Taps ‘n’ Apps: Craft Beer Meets the Cloud


Note: this post contains links to every craft brewery in British Columbia and Alberta that I could find. Sadly, I have yet to sample all of their wares.

Village Brewery - Tour 08Anyone who’s been paying attention lately, or who has met me in person, knows that I’m fairly passionate about Information Management and Craft Beer. Depending on the day, my passion for one is slightly higher than my passion for the other. What does one have to do with the other? I’m glad you asked. Please bear with me, this may take a while. Three things happened that resulted in a new vision for me:

  1. In late June at a networking event in Calgary I met Chris. Chris is one of the co-founders of Caravel Craft Brewery in Calgary. Over a couple pints of IPA from Last Best Brewing, Chris and I started chatting about beer. It turns out that we both love beer, though he knows a ton more about it than I do. My expertise is limited to knowing what I do and don’t like.
  2. A few weeks later, just prior to the Calgary Stampede, I saw a feature on CBC News about craft beer being shut out of official Stampede events because one of the Big Beer companies had the beer contract. One of the guys from Tool Shed Brewing was talking about how there is more than enough space and thirsty Stampeders for all to benefit. And, what better place and time to showcase all the wonderful Alberta craft beer producers.
  3. A snarky comment about whether a tour of Village Brewery could be used to make money led to a “why not” moment. I took the picture in this post during that tour, by the way. I also ate a cascade hop pellet – that was a mistake.

So far I’ve been able to find 156 craft brewers in British Columbia and Alberta. Starting with Alberta, I decided that I was going to reach out to all of them and pitch my services to them. I mean, they have a fair bit of paperwork to deal with, right? They produce alcoholic beverages which means much governmental regulation stuff to deal with. They use big shiny equipment which means maintenance and safety stuff. They do stuff which means various types of operating procedures. I’m betting that there is a lot of paper to deal with in a craft brewery and I want to help brewers get rid of it as much as possible. Basically, I want the brewers to be able to concentrate on brewing great craft beer, not pushing paper around.

So I wrote to all the breweries in Alberta telling them what I wanted to do and why. The first response I got was a phone call from the CEO of a brewery located in Calgary. The dude called within 15 minutes of my email and we chatted for about 20 minutes. However, he wanted to chat about craft brewery specific ERP (there is such a thing) rather than content management. So now I’ve got to go and reach out to a bunch of brewery management software vendors, mobile app developers, and consultants to see if we can collaborate (I think we can).

There is a market there, but information management / governance is not the springboard (something I’ve said for some time now, frankly). It’s going to rely on solving the immediate challenges the brewers have and moving on from there. I’m not saying IM and IG aren’t important, they’re just not the immediate need.

So what does the above have to do with the Cloud? Well, a lot, actually.

One of the really cool things I’ve noticed about the craft beer community is that it’s, well, a community as much as it is an industry, maybe more. Despite being competitors, craft brewers collaborate, a lot. Not only do they get together and jointly concoct sudsy, hoppy wonderbeers, they invite others to have guest taps and share brewing facilities to help each other out.

Now, if I look at many of the companies involved in cloud content related stuff, I notice the same thing. Perhaps not with the same level of artistry and fun, but it’s there. If you look at companies like Google, Dropbox, Egnyte, Microsoft, Box, Splunk, GlassIG, …. etc., you’ll notice the level of collaboration and cooperation that exists. In fact, it’s this very collaboration and cooperation that’s going to allow many of these companies to be the core set of cloud technologies that make up the next generation of Information Management and Governance solutions. Craft brewers being what they are, I suspect that cloud apps are going to be of far more interest to them than on-premises solutions.

In the same way that craft brewers experiment with techniques and ingredients, cloud vendors experiment with features, functions, methods, and requirements. Just as brewers have an openness about them, cloud vendors (the good ones) do as well. The end result in both cases is better end products for all. This Brews Brothers collaboration from Parallel 49 Brewing was pretty cool for beer fans; cloud vendors are seemingly announcing new collaborations every week that are pretty cool for those of us interested in managing and governing content.

156 BC and AB Craft Brewers

ALBERTA

http://www.alleykatbeer.com/ http://highlinebrewing.com/
http://www.annexales.com/ http://lakelandbrewing.wix.com/beer
http://www.bambrewingco.com/ http://minhasbrewery.com/minhas-micro-brewery-calgary
http://bandedpeakbrewing.com/ http://www.norsemeninn.com/
http://www.bearhillbrewingco.ca/ https://www.oldscollege.ca/community/oc-market/olds-college-brewery/index.html
http://benchcreekbrewing.com/ https://twitter.com/outcast_brewing
https://www.facebook.com/Bent-Stick-Brewing-Co-320698708092396/ https://twitter.com/PolarBrewing
http://bigrockbeer.com/ https://www.facebook.com/prairiedogbrewing/
http://www.blindmanbrewing.com/ http://redbisonbrewery.com/
http://www.boilingoar.com/ http://ribstonecreekbrewery.ca/
http://brewery-fahr.ca/ http://situationbeer.com/
http://brewsters.ca/ http://www.sixcorners.ca/#home
https://twitter.com/canmorebrewing https://www.facebook.com/somethingbeer
http://www.caravelbrewery.ca/ http://thedandybrewingcompany.com/
http://www.coldgarden.ca/ http://www.thewellbrewing.ca/
http://commoncrown.ca/ http://theorybrew.ca/
http://couleebrew.co/ http://www.toolshedbrewing.com/
https://www.facebook.com/DogIslandBrewing/ http://trolley5.com/
http://www.federationofbeer.com/ http://www.troubledmonk.com/
https://www.facebook.com/fitzbrewing/ http://twosergeantsbrewing.ca/
http://goatlockerbeer.com/ http://www.villagebrewery.com/
http://www.gpbrewingco.com/ https://twitter.com/watershedbrew
http://www.thegrizzlypaw.com/ http://www.wildrosebrewery.com/
http://halfhitchbrewing.ca/ http://www.yellowheadbrewery.com/
http://www.hellsbasement.com/

BRITISH COLUMBIA

http://33acresbrewing.com/ http://www.moodyales.com/
http://www.4milebrewingco.com/ http://www.mt-begbie.com/
http://www.aframebrewing.com/ http://nelsonbrewing.com/
http://andinabrewing.ca/ http://www.oldabbeyales.com/
http://www.arrowheadbrewingcompany.ca/ http://www.oldyalebrewing.com/
http://www.axeandbarrel.com/ http://parallel49brewing.com/
http://www.badtattoobrewing.com/ http://www.persephonebrewing.com/
https://barkervillebeer.com/ https://phillipsbeer.com/
http://brbco.ca/ http://postmarkbrewing.com/
http://www.beachfirebrewing.ca/ http://www.powellbeer.com/
http://www.blackkettlebrewing.com/ http://www.prohibitionbrewingco.com/
http://www.bnabrewing.com/ http://www.randbbrewing.com/
http://www.bomberbrewing.com/ http://www.ravens.beer/
http://www.bowenislandbeer.com/ https://twitter.com/RealCask
http://bridgebrewing.com/ http://redarrowbeer.ca/
http://www.callisterbrewing.com/ http://redcollar.ca/
https://www.cannerybrewing.com/ http://www.redtruckbeer.com/
http://www.canoebrewpub.com/ http://ridgebrewing.com/
http://www.canuckempirebrewing.com/ http://riotbrewing.com/#coming-soon
http://category12beer.com/ http://rosslandbeer.com/#!/splash-page
http://centralcitybrewing.com/ http://www.russellbeer.com/index.html
http://chaosandsolacebrewing.com/ http://www.sherwoodmountain.beer/
http://coalharbourbrewing.com/ https://silvervalleybrewing.com/
http://www.crossroadscraft.com/ http://www.sookebrewing.com/
http://cumberlandbrewing.com/ https://www.facebook.com/SookeBrew
http://dageraadbrewing.com/ http://www.spinnakers.com/
http://www.deadfrog.ca/ http://www.stanleyparkbrewery.ca/
http://deepcovecraft.com/ http://www.steamworks.com/
https://www.facebook.com/doanscraftbrewing http://steelandoak.ca/
http://www.dogwoodbrew.com/ http://steeltoad.ca/
https://driftwoodbeer.com/ http://www.stormbrewing.org/
https://twitter.com/EastVanBrewing https://strangefellowsbrewing.com/
https://twitter.com/facultybrewing http://www.strathconabeer.com/
https://www.ferniebrewing.com/ https://www.facebook.com/TallShipAleCo/
http://fieldhousebrewing.com/ http://www.moonunderwater.ca/
http://firehallbrewery.com/ http://www.theparksidebrewery.com/
http://www.foamersfolly.ca/ http://www.threeranges.com/
/www.fourwindsbrewing.ca https://www.facebook.com/TinWhistleBrew?fref=ts
http://fuggleswarlock.com/ http://tofinobrewingco.com/#tofinobrewco
http://www.gladstonebrewing.ca/ http://www.torchlightbrewing.com/
http://gib.ca/# http://townsitebrewing.com/
http://www.greenleafbrew.com/ http://tradingpostbrewing.com/
http://hathibrewing.com/ http://www.treebeer.com/
http://www.hearthstonebrewery.ca/ http://www.trenchbrew.ca/
http://www.howesound.com/ http://www.twincitybrewing.ca/
http://hoynebrewing.ca/ http://twinsailsbrewing.com/
http://www.kettleriverbrewing.ca/ http://vanislandbrewery.com/
http://www.lighthousebrewing.com/ http://www.wheelhousebrewing.com/
http://www.longwoodbeer.com/ http://whistlerbeer.com/
http://luppolobrewing.ca/ http://www.whiterockbeachbeer.com/
http://mainstreetbeer.ca/ http://whitesailsbrewing.com/
http://www.maplemeadowsbrewingco.com/ http://www.whitetoothbrewing.com/
http://www.martenbrewpub.com/ http://www.yellowdogbeer.com/
http://www.missionsprings.ca/

The BA and the Shiny Objects


diamond-1186139_1280A few weeks ago I was approached about working with an organization to help them put together a new SharePoint 2013 site to replace the one they currently have (SP2010). The business unit that approached me is responsible for engaging with stakeholders when the company wants to build infrastructure in their operating region; let’s call the unit EE (external engagement) for the sake of discussion.

Now, before I get all ranty and critical, you should know that EE wasn’t getting much love and attention from IT; this post is not about assigning blame to EE or their Business Analyst, with whom I’ll be working pretty closely. The fact is that there are problems in how IT engages with the business that are way beyond the scope of this post. As you read this post, keep in mind that a business case has been prepared and approved by IT (a VP) and EE (a Director and an SVP).

To enable [EE] to capture the benefits of SharePoint in our department, we need to revisit our existing 2010 [EE] Team site.” That quote is the first sentence of the main body of the approved business case for the project. The case goes on, in excruciating detail, to describe in non-quantifiable terms how implementing various features and functions available in SharePoint 2013 will benefit the department. What the case doesn’t contain is any sort of goal or objective from the business indicating why the project is necessary and what the measurable business outcomes ought to be. Nor does the case contain any criteria upon which project success will be based.

If I were to summarize the business case as it’s currently written, it would be something like “There’s a bunch of cool SP2013 stuff that isn’t being used and we think we can use it to make our site look pretty and show people what we’re doing and we’ve started a Proof of Concept (PoC) that we’re going to finish soon to show you just how pretty those SP2013 things will look on our site and we’re going to do whatever we want whether it’s standard or not even if it’s stuff that other projects and departments are really responsible for. Okay?”

In addition to containing a shopping list of SP2013 features to be deployed, the business case also makes assumptions about the way in which many of the features will be deployed. Now, having some insight into the organization, I can tell you unequivocally that many of those assumptions are incorrect because they don’t comply with standards and guidelines that the organization has adopted. To be fair, had IT paid more attention, these deviations would have been caught and much time and money would have been saved.

I, and others, have advocated for trying to get the most out of the technology organizations have on hand. However, that doesn’t mean that organizations should invent requirements that provide no discernable business benefits simply to make use of some feature that’s currently sitting on a shelf. What it means is that, once real business needs and benefits have been identified, organizations should look at the tools they have on hand before going out to acquire something else. Of course, this should all be bound by an organization’s standards and guidelines.

Fortunately, the business case has been approved only to get the business requirements done. The organization uses a pure waterfall, gated SDLC so I’m going to use that to our advantage and try to get things back on the right track. I’m also going to try and get the PoC descoped or killed altogether. Things aren’t so far down the path that they can’t be corrected, but it will take a fair bit of cajoling and coaching of the BA. We’ll also have to get IT more engaged but I have a pretty decent PM to help with that bit.

Things to take away from this story:

  1. Only deploy technology based on identified and accepted business needs;
  2. Have measurable outcomes defined so you can actually determine whether or not you’re succeeding;
  3. Business and IT are partners and must work together;
  4. If your BA isn’t that strong, make sure they are properly coached and supported;
  5. Don’t sign off on a business case that doesn’t contain business objectives, business drivers, or success criteria;
  6. If you’re not going to comply with corporate standards and guidelines, cool, but have solid justification for not complying[1];
  7. If the first sentence in your business case is something like “To enable [EE] to capture the benefits of SharePoint in our department, we need to revisit our existing 2010 [EE] Team site.”, you don’t actually have one;
  8. Shiny Object Disease is both preventable and curable.

 

[1] Many years ago I had a contract gig with a major airline. My sole responsibility was to evaluate non-standard IT requests to determine whether or not the provided justification was sufficient enough to warrant approving the request. I.e.: Standards and guidelines can occasionally be broken if there is valid justification.

The Hybridization of EFSS and ECM


work-in-progress-24027_1280Consumer and enterprise file synchronization and sharing popped up because people needed a way to easily share and collaborate on business content. This gave rise to the “Dropbox problem”, which is just stupid and ignores the real problem; organizations didn’t provide their people with policies and tools that allowed them to GSD[1]. Today there are plenty of options, consumer and business grade, that provide a cool experience with the security and controls that business and IT need.

Organizations that haven’t sanctioned business grade file sync and share are foolish and open to a world of pain. If they think that their people aren’t chucking content around in the wild, well, think again. Go fix that problem, it’ll take all of 5 minutes.

The bigger problem today is figuring out what goes in the cloud and what doesn’t, and then providing access to it (don’t use this as an excuse to do nothing, start with something easy and low risk). The reality is that, for any number of reasons, not everything can be chucked into cloud based repositories. Even if an organization were committed to putting 100% of its content and processes into cloud services and repositories, that would not happen overnight. That reality means many, many organizations are going to require hybrid solutions.


Cloud On-Prem Arch


The image above is not an unreasonable representation of what many organizations are faced with. It’s fair to say that even if you remove the cloud based services, organizations can’t adequately provide a single point of access to all of the on-premises content people need on a day to day basis. The problem is exacerbated when that content must be shared and collaborated on by disparate groups of stakeholders. Now add in other information governance and management requirements, such as metadata, classification, retention-disposition, e-discovery, process integration, legal and regulatory compliance, and security and the challenge is more difficult still. Toss in some cloud services and repositories and what do you end up with?

The real initial challenge was conceptually pretty simple: “I want access to content from wherever I am, using whatever device I want, and I want to work on that content with whomever I need to work on it with.”

The likes of Google, Dropbox, Microsoft (OneDrive, not SP online), Box, etc. solved that problem, but in doing so created other problems, both real and perceived. The perceived problem they created was a security one. Trust me, it’s less of a problem than most organizations storing stuff in their own data centres or networks is. The real problem they created was around information governance and management, which is a strong suit of many Enterprise Content Management (ECM) vendors.

ECM vendors like Alfresco, EMC (prior to selling off Syncplicity), OpenText, and Oracle tried to solve the initial problem, and did a fair job of it. The big problem there was cost. In order to use their file sync and share capabilities you had to be using their repositories. Sure, you could opt for a cloud deployment, but you’re still running a full-blown ECM platform (which is not necessarily a bad thing).

Google, Dropbox, Microsoft, Box, Alfresco, OpenText, and Oracle all work on the premise that your content is in their repository. If it isn’t, oh well. Syncplicity allows access to Documentum and SharePoint content, so I’ll categorize that one as a not quite semi-open option, though it does work on-premises and in the cloud.

Accellion, AirWatch (VMWare), Egnyte, and Citrix all offer hybrid solutions that may or may not work with ECM repositories in a limited capacity. However, from what I’ve seen from some of those guys the user experience is not always, shall we say, pleasant.

Of the ten vendors I’ve identified, not one is capable of providing secure, mobile access to all an organization’s content, and governing and managing it. Not one. Go and check out the latest Gartner (MQ) and Forrester (Wave) reports ranking the best of ECM and EFSS (silly market categorization); of all the vendors in those reports combined, not one can provide that combination of access, search, security, and governance.

Now, if a service were providing access to content in an ECM repository there would be no real need for that service to also provide all the information governance and management capabilities. Maybe I’m making the problem bigger than it really is. On the other hand, OneDrive, Google, and Dropbox have no governance / management capabilities to speak of, and what’s available from Box is 1st version functionality that has improving to do.

As far as I’m concerned:

  1. The initial problem has only been partially solved;
  2. There was not, is not, never will be a “Dropbox problem”;
  3. Sharing and collaborating on content is easier today than it was a couple of years ago;
  4. Platforms, apps, and API’s are the way forward;
  5. There’s still a long way to go, but holy crap have opportunities for innovation and transformation opened up.

[1] GSD – Get Sh!t Done

Cloudy With a Chance of Success – the Update


I originally posted this back in November 2011. A lot has changed since then, but there’s also a lot that hasn’t. One of the biggest things that’s changed is that Enterprise File Sync and Share (EFSS) has gained a ton of legitimacy over the last little while.

I’m reposting this for a couple of reasons: 1) There’s much in the post that is still relevant; 2) I’ll be posting something in early January that’s related and want to use this post as a kind of introduction.

I debated whether or not I should edit the original post but decided against it. I’ve simply added some comments where I felt they were necessary to clarify things, likely as much for me as for you.

CloudsThis post was inspired by this article on CMSWire by @billycripe and by the Cloud themed tweet jam hosted by CMSWire on November 17, 2011. As usual this is just my opinion.

I’m not an expert on cloud computing, I’m just some guy that likes to be able to access the content I need to do my work, from wherever I happen to be, using whatever device I feel like using at the moment. Take this post, for example; it was written on a laptop and a tablet, in a dining room and a swimming pool (not really in the pool since my tablet isn’t waterproof though that would be mega-cool).

I agree with Billy Cripe’s thoughts that Agile can (ought to) be applied in the development of cloud based ECM solutions. However, as Billy correctly states, “Managing content is not the goal of most businesses.” Most businesses exist to make money by providing products and/or services that consumers want. Businesses rely on information in order to get their stuff done, whatever their stuff is. In order to fully exploit information, the tools (i.e.: information stores) that the businesses rely on need to be connected to each other (so do the people – the tools need to facilitate this). Content / information management tools (cloud or not) need to be part of bigger picture business solutions. We need to build solutions that deliver “I need to share this” in the context of why it needs to be shared (answer why you need to share and you’ll likely figure out who and what).

Re-reading this now it seems as of the above is meant to imply that the topic is legacy ECM systems. That may have been true originally, but it’s not now. I’m really looking at this in terms of anywhere that content can be stored.

No sane person can argue the value and validity of the cloud. Except me. I’m not daft enough to think that cloud computing doesn’t have value or is not a valid approach to take. However, I do think that we’re not going to realize the full potential of the cloud (and by extension, content) if we simply limit its scope to content management. Yeah, I know that there are other things that are done in the cloud, such as CRM, payroll, and accounting.

We’ve gotten to the point where there really is no need to keep much on premises anymore.

When I refer to “cloud” I am referring to more than just the data centre, if that’s not obvious.

Content Wherever I Am

One of the cool things about content in the cloud is that my content is wherever I am. (Okay, so it’s not really my content, it’s my organization’s content.) That’s not the point, though. The point is that I can work with content wherever I happen to be, using whatever device I choose. This does assume that the chosen content repository is able to be synched appropriately. Wouldn’t it be cool, though, that if in addition to being able to work with the content and share it with collaborators (the work variety, not the WWII Nazi variety) the content could also be appropriately tagged, filed, and placed under retention at the point that I plunk it into the repository? I.e.: Cloud repositories need to become extensions of ECM and ERM systems, probably through federation.

So the whole thing about federation is a little off. This really should be thought of as centralized policy administration and enforcement.

Correctly Connecting Corporate Content

Content is spread throughout an organization; cloudification just increases the spread. When I say content, I mean anything that is stored on digital media that serves any legitimate business activity. (For obvious reasons I am excluding physical content.) A key to widespread cloud acceptance is to be to able access / leverage content in order to execute a business activity, regardless of where the various pieces of content reside. An agent in a social services organization should not have to know or care that a citizen’s information is spread over a number of repositories that could be on-premises, in a private cloud, and in a public cloud. The agent is there to service the needs of the citizen, not to figure out some (likely) convoluted architecture just to try and find stuff.

CMIS is a step in the right direction, but where CMIS falls short is that it doesn’t address non-CMS (think ECM) repositories. What we need is something that allows connecting everything that we need, when we need it. Device and location should not be factors. In fact, the only thing that a user should worry about is whether or not they have the right content to do the job. Governance, classification, and security ought to be just taken care of.

If the scope opens up to include non-ECM tools, how much of a factor is CMIS? Look at what’s happening in the broader EFSS space with open standards and open API’s.

Speaking of Governance…

Until the governance issues get sorted, I doubt very much that we’ll see widespread adoption of public cloud services. Smaller organizations, organizations with lax regulatory / privacy regulations, and organizations that can bully providers into rock-solid SLA’s may be able to go full public cloud, but I doubt they will. I think the reality is that organizations will end up having hybrid environments of cloud and on-premises.

When I say governance I am not only referring to the poo that legislators, regulators and litigators throw in our way. Governance needs to address issues such as:

  1. what can / should be stored in the cloud
  2. service level agreements
  3. disaster recovery / business continuity
  4. security
  5. classification / categorization
  6. retention & disposition (thanks to @JamesLappin & @AlanPelzSharpe for bringing this up)

Governance of cloud content has to deal with all of the things that we need to deal with for on-premises stored content, with the added complication that we also have to deal with where the damn box is and if some foreign government can get at it whenever they bloody well feel like it. Canada’s Anti-terrorism Act and the United States’ PATRIOT Act are not going to be very helpful in encouraging organizations to move to the cloud in a big way.

With so many employees using consumer devices and consumer services it’s better to accept the potential peek from the government than it is to continue to deny things and have content out in the wild.

Parting Shots

  1. Hybrid (cloud / on-premises) will be in the majority
  2. Governance (internally & externally imposed) has to be figured out
  3. Integration / interoperability are critical
  4. Privacy concerns and government snooping are major inhibitors (@ron_miller wrote a pretty good piece about this)
  5. If we’re not careful we’ll just move the mess from our hard drives to someone else’s
  6. Some Systems of Record will end up in the cloud, if they’re not already there
  7. Services are where it’s at

Bonus Material

I couldn’t decide which song I wanted to use for this post, so you’re getting three:

  1. CCR – Have You Ever Seen the Rain?
  2. CCR – Who’ll Stop the Rain?
  3. SRV – Couldn’t Stand the Weather

A couple definitions for those that think it should be “on-premise”

  1. http://oxforddictionaries.com/definition/premise
  2. http://oxforddictionaries.com/definition/premises

 

You’re out of Your Mind


crazy faceYou’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting stuff in the cloud is dangerous.

When I mentioned to a client of mine that some of their users were using consumer file sharing services there were noddings of heads, murmurs of assent, and an “OMG how does he know?” Less than five hours after I mentioned it in a meeting, an exec from one of the stakeholder groups got a call from security stating that her team was violating policy by using Dropbox. This client had deployed an Enterprise Content Management platform. One of the key drivers for the platform is sharing of content among collaborators. One of the key inhibitors is Citrix. So, what do the users do? They email documents to each other. They store stuff on local drives. They get laptops with intellectual property and personal information stolen, and can’t wipe the laptops or recover the content. They use cloud services to store sensitive information. And security struts around proudly thinking they’ve done something. They have; they’ve created a security hole bigger than the one they tried to plug. Hell, even the frickin’ President was storing company confidential documents in his personal Dropbox account.

So I mention to the client that they may want to use an Enterprise File Syncing and Sharing (EFSS – I really don’t like this term) service like, I dunno, BOX! (Yeah, I like Box. So what?) Their Director of IT Infrastructure tells me that the execs are scared of any service that stores data in the U.S. because of the PATRIOT act. Really? Do they not know that Canada has an equally odious piece of legislation? Do they not realize that if the U.S. government wants to get at stuff in Canadian data centres they will? And dig this … Box is working on something that would let the customer (that’s you, btw) maintain control of, and access to, encryption keys. No more sneak attacks by those pesky gubbmint people. Hey, they can still come to you and ask, but at least you’ll know, no?  Can you imagine!?!

Every time I have these types of conversations with people I usually end up wanting to lay a choke hold on someone. Whether it’s for spreading FUD (Fear, Uncertainty, Doubt) or for believing it … I’m not sure which irritates me more.

Blocking access to file sharing services doesn’t work. People will find other ways to connect (e.g.: phones make great wi-fi access points) or email documents around. Instead of blocking access to consumer services, IT and security ought to: 1) find out why staff is using the services in the first place; 2) identify and provision SECURE enterprise grade services; 3) develop appropriate policies for using EFSS services, including remedial action for violating the policies. If staff are using consumer services to share business content it’s a pretty safe bet something is wrong with the corporately provided tools. Fix them.

Part of the fix may actually be to provision EFSS to staff. Think about it before you have a freakin’ hissy fit. EFSS providers make money by providing a secure way for people to share content and collaborate. How do you make money? What’s your core strength? Hell, you can’t even stop your staff from sharing content unsecurely (is that even a word?).

Help Wanted – Testing a Survey


I am putting together a survey for an upcoming project and I need your help. I am testing two things: 1) whether or not PollDaddy is a reasonable tool to use, and; B) the survey. You can send feedback via the survey (last question), via this blog post, or directly to me via email (walkerchrisp@gmail.com). Please feel free to pass this on. Depending on the responses received, I may use the results to come up with a clever hypothesis, or not.

The project, as originally defined by the client, is to develop a records management strategy. However, between the client and I we’ve redefined the project to encompass all information and support corporate objectives (I’ve actually read and understood their corp strategy docs). The current phase is to document the current state of records and information management, come up with a target state, and develop an implementation roadmap to get from here to there.

The intended audience for the survey is the entire organization (they’re not really that huge). Survey completion will be mandatory for all directors and above, for everyone else it is optional. My point with doing this survey is to have information that is directly applicable to the client, rather than relying on industry or generic information.

The survey http://christianpwalker.polldaddy.com/s/records-information-management-what-you-know-what-you-think

 

Random Graph

Governance Sucks but Doesn’t Have To


Governance is the Super Ego to the Id of collaboration.

If you’re an information consumer or producer, governance sucks. Think about it; all you really want to do is get the info you need or pass stuff on to stakeholders. Maybe what you need is to be able to work on something as a group. You try, but you’re info-blocked at every turn. The amount of crap one must put up with in order to create or consume relevant information, or to collaborate, is enough to drive one to drink (but in a responsible manner & you take a cab home).

Let’s start with something simple … You want to create a document & share it with stakeholders. Easy, right? Not! It used to be that the biggest challenge was making sure the content was appropriate to the purpose. Now you also have to worry about whether or not the stakeholders have the rights to see the content, how long the content will be relevant for, how many copies there are (or will be), whether or not the content could be relevant in legal proceedings, and where the hell to classify it (what is this “classify” thing, anyways?”).

Governance is all the rules, regulations, legislation, standards, and policies with which we need to comply when we create, share, and use information. Don’t misunderstand me; it’s not the results or purposes of governance that annoy me, it’s how governance is applied. The in-your-face, gavel banging, fanaticism driven approach of many of the legal, risk, and compliance crowd is the issue.

Many of these folks are trying to manage electronic content the same way that paper has been managed; that’s like trying to perform “brain surgery too, mama, with a monkey wrench” (props to those who identify the song, band, and album without using any search engines).

The Good:

  • Facilitates finding what you need when you need it;
  • Reduces legal risk;
  • Preserves history and corporate memory;
  • Secures information from inappropriate exposure;
  • Facilitates good decision making.

The Bad:

  • Increases complexity;
  • Introduces bottlenecks;
  • Prioritizes compliance obligations over getting work done;

The Ugly:

  • Turns users into Records Managers;
  • Users circumvent the rules;
  • Perception is we’re making progress, reality is we’re not.

Why There’s Hope

If everybody would just chill for five minutes, we could get this under control in a manner that makes sense and provides the benefits that governance ought to provide. Even though the same rules apply, electronic content cannot be managed the same way as physical content.

  • Users aren’t Records Managers, nor do they want to be.
  • Policies aren’t the problem, procedures are.
  • Pretending social media doesn’t exist won’t have any effect on your obligations.
  • Some governance is better than no governance.
  • It doesn’t have to be perfect, you just need to make a reasonable effort.

Most credible EIM providers (ECM for you dinosaurs) have the tools to implement effective governance in their arsenals. But don’t go to them and ask them to implement governance until you’ve actually sorted out what it is in your organization. It’s your task to develop the policies, it’s our task to advise you on how best to develop and implement the procedures.

When you and I sit down and talk about governance, if the only team you bring to the table is Legal/Risk/Compliance, I am going to shut the conversation down in about two minutes. The only way that I can help you implement governance that doesn’t suck is to deal directly with all the affected stakeholders (groups, not individuals). One of the toughest collaboration challenges an organization faces may be trying to define a truly effective governance framework that serves the needs of all affected stakeholders. If those stakeholders don’t have a voice, it’s not gonna happen.

If you’re running a real EIM solution and your users have to think about where to file content, you’ve mucked up your deployment. It doesn’t matter if you go big bucket or not, a good deployment uses auto-classification, profiles, workflow, etc. to take the governance burden off the users and put it squarely on the system. If you think classifications and retention schedules are the same thing, there’s not an EIM solution on the planet that’s gonna help you and you’re not an Information Professional.

You’ve done governance right when:

  • Users focus on their jobs, nothing else;
  • You get defensible disposition and it’s implemented;
  • People find the information they need, when they need it;
  • Information leaks are down to an acceptable level (face it, it’s not going to get to zero);
  • Your corporate counsel can focus on attacking instead of defending;
  • Social media doesn’t scare you;
  • The only people thinking about governance are those who are paid to.

Gamification – Dumbest made-up word ever?


WARNING: This post contains swear words. They’re there ‘cause of my mood when I wrote this in reaction to a gamification discussion. I’m all better now, thanks. 

This was originally posted on AIIM

Of all the buzzwords & acronyms being bandied about out there, “gamification” pisses me off above all others (maybe it deserves a shiny badge). I cringe whenever I hear it or read it. It cheapens what I and others have worked our asses off to achieve in our careers. It reminds me of the fat kid in grade 6 that got a ribbon because he managed an astonishing 7 situps in 1 minute (for the record, it wasn’t me). As a professional, equating my work with games, however obliquely, insults me. Games are what I play with my friends and family.

I was raised to work hard, though I didn’t always do so as a student. At school you worked to get the grades and not spend more than one year per grade. If you were the smartest kid in school you may have gotten an exemption from finals, a scholarship, or beat up.  Professionally, you worked hard (and smart, I hope) to get your stuff done and get ahead. If you didn’t get your stuff done you were rewarded with time off ‘cause they fired your ass for being deadwood, and you deserved it. Rewarding / recognizing people for doing just enough to get from grade 3 to 4 or to keep their jobs (reward enough, I say) is sheer lunacy.

My kids don’t get rewarded for just doing stuff that’s expected of them (e.g.: cleaning their rooms, picking up after pets, doing well in school). They get rewarded for exceptional behaviour & performance; the rest is just life. I don’t get rewarded for just showing up and doing my job in an ordinary, expected way. I get rewarded when I perform above expectations. If I or my kids don’t meet expectations in our respective roles bad things happen. Such is life.

The key, my fellow planetarians, is to set the expectations early and define what one need do to earn the rewards / recognition. Apparently, doing the dishes does not automatically entitle me to “get some”, but if I don’t do them it’s automatic that I won’t? WTF is that about? Anyways …

I have no objection to reward & recognition schemes. In fact, I’ve received and doled out plenty of recognition (the positive kind) over the years. Rewards / recognition have been tangible (e.g.: bonus $, raise, promotion, time off, gift cards) and intangible (peer/client/manager figurative pats on the back). Most people, me included, are happy to receive them. But we’ve generally received them because we’ve performed exceptionally or taken on additional responsibilities. I can’t recall one instance in my career where I’ve given or received a reward for simply doing my job. It’s just not something that makes any sense to me.

Like I said, rewarding / recognizing people for exceptional performance or taking on additional responsibilities is fine. In fact, it’s a freakin’ critical thing to do because it helps to motivate people and keep them interested in their work. It can also help motivate the unexceptional to become exceptional. I truly believe that it’s a necessary thing to do and that it benefits all involved.

One of the areas that [the word I hate] is being linked to is social collaboration (which also sucks ass as a term because how the hell are you gonna collaborate if you’re not being social), especially as related to identifying experts. It works like this:

  1. Say something not completely stupid.
  2. Someone, who may or may not be stupid, rates your stuff (or gives you a badge or a cookie or a pin, who cares?).
  3. Someone else sees the rating, and being equally as stupid, or not, bugs your ass for your opinion or for help.

Uh, WTF? I do good work and get “rewarded” by more people bugging me? What kind of psycho place is this?

Identifying experts is good. It helps those seeking advice by providing resources to tap. It helps those providing advice by making them think a bit more and pushing them to be better (and the ego stroking likely doesn’t hurt). But calling it [the word I hate] does everyone a disservice. Experts have worked extremely hard to get where they are, and many truly enjoy what they do and helping others. The folks looking for advice are likely stuck on something that may or may not be hugely important. I’m not certain that anyone involved wants their situation or efforts equated to playing games.

When I write a post I don’t write it to garner likes, +1’s, follower, or increase my Klout score (Klout is Krap, IMO). I write because I have something to say that I think and hope will benefit someone, or at least make them think. If someone provides positive feedback I appreciate it. If someone provides negative feedback I appreciate that too and try to be better the next time (unless they’re just being a dick). If someone reaches out and asks for advice, an opinion, or help, I provide it gladly with no expectation of getting a badge or biscuit. I do it because I am social just like every one of you reading this. Sometimes I write because I get pissed off and need to get something off my chest. On those occasions feel free to ignore me, just like my wife and kids do when I go all bat-shit crazy over something.

As a consumer, I love [the word I hate], but prefer to call it loyalty rewards or some such. I like going out and spending money on stuff, getting points, and using the points to get more stuff for FREEEEEE!!! I also like discounts, upgrades, and complimentary in-flight hookers (not available on domestic flights). But when it comes to me spending money that I’ve worked hard to earn, don’t equate it to playing games.

I’ll give [the word I hate] a little slack on social media & social networks. Earning “stuff” on Facebook (was thoroughly disillusioned to learn that “poking” wasn’t nearly as exciting as I’d imagined) games, Foursquare, Klout, …, doesn’t bug me, mainly because I don’t take them all that seriously (like I do my work & my family).

[Added 2012-06-20 …

On the corporate side, there’s a few areas where I think [the word I hate] is apt:

  1. Projects requiring participation of people that have “real” jobs;
  2. Organizational change management;
  3. User adoption.

When you pull staff onto a project they’re still typically expected to do their day jobs. They’re also generally not used to working on projects; there’s a huge change in dynamics from doing an operational role (e.g.: claims processing) to being the subject matter expert in JAD (Joint Application Design) sessions for a new claims system. Doing something as seemingly insignificant as awarding a prize for the best project name can reap huge dividends.

Organizational change management and user adoption are other areas where it pays to “play”. Adapting to new tools and methods is not easy for most people. Even if people hate the tools and methods they’ve been using, they’re used to them and some really are resistant to change. Providing people with goals, tools to reach them, and incentives for reaching them is a good thing. [The word I hate] won’t make the transition any easier, but it ought to serve to get the participants more involved and also provide them with a way to measure their progress.

…]

Give me a raise or a bonus, give me a pat on the back, ask me for my “expert” opinion / advice; I’m cool with all those things if I’ve earned them. Just don’t equate what I do professionally to playing games. Maybe I’m just a grumpy old bastard. If so, I’m perfectly fine with that. It’s not the application of game theory I hate; it’s the label we’ve given it. When applied to so many aspects of our lives I find it diminishes us, our efforts, and our accomplishments.

Note: none of this applies to people who actually play games for a living. E.g.: Bowling, darts, pool. I don’t care what channel they’re televised on, they are not sports.

%d bloggers like this: