legal, regulatory, and audit have less to worry about now than a few months ago. From a content consumer/contributor perspective it’s all pretty slick and that’s what it’s all about.

It’s no coincidence that a white paper I wrote for Digital Clarity Group was released yesterday. The paper is about the next generation of ECM (#ECMnext) and how Enterprise File Sync and Share (EFSS) platforms will provide it. We’d (Box, DCG, me) love to get your thoughts on the paper. Feel free to reach out to any of us (you can reach me via email at chris.walker@phigsimc.com as I am no longer with DCG) to rant or rave. There’s no data collection, fees, marketing gates or other intrusive nonsense to get the paper, so download The Next Generation of Enterprise Content Management to your heart’s content.

Image taken from http://ontheedge.dezignstuff.com/survey-ends-today/1404/mis-megaphone

The Metamorphosis of Enterprise Content Management


Butterflies

Image by Luna sin Estrella, used under Creative Commons 2.0.

Regardless of what you’ve been hearing, Enterprise Content Management (ECM) is not dead. For years ECM has been harangued as being overly cumbersome, overly expensive, overly difficult, and underwhelming when it came to delivering benefits. That’s all about to change…

The manner in which ECM is delivered is going to change. Taking a cue from what consumers have come to expect in terms of the technology they use for personal reasons, a subset of Enterprise File Sync and Share (EFSS) vendors, led by Box, are emerging as purveyors of ECMnext – the next generation of Enterprise Content Management platforms. The focus is on how and why people create, consume, and share content, supported by a foundation that provides the security and governance required in today’s digital business environment.

This whitepaper explores the short-comings of legacy ECM platforms, and how ECMnext vendors can step up and deliver what we’ve wanted out of ECM all along. While there’s still a ways to go for ECMnext platforms to be able to completely replace legacy ECM platforms, the basic building blocks are in place and the roadmaps are pointing in the right direction.

You can download the whitepaper directly from here.

If you need a little more evidence that ECM is changing, take a look at Box’s announcement about their governance functionality: Introducing Box Governance – Delivering Control and Compliance in the Cloud.

If you’d like additional insight, this 15 minute podcast from February 2015 features Connie Moore of Digital Clarity Group and me discussing EFSS and ECM.

%d bloggers like this: