Note: this post contains links to every craft brewery in British Columbia and Alberta that I could find. Sadly, I have yet to sample all of their wares.
Anyone who’s been paying attention lately, or who has met me in person, knows that I’m fairly passionate about Information Management and Craft Beer. Depending on the day, my passion for one is slightly higher than my passion for the other. What does one have to do with the other? I’m glad you asked. Please bear with me, this may take a while. Three things happened that resulted in a new vision for me:
- In late June at a networking event in Calgary I met Chris. Chris is one of the co-founders of Caravel Craft Brewery in Calgary. Over a couple pints of IPA from Last Best Brewing, Chris and I started chatting about beer. It turns out that we both love beer, though he knows a ton more about it than I do. My expertise is limited to knowing what I do and don’t like.
- A few weeks later, just prior to the Calgary Stampede, I saw a feature on CBC News about craft beer being shut out of official Stampede events because one of the Big Beer companies had the beer contract. One of the guys from Tool Shed Brewing was talking about how there is more than enough space and thirsty Stampeders for all to benefit. And, what better place and time to showcase all the wonderful Alberta craft beer producers.
- A snarky comment about whether a tour of Village Brewery could be used to make money led to a “why not” moment. I took the picture in this post during that tour, by the way. I also ate a cascade hop pellet – that was a mistake.
So far I’ve been able to find 156 craft brewers in British Columbia and Alberta. Starting with Alberta, I decided that I was going to reach out to all of them and pitch my services to them. I mean, they have a fair bit of paperwork to deal with, right? They produce alcoholic beverages which means much governmental regulation stuff to deal with. They use big shiny equipment which means maintenance and safety stuff. They do stuff which means various types of operating procedures. I’m betting that there is a lot of paper to deal with in a craft brewery and I want to help brewers get rid of it as much as possible. Basically, I want the brewers to be able to concentrate on brewing great craft beer, not pushing paper around.
So I wrote to all the breweries in Alberta telling them what I wanted to do and why. The first response I got was a phone call from the CEO of a brewery located in Calgary. The dude called within 15 minutes of my email and we chatted for about 20 minutes. However, he wanted to chat about craft brewery specific ERP (there is such a thing) rather than content management. So now I’ve got to go and reach out to a bunch of brewery management software vendors, mobile app developers, and consultants to see if we can collaborate (I think we can).
There is a market there, but information management / governance is not the springboard (something I’ve said for some time now, frankly). It’s going to rely on solving the immediate challenges the brewers have and moving on from there. I’m not saying IM and IG aren’t important, they’re just not the immediate need.
So what does the above have to do with the Cloud? Well, a lot, actually.
One of the really cool things I’ve noticed about the craft beer community is that it’s, well, a community as much as it is an industry, maybe more. Despite being competitors, craft brewers collaborate, a lot. Not only do they get together and jointly concoct sudsy, hoppy wonderbeers, they invite others to have guest taps and share brewing facilities to help each other out.
Now, if I look at many of the companies involved in cloud content related stuff, I notice the same thing. Perhaps not with the same level of artistry and fun, but it’s there. If you look at companies like Google, Dropbox, Egnyte, Microsoft, Box, Splunk, GlassIG, …. etc., you’ll notice the level of collaboration and cooperation that exists. In fact, it’s this very collaboration and cooperation that’s going to allow many of these companies to be the core set of cloud technologies that make up the next generation of Information Management and Governance solutions. Craft brewers being what they are, I suspect that cloud apps are going to be of far more interest to them than on-premises solutions.
In the same way that craft brewers experiment with techniques and ingredients, cloud vendors experiment with features, functions, methods, and requirements. Just as brewers have an openness about them, cloud vendors (the good ones) do as well. The end result in both cases is better end products for all. This Brews Brothers collaboration from Parallel 49 Brewing was pretty cool for beer fans; cloud vendors are seemingly announcing new collaborations every week that are pretty cool for those of us interested in managing and governing content.
156 BC and AB Craft Brewers
A few weeks ago I was approached about working with an organization to help them put together a new SharePoint 2013 site to replace the one they currently have (SP2010). The business unit that approached me is responsible for engaging with stakeholders when the company wants to build infrastructure in their operating region; let’s call the unit EE (external engagement) for the sake of discussion.
Now, before I get all ranty and critical, you should know that EE wasn’t getting much love and attention from IT; this post is not about assigning blame to EE or their Business Analyst, with whom I’ll be working pretty closely. The fact is that there are problems in how IT engages with the business that are way beyond the scope of this post. As you read this post, keep in mind that a business case has been prepared and approved by IT (a VP) and EE (a Director and an SVP).
“To enable [EE] to capture the benefits of SharePoint in our department, we need to revisit our existing 2010 [EE] Team site.” That quote is the first sentence of the main body of the approved business case for the project. The case goes on, in excruciating detail, to describe in non-quantifiable terms how implementing various features and functions available in SharePoint 2013 will benefit the department. What the case doesn’t contain is any sort of goal or objective from the business indicating why the project is necessary and what the measurable business outcomes ought to be. Nor does the case contain any criteria upon which project success will be based.
If I were to summarize the business case as it’s currently written, it would be something like “There’s a bunch of cool SP2013 stuff that isn’t being used and we think we can use it to make our site look pretty and show people what we’re doing and we’ve started a Proof of Concept (PoC) that we’re going to finish soon to show you just how pretty those SP2013 things will look on our site and we’re going to do whatever we want whether it’s standard or not even if it’s stuff that other projects and departments are really responsible for. Okay?”
In addition to containing a shopping list of SP2013 features to be deployed, the business case also makes assumptions about the way in which many of the features will be deployed. Now, having some insight into the organization, I can tell you unequivocally that many of those assumptions are incorrect because they don’t comply with standards and guidelines that the organization has adopted. To be fair, had IT paid more attention, these deviations would have been caught and much time and money would have been saved.
I, and others, have advocated for trying to get the most out of the technology organizations have on hand. However, that doesn’t mean that organizations should invent requirements that provide no discernable business benefits simply to make use of some feature that’s currently sitting on a shelf. What it means is that, once real business needs and benefits have been identified, organizations should look at the tools they have on hand before going out to acquire something else. Of course, this should all be bound by an organization’s standards and guidelines.
Fortunately, the business case has been approved only to get the business requirements done. The organization uses a pure waterfall, gated SDLC so I’m going to use that to our advantage and try to get things back on the right track. I’m also going to try and get the PoC descoped or killed altogether. Things aren’t so far down the path that they can’t be corrected, but it will take a fair bit of cajoling and coaching of the BA. We’ll also have to get IT more engaged but I have a pretty decent PM to help with that bit.
Things to take away from this story:
- Only deploy technology based on identified and accepted business needs;
- Have measurable outcomes defined so you can actually determine whether or not you’re succeeding;
- Business and IT are partners and must work together;
- If your BA isn’t that strong, make sure they are properly coached and supported;
- Don’t sign off on a business case that doesn’t contain business objectives, business drivers, or success criteria;
- If you’re not going to comply with corporate standards and guidelines, cool, but have solid justification for not complying;
- If the first sentence in your business case is something like “To enable [EE] to capture the benefits of SharePoint in our department, we need to revisit our existing 2010 [EE] Team site.”, you don’t actually have one;
- Shiny Object Disease is both preventable and curable.
 Many years ago I had a contract gig with a major airline. My sole responsibility was to evaluate non-standard IT requests to determine whether or not the provided justification was sufficient enough to warrant approving the request. I.e.: Standards and guidelines can occasionally be broken if there is valid justification.
Consumer and enterprise file synchronization and sharing popped up because people needed a way to easily share and collaborate on business content. This gave rise to the “Dropbox problem”, which is just stupid and ignores the real problem; organizations didn’t provide their people with policies and tools that allowed them to GSD. Today there are plenty of options, consumer and business grade, that provide a cool experience with the security and controls that business and IT need.
Organizations that haven’t sanctioned business grade file sync and share are foolish and open to a world of pain. If they think that their people aren’t chucking content around in the wild, well, think again. Go fix that problem, it’ll take all of 5 minutes.
The bigger problem today is figuring out what goes in the cloud and what doesn’t, and then providing access to it (don’t use this as an excuse to do nothing, start with something easy and low risk). The reality is that, for any number of reasons, not everything can be chucked into cloud based repositories. Even if an organization were committed to putting 100% of its content and processes into cloud services and repositories, that would not happen overnight. That reality means many, many organizations are going to require hybrid solutions.
The image above is not an unreasonable representation of what many organizations are faced with. It’s fair to say that even if you remove the cloud based services, organizations can’t adequately provide a single point of access to all of the on-premises content people need on a day to day basis. The problem is exacerbated when that content must be shared and collaborated on by disparate groups of stakeholders. Now add in other information governance and management requirements, such as metadata, classification, retention-disposition, e-discovery, process integration, legal and regulatory compliance, and security and the challenge is more difficult still. Toss in some cloud services and repositories and what do you end up with?
The real initial challenge was conceptually pretty simple: “I want access to content from wherever I am, using whatever device I want, and I want to work on that content with whomever I need to work on it with.”
The likes of Google, Dropbox, Microsoft (OneDrive, not SP online), Box, etc. solved that problem, but in doing so created other problems, both real and perceived. The perceived problem they created was a security one. Trust me, it’s less of a problem than most organizations storing stuff in their own data centres or networks is. The real problem they created was around information governance and management, which is a strong suit of many Enterprise Content Management (ECM) vendors.
ECM vendors like Alfresco, EMC (prior to selling off Syncplicity), OpenText, and Oracle tried to solve the initial problem, and did a fair job of it. The big problem there was cost. In order to use their file sync and share capabilities you had to be using their repositories. Sure, you could opt for a cloud deployment, but you’re still running a full-blown ECM platform (which is not necessarily a bad thing).
Google, Dropbox, Microsoft, Box, Alfresco, OpenText, and Oracle all work on the premise that your content is in their repository. If it isn’t, oh well. Syncplicity allows access to Documentum and SharePoint content, so I’ll categorize that one as a not quite semi-open option, though it does work on-premises and in the cloud.
Accellion, AirWatch (VMWare), Egnyte, and Citrix all offer hybrid solutions that may or may not work with ECM repositories in a limited capacity. However, from what I’ve seen from some of those guys the user experience is not always, shall we say, pleasant.
Of the ten vendors I’ve identified, not one is capable of providing secure, mobile access to all an organization’s content, and governing and managing it. Not one. Go and check out the latest Gartner (MQ) and Forrester (Wave) reports ranking the best of ECM and EFSS (silly market categorization); of all the vendors in those reports combined, not one can provide that combination of access, search, security, and governance.
Now, if a service were providing access to content in an ECM repository there would be no real need for that service to also provide all the information governance and management capabilities. Maybe I’m making the problem bigger than it really is. On the other hand, OneDrive, Google, and Dropbox have no governance / management capabilities to speak of, and what’s available from Box is 1st version functionality that has improving to do.
As far as I’m concerned:
- The initial problem has only been partially solved;
- There was not, is not, never will be a “Dropbox problem”;
- Sharing and collaborating on content is easier today than it was a couple of years ago;
- Platforms, apps, and API’s are the way forward;
- There’s still a long way to go, but holy crap have opportunities for innovation and transformation opened up.
 GSD – Get Sh!t Done
I originally posted this back in November 2011. A lot has changed since then, but there’s also a lot that hasn’t. One of the biggest things that’s changed is that Enterprise File Sync and Share (EFSS) has gained a ton of legitimacy over the last little while.
I’m reposting this for a couple of reasons: 1) There’s much in the post that is still relevant; 2) I’ll be posting something in early January that’s related and want to use this post as a kind of introduction.
I debated whether or not I should edit the original post but decided against it. I’ve simply added some comments where I felt they were necessary to clarify things, likely as much for me as for you.
I’m not an expert on cloud computing, I’m just some guy that likes to be able to access the content I need to do my work, from wherever I happen to be, using whatever device I feel like using at the moment. Take this post, for example; it was written on a laptop and a tablet, in a dining room and a swimming pool (not really in the pool since my tablet isn’t waterproof though that would be mega-cool).
I agree with Billy Cripe’s thoughts that Agile can (ought to) be applied in the development of cloud based ECM solutions. However, as Billy correctly states, “Managing content is not the goal of most businesses.” Most businesses exist to make money by providing products and/or services that consumers want. Businesses rely on information in order to get their stuff done, whatever their stuff is. In order to fully exploit information, the tools (i.e.: information stores) that the businesses rely on need to be connected to each other (so do the people – the tools need to facilitate this). Content / information management tools (cloud or not) need to be part of bigger picture business solutions. We need to build solutions that deliver “I need to share this” in the context of why it needs to be shared (answer why you need to share and you’ll likely figure out who and what).
Re-reading this now it seems as of the above is meant to imply that the topic is legacy ECM systems. That may have been true originally, but it’s not now. I’m really looking at this in terms of anywhere that content can be stored.
No sane person can argue the value and validity of the cloud. Except me. I’m not daft enough to think that cloud computing doesn’t have value or is not a valid approach to take. However, I do think that we’re not going to realize the full potential of the cloud (and by extension, content) if we simply limit its scope to content management. Yeah, I know that there are other things that are done in the cloud, such as CRM, payroll, and accounting.
We’ve gotten to the point where there really is no need to keep much on premises anymore.
When I refer to “cloud” I am referring to more than just the data centre, if that’s not obvious.
Content Wherever I Am
One of the cool things about content in the cloud is that my content is wherever I am. (Okay, so it’s not really my content, it’s my organization’s content.) That’s not the point, though. The point is that I can work with content wherever I happen to be, using whatever device I choose. This does assume that the chosen content repository is able to be synched appropriately. Wouldn’t it be cool, though, that if in addition to being able to work with the content and share it with collaborators (the work variety, not the WWII Nazi variety) the content could also be appropriately tagged, filed, and placed under retention at the point that I plunk it into the repository? I.e.: Cloud repositories need to become extensions of ECM and ERM systems, probably through federation.
So the whole thing about federation is a little off. This really should be thought of as centralized policy administration and enforcement.
Correctly Connecting Corporate Content
Content is spread throughout an organization; cloudification just increases the spread. When I say content, I mean anything that is stored on digital media that serves any legitimate business activity. (For obvious reasons I am excluding physical content.) A key to widespread cloud acceptance is to be to able access / leverage content in order to execute a business activity, regardless of where the various pieces of content reside. An agent in a social services organization should not have to know or care that a citizen’s information is spread over a number of repositories that could be on-premises, in a private cloud, and in a public cloud. The agent is there to service the needs of the citizen, not to figure out some (likely) convoluted architecture just to try and find stuff.
CMIS is a step in the right direction, but where CMIS falls short is that it doesn’t address non-CMS (think ECM) repositories. What we need is something that allows connecting everything that we need, when we need it. Device and location should not be factors. In fact, the only thing that a user should worry about is whether or not they have the right content to do the job. Governance, classification, and security ought to be just taken care of.
If the scope opens up to include non-ECM tools, how much of a factor is CMIS? Look at what’s happening in the broader EFSS space with open standards and open API’s.
Speaking of Governance…
Until the governance issues get sorted, I doubt very much that we’ll see widespread adoption of public cloud services. Smaller organizations, organizations with lax regulatory / privacy regulations, and organizations that can bully providers into rock-solid SLA’s may be able to go full public cloud, but I doubt they will. I think the reality is that organizations will end up having hybrid environments of cloud and on-premises.
When I say governance I am not only referring to the poo that legislators, regulators and litigators throw in our way. Governance needs to address issues such as:
- what can / should be stored in the cloud
- service level agreements
- disaster recovery / business continuity
- classification / categorization
- retention & disposition (thanks to @JamesLappin & @AlanPelzSharpe for bringing this up)
Governance of cloud content has to deal with all of the things that we need to deal with for on-premises stored content, with the added complication that we also have to deal with where the damn box is and if some foreign government can get at it whenever they bloody well feel like it. Canada’s Anti-terrorism Act and the United States’ PATRIOT Act are not going to be very helpful in encouraging organizations to move to the cloud in a big way.
With so many employees using consumer devices and consumer services it’s better to accept the potential peek from the government than it is to continue to deny things and have content out in the wild.
- Hybrid (cloud / on-premises) will be in the majority
- Governance (internally & externally imposed) has to be figured out
- Integration / interoperability are critical
- Privacy concerns and government snooping are major inhibitors (@ron_miller wrote a pretty good piece about this)
- If we’re not careful we’ll just move the mess from our hard drives to someone else’s
- Some Systems of Record will end up in the cloud, if they’re not already there
- Services are where it’s at
I couldn’t decide which song I wanted to use for this post, so you’re getting three:
A couple definitions for those that think it should be “on-premise”
You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting stuff in the cloud is dangerous.
When I mentioned to a client of mine that some of their users were using consumer file sharing services there were noddings of heads, murmurs of assent, and an “OMG how does he know?” Less than five hours after I mentioned it in a meeting, an exec from one of the stakeholder groups got a call from security stating that her team was violating policy by using Dropbox. This client had deployed an Enterprise Content Management platform. One of the key drivers for the platform is sharing of content among collaborators. One of the key inhibitors is Citrix. So, what do the users do? They email documents to each other. They store stuff on local drives. They get laptops with intellectual property and personal information stolen, and can’t wipe the laptops or recover the content. They use cloud services to store sensitive information. And security struts around proudly thinking they’ve done something. They have; they’ve created a security hole bigger than the one they tried to plug. Hell, even the frickin’ President was storing company confidential documents in his personal Dropbox account.
So I mention to the client that they may want to use an Enterprise File Syncing and Sharing (EFSS – I really don’t like this term) service like, I dunno, BOX! (Yeah, I like Box. So what?) Their Director of IT Infrastructure tells me that the execs are scared of any service that stores data in the U.S. because of the PATRIOT act. Really? Do they not know that Canada has an equally odious piece of legislation? Do they not realize that if the U.S. government wants to get at stuff in Canadian data centres they will? And dig this … Box is working on something that would let the customer (that’s you, btw) maintain control of, and access to, encryption keys. No more sneak attacks by those pesky gubbmint people. Hey, they can still come to you and ask, but at least you’ll know, no? Can you imagine!?!
Every time I have these types of conversations with people I usually end up wanting to lay a choke hold on someone. Whether it’s for spreading FUD (Fear, Uncertainty, Doubt) or for believing it … I’m not sure which irritates me more.
Blocking access to file sharing services doesn’t work. People will find other ways to connect (e.g.: phones make great wi-fi access points) or email documents around. Instead of blocking access to consumer services, IT and security ought to: 1) find out why staff is using the services in the first place; 2) identify and provision SECURE enterprise grade services; 3) develop appropriate policies for using EFSS services, including remedial action for violating the policies. If staff are using consumer services to share business content it’s a pretty safe bet something is wrong with the corporately provided tools. Fix them.
Part of the fix may actually be to provision EFSS to staff. Think about it before you have a freakin’ hissy fit. EFSS providers make money by providing a secure way for people to share content and collaborate. How do you make money? What’s your core strength? Hell, you can’t even stop your staff from sharing content unsecurely (is that even a word?).
I am putting together a survey for an upcoming project and I need your help. I am testing two things: 1) whether or not PollDaddy is a reasonable tool to use, and; B) the survey. You can send feedback via the survey (last question), via this blog post, or directly to me via email (firstname.lastname@example.org). Please feel free to pass this on. Depending on the responses received, I may use the results to come up with a clever hypothesis, or not.
The project, as originally defined by the client, is to develop a records management strategy. However, between the client and I we’ve redefined the project to encompass all information and support corporate objectives (I’ve actually read and understood their corp strategy docs). The current phase is to document the current state of records and information management, come up with a target state, and develop an implementation roadmap to get from here to there.
The intended audience for the survey is the entire organization (they’re not really that huge). Survey completion will be mandatory for all directors and above, for everyone else it is optional. My point with doing this survey is to have information that is directly applicable to the client, rather than relying on industry or generic information.