A while ago I was pointed to an article proclaiming that Information Governance is no longer necessary (ROFLMAO). I laughed because I think its grasp on reality is about as firm as that of whoever proclaimed that ECM is dead. However, once you get past the intermangling of “governance” and “management”, there are a couple threads that have validity.
Today’s technology and architecture are definitely built to encourage sharing and collaboration, and that is an awesome thing. As for a good digital workplace being a “bellwether of your company culture”, humph. “Digital workplace” is very tool and mechanics oriented, and has little to do with defining culture. A digital workplace (i.e.: tools) enables a culture that encourages trying stuff out, collaboration, openness, whatever. And the digital-ness of one’s workplace depends highly on what and where one’s workplace is. By the way, I am of the opinion that if paper can be eliminated from the workplace paper should be eliminated from the workplace (please insert caveats about having the right tech available and the required bandwidth). The more digital “aides” we have to help us do our core jobs and not have to worry about governance and management of information, the better.
(information) Governance is needed. Always has been, always will be. The level (think rigour) of governance required, and the manner in which governance is implemented vary depending on what information is in scope, what your regulatory obligations look like, what your internal policies are, and on and on and on.
The way work gets done and the tools used have changed to the point that governance has to change, rather than go away. The reality is that governance needs to be more stringent than ever before. Solution architectures today are designed to include multiple services, applications, data centres, and service providers. Regardless of how nimble and user-delighting the solution is, the governance requirements and challenges are exponentially tougher than when all you had was a single custom application that no one liked but it did the job.
We’re being handed ever more simple and elegant devices and apps with which to do our jobs. But, as everyone ought to know, the easier things look to the user, the tougher it was to build it and maintain it, and to impose an appropriate level of governance.
Fortunately, the tools we’re using to do information governance and management are changing as well. Egnyte, Dropbox, Box, Google, and a host of others are delivering applications and experiences that make many aspects information governance and management easier and more lightweight, and hidden from the everyday user. Even some of the legacy ECM vendors are getting in on the act.
Goodbye Governance? I don’t think so. What I find a bit amusing about the article is that it was written by someone who works in a space that, from a tool perspective, is littered with stories about failures that could have been prevented with … GOVERNANCE! Governance, you’ve come a long way, baby. (quote plagiarized from some 1970’s ad campaign for a product that’s no longer legal to advertise).
In this video, from Boxworks 2016, I express some of my thoughts about information governance, and how Box is approaching it. For those of you interested in ECM, cloud, and information governance, Boxworks 2017 is coming up in October. You should go. Maybe I’ll see you there.
If you love the video so much that you want your very own copy, you can download it right over here.
Whether we like it or not, we’re storing more and more content in the cloud, and that content needs to be governed. Here are some things that I think about and talk about with clients when they are getting started with Information Governance (reg req’d):
- To paraphrase Ann Cavoukian – You can outsource your data but you can’t outsource responsibility. All of the rules and regulations that applied to your content in your data center still apply. If something goes wrong you are still, ultimately, responsible. You may or may not have company in court or jail.
- Content in the cloud is likely more secure than content in your data center. Remember all those breaches that were so widely publicized? Well, most of them happened to corporate data centres. Companies whose business is storing other companies’ data haver better tools and resources to secure data than you do; it’s their job.
- To be effective, managing and governing content in the cloud needs a modern, simplified approach. Trying to manage content like it’s paper or stored in on-premises repositories just isn’t going to work. You chose cloud content management because it’s a better, modern experience for your users, governing your info can’t break that.
- FOCUS ON THE VALUE OF YOUR INFORMATION. IF YOUR ENTIRE APPROACH TO GOVERNING INFORMATION IS BASED ON MINIMIZING RISK (LITIGATION, LEAKS, ETC.), YOU ARE NEVER GOING TO BE ABLE TO FOCUS ON LEVERAGING THE VALUE OF YOUR INFORMATION ASSETS. IT’S THE VALUE THAT’S GOING TO ENABLE YOU TO INNOVATE AND TRANSFORM YOUR BUSINESS. (colour and bolding as requested by a loyal reader – thanks, Dan)
- Start Something. Anything. Sitting around navel gazing is going to result in you being crushed. Pick something small, easy, and safe, but with tangible benefits and get going. You don’t need to have everything planned and analyzed to get started; you just need to have enough thought out to allow you to get moving. Remember, some governance is better than no governance.
- BONUS THOUGHT – Your information governance doesn’t need to be perfect, it merely needs to be good enough to get the job done and to allow you to meet your obligations.
This Box whitepaper (reg req’d) provides some additional thoughts about Information Governance for cloud-stored content, as well as details about how Box is tackling some of the necessary functionality. We (Box and I) would love to chat with you about Cloud IG. And as always, I’d love your feedback about this post and the paper.
 Ann Cavoukian is the former Privacy Commissioner for Ontario (1997 – 2014) and is currently the Executive Director of the Privacy and Big Data Institute at Ryerson University.
Two key changes from last year really made me happy:
- Box’s enterprise customers (at least the ones on the panel during the analyst event) are calling Box content management (advanced content management, even);
- Box is unequivocally stating that Platform is the base upon which the Box application is built – they weren’t so clear about that last year.
On a personal level, the first of those makes me the happiest because, along with Cheryl McKinnon of Forrester (my reaction to Box’s inclusion in the Forrest Wave), I was the first analyst / person-who-should-know type that came out and unabashedly called Box an Enterprise Content Management vendor. Here’s my post from June 2015 when I first called Box ECM (you can also get to the whitepaper I wrote on the topic via that post). Whatever. I’m just happy and gratified that Box is finally being seen as what they are. I’m guessing they’re pretty pleased about it as well.
Remember in this post I included a footnote stating that BoxWorks could be a better Information Management / Governance conference than the AIIM conference (I didn’t even mention that records management conference or organization)? Yeah, nothing took place at BoxWorks that made me change my mind.
On to my thoughts about the conference happenings … I’m not going to recap all the announcements; they’re available on the Box site over here and elsewhere on the web and on Box’s site. There were a bunch of announcements about making Box more usable, intuitive, and user friendly, but they didn’t tell me that Box Capture for Android is coming. Box Desktop, Files, and Notes are much needed improvements that are coming, and will make for a much better user (yeah, I said “user”) experience.
If I’ve got this all right, Box Platform can serve up Relay (workflow) and Governance (governance), as well as versioning and all the other mundane content management stuff as a service. While that’s very cool and all, what I really find exciting is that there is a growing ecosystem of partners / developers that include companies like Cognizant, as well as in-house IT shops, ISV’s, and small niche / boutique app developers. The potential implications are pretty cool for all the stakeholders. For example – during his session at the analyst event, Jeetu Patel (heads up Platform and Strategy for Box and is a really nice guy) mentioned that: A – all companies are becoming digital companies (glad he gave up using all companies are becoming SW companies), and; 2 – there’s no templates for digital transformation (I am summarizing). So it seems that there is an opportunity for Box to do for digital transformation on an industry basis what SAP did for ERP on an industry basis. Between in-built capabilities and partnerships, Box has the beginnings of being able to build content-centric digital transformation on-ramps / roadmaps / whateveryouwanttocallthem. The Perkins+Will demo was really cool and a harbinger of what is possible.
What’s really cool and significant is that, if the implementation gets done properly, that whole thing about putting governance in the background and letting users just focus on their jobs will actually happen.
There’s also some other stuff happening with Platform and the application that, if done correctly, could make the whole auto-classification thing a reality. There are other ECM providers that have been working on it for years, to very little uptake. What’s happening, I believe, is that Box is trying to solve the same problems, but in a different way.
One of the product managers told me something to the effect that she was talking to her team and they were telling her they knew nothing about Information Management or Governance. She responded by telling them that they were actually delivering it. There’s a whole bunch more detail, but that’s actually a very cool story. It’s possible because Platform takes care of it in the back end.
Regardless of the size of a company, if they operate in a regulated industry they have to comply with the relevant regulations and legislation. At the same time, if you’re one of the smaller players you likely need to do more with less and can’t afford dedicated compliance solutions. Where Box fits is that they don’t know how to do it the legacy way, and this is a very good thing.
During the customer panel at the analyst session, one of the customers, in a highly regulated industry, was lamenting that they could not use Box for some of their controlled documents. The issue is that Box brings out new stuff too fast and the regulators and legislators simply cannot keep pace. That just sucks.
I asked Aaron Levie something along the lines of “do you think that current legislation and regulations hamper your ability to innovate?” I liked that he acknowledged that it’s the customers, not Box, that are actually being hampered. Box’s approach is to innovate to the spirit of the legislation or regulation, rather than to the letter. I.e.: they’ll satisfy the what, but the how may look a little different.
Odds ‘n’ Enns
- One of the most interesting, to me, integrations I saw at the conference had to do with SAP (apparently you don’t pronounce it “sap”). There’s this company based in Calgary, Alberta, Canada that effectively does for Box-SAP what OpenText Extended ECM does for OT-SAP. I don’t know a ton about it yet, but it is something I will be looking into and getting more familiar with. The fact that the folks at e-Wave Solutions have put effort into building a Box-SAP integration in addition to their Filenet-SAP integration (I think I have that right) is significant. They’re not just chucking up content that’s relevant to stuff happening in SAP. No, they’re doing it in an intelligent way that leverages / manages metadata and preserves the integrity of the “records”. That’s kinda cool. Like I said, I’ll be looking into this a bit more.
- One of the really good things about being an analyst at an event like BoxWorks is that you get one-on-one time with some key people at Box. The normal scenario is the analyst asks questions and the company person answers them. What I love about the people at Box is that we both get to ask questions and have an open, frank discussion.
- Thanks to the Box Governance Product Marketing people (thanks, Veena!!!) for inviting me to share some of my thoughts on Box Governance.
- Thanks to Aaron Levie for taking the time to come and chat with us analysts. I’m a bit of a sceptic at times, and I sometimes wonder if certain tech CEO’s are putting on a show for analysts, the press, prospects, etc. After sitting less than thirty feet from him and being able to look into his eyes, I’m pretty certain that Aaron Levie truly believes in what he and the rest of Box are doing.
- Lastly, a huge thank you to Joely, Signe, and Megan for making the analyst day and, especially, the analyst dinner truly excellent. The whole idea of going to a chef’s residence and having a home made meal in a more intimate setting … loved it.
- That pic is what greeted us as we walked into the chef’s home. There were leftovers.
The one thing that I didn’t hear anything about is a service organization that can make it (all this next generation ECMness) happen (Box Shuttle aside). I still believe that without the right services capabilities, things will not progress as smoothly as they could. Overall I’m pleased about Box’s progress over the last 12 months. You could even say I’m optimistic and excited for what they can achieve and change about ECM in the future. The recently announced OpenText acquisition of Dell EMC ECD (ya know, Documentum and LEAP) just made Box a more attractive option for ECM buyers. As one industry analyst type mentioned, it’s a changing of the guard in the ECM space. Among others, Box is leading the charge. Not to say I told ya so, but I told ya so.
What follows in this post is pure fantasy and speculation, directly out of my head. Or not.
Over the past few weeks I’ve been talking to vendors and some end user types about Information-Governance-as-a-Service (IGaaS). Forget for a moment that no one vendor does all aspects of IG, or that there’s not even a universally accepted definition of IG. Focus instead on the lighter touch that’s required today when so many enterprise tools are required to have a consumer experience about them. Also think about Content-as-a-Service (CaaS, defined here) and what that means for building the apps needed to work with, manage, and govern content.
To save time, let’s get the fawning out of the way:
- Box – I am unashamedly and unabashedly a fan;
- Egnyte – see Box. I’m not getting into what Egnyte announced in this blog as there are plenty of great summaries around the web, including Egnyte’s site;
- GlassIG – more quietly, but see Egnyte.
Pay attention to all three of those companies if you are remotely interested in Information Governance and/or Management. There are other companies that I think are pretty damn good, but when it comes to managing and governing content in cloud or hybrid environments, these are my three. Oracle Web Center Content would be my go to for on-premises ECM (w/some nascent cloud capabilities like file syncing).
When I mentioned to someone at Egnyte a while back that if they added governance to what they already had they could absolutely kill things, I wasn’t thinking about what came out in Egnyte Protect, announced earlier yesterday (June 7,2016). I was thinking more about things that the AIIM and ARMA crowds, especially ARMA, would consider governance. You know, stuff like retention management, legal holds, classification … all that records management-y goodness.
So, even though I was a little, initially, underwhelmed with what Egnyte did release, I sat back and thought that it’s not necessarily a bad thing. What was released is good and what’s coming up is good. Without getting too deep into the weeds, let me paint a little picture for you …
Let’s pretend, for the sake of discussion, that my organization just went out and procured Box as a content management platform. Let’s also pretend that I’ve got stuff stored in SharePoint and network drives, and that in addition to the standard security stuff, I also have to deal with internal policies and external regulatory requirements, a lawsuit or two, some retention requirements, …, you know, a bunch of IG stuff. Let’s also pretend that I want to monitor who’s doing what with content to determine its effectiveness. In other words, let’s say I need to manage and govern content like it’s 1999, but my content isn’t all paper or in one convenient spot that’s on my infrastructure. My point is, the what of what we need to do hasn’t really changed all that much; why, and especially how, have. Ideally, I want to, as much as possible, centralize policies and controls. Enter my IG Mirepoix (yeah, I just made that up) …
In order to meet the requirements outlined above, one could go to each of the individual repositories and do what’s necessary, hoping that things stay in sync and no one ever forgets to do anything in any of the repositories. Even if all that happened, there’s still nothing in place to handle any of the records management, legal hold, and discovery functionality needed. Note to self – go buy more software that needs to be installed, configured, and maintained. Or …
Deploy Egnyte Protect to handle my security and analytics across all the in-scope repositories; deploy GlassIG to handle the records management and related functions. The fact that two tools are needed is not an issue as the tools will be used by different roles in the organization.
I know mega-suites were all the rage for a while, but look what happened. I like the approach outlined above because it’s a best of breed approach. Each tool gets used for the stuff it’s best at. There are areas of overlap between Egnyte Protect and Box, and between GlassIG and Egnyte Protect, but it’s using the three tools as complementary technologies that, I believe, provides the greatest overall value to organizations.
Last week the Information Coalition hosted an InfoChat. During the chat a question was asked about who the most important stakeholders in Information Governance projects are. I answered that I don’t believe in InfoGov projects.
Instead of writing a whole post about why I don’t believe in InfoGov projects I thought I’d give you all a break and, instead of reading my stuff, let you see and listen to me. 🙂
Anyway … my thoughts …
So Box came out and announced Box Governance this week. For those of you thinking that Box is just one of the surfeit of file sharing providers on the planet, think again. Box has been steadfast in stating that they are providing content management and this week’s announcement is further proof of that.
Box Governance provides three important capabilities: 1) Retention Management; 2) Content Security Policies (really should have something about “sensitive information” in the name); 3) Defensible eDiscovery. While having these capabilities available is in and of itself a major step forward, it’s also important to note that organizations that choose to deploy Box can now claim compliance with a number of government and industry regulations and standards (e.g.: PII, FINRA, SOX, SEC 17a-4). However, the most important thing about this announcement, in my opinion, is that it serves to remove additional barriers to including Box in the conversation when talking about Enterprise Content Management vendors (pay attention Gartner, Forrester, IDC, et al). Coupled with Box’s Enterprise Key Management (my post on the topic) announcement earlier this year, organizations relying on FUD (Fear, Uncertainty, Doubt) to exclude Box from consideration are losing rationale for doing so. Security and information governance are what separates true managed content from just another shared drive, and Box has them. Bleat all you want about cloud not being secure and cloud content repositories being unmanaged messes, it’s not working anymore.
Since BoxWorks last September (my thoughts) Box has made a number of feature additions, announcements, integrations, and alliances that are moving it closer to being able to deliver the right balance of System of Record and System of Engagement. At this point it’s still a little ugly and cumbersome for administrators to configure the backend to deliver the various governance, workflow, and security bits to work properly, but that’s what the team at Box Consulting is paid to help with. Those paid to worry about security, legal, regulatory, and audit have less to worry about now than a few months ago. From a content consumer/contributor perspective it’s all pretty slick and that’s what it’s all about.
It’s no coincidence that a white paper I wrote for Digital Clarity Group was released yesterday. The paper is about the next generation of ECM (#ECMnext) and how Enterprise File Sync and Share (EFSS) platforms will provide it. We’d (Box, DCG, me) love to get your thoughts on the paper. Feel free to reach out to any of us (you can reach me via email at email@example.com as I am no longer with DCG) to rant or rave. There’s no data collection, fees, marketing gates or other intrusive nonsense to get the paper, so download The Next Generation of Enterprise Content Management to your heart’s content.
Regardless of what you’ve been hearing, Enterprise Content Management (ECM) is not dead. For years ECM has been harangued as being overly cumbersome, overly expensive, overly difficult, and underwhelming when it came to delivering benefits. That’s all about to change…
The manner in which ECM is delivered is going to change. Taking a cue from what consumers have come to expect in terms of the technology they use for personal reasons, a subset of Enterprise File Sync and Share (EFSS) vendors, led by Box, are emerging as purveyors of ECMnext – the next generation of Enterprise Content Management platforms. The focus is on how and why people create, consume, and share content, supported by a foundation that provides the security and governance required in today’s digital business environment.
This whitepaper explores the short-comings of legacy ECM platforms, and how ECMnext vendors can step up and deliver what we’ve wanted out of ECM all along. While there’s still a ways to go for ECMnext platforms to be able to completely replace legacy ECM platforms, the basic building blocks are in place and the roadmaps are pointing in the right direction.
You can download the whitepaper directly from here.
If you need a little more evidence that ECM is changing, take a look at Box’s announcement about their governance functionality: Introducing Box Governance – Delivering Control and Compliance in the Cloud.
This is the second case study type thing I’m trying. It’ll likely be the last for a while as I have nothing left that I can publish without getting sued. Ah, the joys of being an independent consultant. Anyways …
This case study has to do with the project referenced in the two posts linked below. You may want to read them to get a better overall view of the project :
The document I’m sharing is part of a set of four docs that were delivered to the client. The purpose of each document is explained in the case study document.
The client in the case study builds electricity infrastructure; they are heavily regulated. They took the decision a while back to use SharePoint as their ECM pillar (though they don’t really know what ECM is). They also don’t have an Information Management strategy, nor any type of dedicated information governance structure. Though they rely heavily on information, and generate tons of intellectual property, they don’t do much about treating information as an asset. As far as they are concerned, information is IT’s problem and the business is just a client.
I was working as a subcontractor with ARC Business Solutions on this project. One of the key contributors to the project and the document was Chris Riley. You can follow Chris on Twitter at https://twitter.com/HoardingInfo. We knew early on in the project that the client was in ECM trouble and needed help. Though not part of the project mandate we wrote the docs up anyway (No. We didn’t bill the client extra.).
Without further ado … click the link and check it out: Managing Information at client name.
Feedback is appreciated.
The image in this post is my first attempt at visually representing the Principles of Holistic Information Governance. Click on it for the original PHIGs post and a larger version of the image.
Chris Riley, along with Shadrach White, is a co-author of Enterprise Content Management with Microsoft SharePoint.
When Gartner came out with their Magic Quadrant for Enterprise File Sync and Share (EFSS) back in July 2014 I laughed a little because I find the idea of an EFSS market, well, laughable. Yes, I know they put in a whole bunch of stuff about what could or should be part of the market, but boiled down it seemed to me that EFSS per Gartner is little more than the old Microsoft Briefcase. I.e.: a feature of a larger solution. Let’s face it; EFSS is little more than email and consumer grade cloud storage. One of the names that’s been bandied about to replace EFSS is ECC – Enterprise Content Collaboration. I don’t like it very much, either.
If I were Box, EMC, Alfresco and most of the other vendors on the MQ I’d be more than a little irked. Most of the vendors have invested heavily, organically or via acquisitions (sometimes both), to come up with some pretty cool and innovative solutions (not products) that allow people on both sides of the firewall to work together. These solutions allow organizations to impose various levels of automation, governance, and security to critical content. Being categorized as a File Sync and Share provider is frankly insulting. I find it insulting to the vendors as well as the customers.
Some of the vendors have been more successful than others, but I don’t think it’s germane at this point to come up with a list of winners and losers as the market (whatever its true name ought to be) is still fairly nascent. At most we’ll be able to make some guesses as to who will survive intact for the next few years and who won’t. Depending on the original exit strategy, being acquired is a perfectly valid form of survival. Will success of the wrongly-labelled EFSS players be measured against the same metrics that are currently being used for the incumbent (some would say legacy) Enterprise Content Management (ECM) players? Why would I even bring this up?
The Gartner Magic Quadrant for Enterprise File Synchronization and Sharing is available from Gartner as well as from some of the mentioned vendors including Syncplicity, Box, Alfresco, and Citrix.
Note: For what it’s worth OpenText should have been included in the MQ, based on Tempo Box, which I used when I was working there. As for what’s coming up from OpenText, I’m looking forward to seeing what OpenText Core is all about.
If you look at the MQ, some of the players are ECM incumbents (Microsoft, IBM, EMC, Alfresco), which is another reason why I find the EFSS market and associated MQ a bit of a giggle. In all but a few scenarios the ECM incumbents are competing not only against the new entrants and upstarts, but they are competing against themselves. For all practical purposes, some of the new players can provide solutions every bit as capable of meeting functional requirements as the incumbents, but with much better experiences. Sure, they’ll have to collaborate and form alliances with other vendors, but how is that really any different than what’s going on today? Where ECM currently has an advantage over the new players is in ultra-regulated environments for certain business processes. That, however, will change as the tools improve, as legislation changes, and as purchasing organizations see the FUD (Fear / Uncertainty / Doubt) for what it really is.
I recently completed an ECM assessment for a Canadian university; they asked me to assess why Alfresco wasn’t as successful as they’d anticipated (it wasn’t Alfresco’s fault – please read You Are the Problem for some details). They asked that I recommend that they either press on with Alfresco or dump it and go with SharePoint. When I brought up the option of using a cloud solution they were adamant that this was something they did not want to do. The reason they gave was based entirely on FUD, lack of understanding of current day realities, and lack of understanding of what their users (internal and external) want and need. So I included an appendix putting forward a solution based on one of the MQ’s upper right vendors. That vendor is perfectly capable of meeting the university’s requirements on all fronts.
As a consultant it’s my job to not only deliver what my clients pay me to deliver, it’s also my job to educate them and to present alternatives that they may not necessarily be thinking about. In the case of the university, a cloud based solution based on a platform provided by one of the vendors in the MQ is perfectly viable, despite my client’s prejudices.
When it comes to Box and others in the (to be renamed) EFSS market, we’re not far from the point where they can punt the incumbent ECM vendors to the curb. They’ve got some solid foundations in place and a pretty decent roadmap for the future. How the various players build on their foundations is going to depend on what they see as their core strengths and where they see the most potential. Box is taking a platform approach, Dropbox is pinning its future on Microsoft, and Huddle is focussed on collaboration. The others all have game plans that include features and functions and deployment options. I’m fairly certain that all the players are going to find their fit, but it’s not going to be EFSS. EFSS is purely table stakes, as others have said. I think we’re going to see fragmentation in the market sooner rather than later. I think we’re going to see more and more occasions where someone does what I did and puts one of the (for now) EFSS players up as an alternative to ECM incumbents. What I’m really looking forward to seeing is when/if the ECM incumbents actually change their game, not just add features, to keep up with the times. I suspect it’ll happen later rather than sooner.
A lot of people and companies, me included, have been going on about Information Governance (IG) for a while now. In a previous post I wrote about ECM not living up to its promises and being supplanted by Information Governance. What does this have to do with the space that isn’t EFSS? I’m glad you asked …
I attended BoxWorks in September 2014 (my thoughts, if you’re interested) and I’ve also been pretty interested in the whole not-EFSS space for a while; I’ve concluded that Box and some others are going to supplant the legacy ECM vendors even as ECM transitions to being a collection of functions required to deliver IG. Between the vendors that provide the core platform and 3rd parties that provide additional functionality, I’m fairly certain that most of what’s defined as IG activities and technologies could be provided. Take a look at the two graphics below; the first represents the facets of IG and the 2nd represents the various technologies that make up IG.
Think about the various players in the un-EFSS market. How many of the facets (activities) in the above graphic could be handled by those players or their partners? Don’t worry about whether or not you agree or don’t that all the facets belong under IG; choose the ones that matter to your organization.
Of the technology categories in the above graphic, how many could warrant inclusion, to at least some degree, of not-EFSS players and their 3rd party partners?
The two graphics above were produced by the Information Governance Initiative, in their inaugural Annual Report. Their inclusion here does not mean that I necessarily agree with what’s in the graphics or in the report, though I do recommend reading it (get it here, free subscription required).
There are going to be some EFSS vendors (e.g.: https://www.sync.com/ – not included in the Gartner MQ) that are going to be pure play EFSS vendors, and that’s cool for them and customers that want that level of functionality. However, for most of those mentioned in the MQ the EFSS part of what they do is truly table stakes, to borrow a phrase. If I take a look at Box, Alfresco, Microsoft, EMC, OpenText (I am including them even though Gartner forgot to), etc., what they’re really providing is part infrastructure and part platform. Labelling them as EFSS makes about as much sense as calling SAP accounting software and lumping them in with Quicken.
It’s the infrastructure and platform pieces that set Box, Alfresco, Microsoft, EMC, OpenText, et al apart from the true EFSS players. With the pure EFSS players what you get is what you get, that’s it. With the EFSS+ players (I just made that up) what you get is foundational. What you do with that foundation is up to you and the potential will increase as the players mature. As much as organizations have built their information governance and management strategies around legacy ECM platforms, they’ll be able to do the same with EFSS+ platforms.
in this podcast Connie Moore and I discuss the EFSS market, as well as ECM. Brought to you by Digital Clarity Group. http://www.digitalclaritygroup.com/dcg-podcasts-efss/
I originally posted this back in November 2011. A lot has changed since then, but there’s also a lot that hasn’t. One of the biggest things that’s changed is that Enterprise File Sync and Share (EFSS) has gained a ton of legitimacy over the last little while.
I’m reposting this for a couple of reasons: 1) There’s much in the post that is still relevant; 2) I’ll be posting something in early January that’s related and want to use this post as a kind of introduction.
I debated whether or not I should edit the original post but decided against it. I’ve simply added some comments where I felt they were necessary to clarify things, likely as much for me as for you.
I’m not an expert on cloud computing, I’m just some guy that likes to be able to access the content I need to do my work, from wherever I happen to be, using whatever device I feel like using at the moment. Take this post, for example; it was written on a laptop and a tablet, in a dining room and a swimming pool (not really in the pool since my tablet isn’t waterproof though that would be mega-cool).
I agree with Billy Cripe’s thoughts that Agile can (ought to) be applied in the development of cloud based ECM solutions. However, as Billy correctly states, “Managing content is not the goal of most businesses.” Most businesses exist to make money by providing products and/or services that consumers want. Businesses rely on information in order to get their stuff done, whatever their stuff is. In order to fully exploit information, the tools (i.e.: information stores) that the businesses rely on need to be connected to each other (so do the people – the tools need to facilitate this). Content / information management tools (cloud or not) need to be part of bigger picture business solutions. We need to build solutions that deliver “I need to share this” in the context of why it needs to be shared (answer why you need to share and you’ll likely figure out who and what).
Re-reading this now it seems as of the above is meant to imply that the topic is legacy ECM systems. That may have been true originally, but it’s not now. I’m really looking at this in terms of anywhere that content can be stored.
No sane person can argue the value and validity of the cloud. Except me. I’m not daft enough to think that cloud computing doesn’t have value or is not a valid approach to take. However, I do think that we’re not going to realize the full potential of the cloud (and by extension, content) if we simply limit its scope to content management. Yeah, I know that there are other things that are done in the cloud, such as CRM, payroll, and accounting.
We’ve gotten to the point where there really is no need to keep much on premises anymore.
When I refer to “cloud” I am referring to more than just the data centre, if that’s not obvious.
Content Wherever I Am
One of the cool things about content in the cloud is that my content is wherever I am. (Okay, so it’s not really my content, it’s my organization’s content.) That’s not the point, though. The point is that I can work with content wherever I happen to be, using whatever device I choose. This does assume that the chosen content repository is able to be synched appropriately. Wouldn’t it be cool, though, that if in addition to being able to work with the content and share it with collaborators (the work variety, not the WWII Nazi variety) the content could also be appropriately tagged, filed, and placed under retention at the point that I plunk it into the repository? I.e.: Cloud repositories need to become extensions of ECM and ERM systems, probably through federation.
So the whole thing about federation is a little off. This really should be thought of as centralized policy administration and enforcement.
Correctly Connecting Corporate Content
Content is spread throughout an organization; cloudification just increases the spread. When I say content, I mean anything that is stored on digital media that serves any legitimate business activity. (For obvious reasons I am excluding physical content.) A key to widespread cloud acceptance is to be to able access / leverage content in order to execute a business activity, regardless of where the various pieces of content reside. An agent in a social services organization should not have to know or care that a citizen’s information is spread over a number of repositories that could be on-premises, in a private cloud, and in a public cloud. The agent is there to service the needs of the citizen, not to figure out some (likely) convoluted architecture just to try and find stuff.
CMIS is a step in the right direction, but where CMIS falls short is that it doesn’t address non-CMS (think ECM) repositories. What we need is something that allows connecting everything that we need, when we need it. Device and location should not be factors. In fact, the only thing that a user should worry about is whether or not they have the right content to do the job. Governance, classification, and security ought to be just taken care of.
If the scope opens up to include non-ECM tools, how much of a factor is CMIS? Look at what’s happening in the broader EFSS space with open standards and open API’s.
Speaking of Governance…
Until the governance issues get sorted, I doubt very much that we’ll see widespread adoption of public cloud services. Smaller organizations, organizations with lax regulatory / privacy regulations, and organizations that can bully providers into rock-solid SLA’s may be able to go full public cloud, but I doubt they will. I think the reality is that organizations will end up having hybrid environments of cloud and on-premises.
When I say governance I am not only referring to the poo that legislators, regulators and litigators throw in our way. Governance needs to address issues such as:
- what can / should be stored in the cloud
- service level agreements
- disaster recovery / business continuity
- classification / categorization
- retention & disposition (thanks to @JamesLappin & @AlanPelzSharpe for bringing this up)
Governance of cloud content has to deal with all of the things that we need to deal with for on-premises stored content, with the added complication that we also have to deal with where the damn box is and if some foreign government can get at it whenever they bloody well feel like it. Canada’s Anti-terrorism Act and the United States’ PATRIOT Act are not going to be very helpful in encouraging organizations to move to the cloud in a big way.
With so many employees using consumer devices and consumer services it’s better to accept the potential peek from the government than it is to continue to deny things and have content out in the wild.
- Hybrid (cloud / on-premises) will be in the majority
- Governance (internally & externally imposed) has to be figured out
- Integration / interoperability are critical
- Privacy concerns and government snooping are major inhibitors (@ron_miller wrote a pretty good piece about this)
- If we’re not careful we’ll just move the mess from our hard drives to someone else’s
- Some Systems of Record will end up in the cloud, if they’re not already there
- Services are where it’s at
I couldn’t decide which song I wanted to use for this post, so you’re getting three:
A couple definitions for those that think it should be “on-premise”
I finished reading this article from CMS Wire (I don’t mean I actually read the whole article) and it got me thinking …
Between that article, others I’ve read, and some of the projects I’ve been working on this year, this whole ECM thing is a total crock. The vendors, the consultants, the analysts, and the professional bodies are conspiring against the customers and themselves to prevent success (what defines success on a quarter by quarter basis beggars belief).
“We just bought an ECM and we’re not sure what to do with it.” is something one of my clients said to me earlier this year. Actually, a variant of that statement is something I’ve been hearing ever since I got involved with ECM. So clients don’t really know what they’re doing. Right? Sort of.
Clients have been listening to those of us who make our livings by “doing ECM” for far too long. Vendors sell licenses and get compensated on how things went over a fiscal quarter, plus the annual support and maintenance fees. The fact that less than half of the licenses purchased have actually been deployed means bugger all. Consultants (I’m one, BTW) come in and develop all sorts of strategies to help manage or govern information (they’re not the same thing) without any stake in what goes on after the engagement is over. Analysts, many of whom are paid by vendors and service providers, come up with all sorts of nifty schemes for scoring offerings and invent new sectors. Professional associations put on marvelous conferences where you get to listen to prognostications from vendors, consultants, and analysts that further … the agendas of vendors, consultants, analysts, and professional associations.
I don’t for a minute mean to imply that there is any malice intended in any of this; there likely isn’t. The problem is that we’re in a vicious cycle that we created. We’re all afraid to step back and admit that we ballsed it up, big time. ECM was a good idea at the time. Times have changed, sunshine. ECM is dead (assumes that it was actually alive in the first place) and has been replaced by Information Governance (IG) (which is not a synonym for records management, as a certain professional organization would have you believe). The promise of IG is … I don’t know what the promise is; there’s a bunch of marketing departments out there that will let you know. As far as I can tell IG is ECM with some Big Data, ediscovery, and analytics stuff thrown in (yeah, I’m simplifying); as my dad used to say, “Same shit, different day.”
Despite the changes over the last few years, the stuff I want to see is still the exception; getting value out of information and solving business problems. In a recent client engagement the client told me that they wanted to move HR documents into SharePoint. Why? Because, SP is our ECM pillar. What’ll you do with the docs once they’re in SP? What do you mean?
The above snippet is an example of ECM gone wrong. Move your stuff into a managed repository as a replacement for shared drives. Holy Crap!!! The vendors dig this stuff. The consultants love figuring out a migration strategy. The analysts love another data point. The professional associations love another case study. The client loves … well they love nothing because they’re not getting any real value other than ticking a checkbox.
Who the hell manages information for the sake of managing information? Don’t you want something that leverages information to create value? What if someone just said that there’s a bunch of stuff they need to do that relies on information and that they need to secure that information? What if they could do that without running out and financing some account exec’s BMW or Caribbean vacation?
I’m not suggesting that organizations not buy ECM related software and services. I’m just suggesting that before they do they actually figure out what the end game is and what they’re missing to achieve it. The longer I stay in this game the more I’m certain that achieving ECM-ness is really a matter of processes and will, rather than spending tons on software licenses.
If an organization doesn’t have the processes and will to get their information under control and leverage it, spending butt-loads on software will get them nowhere. If they do have the processes and will, they’ll be able to make stuff happen without the big spend (they’ll likely have to spend some coin, but not what you’d think – integration is wonderful).
Which brings me to …
Cloud. Oh yes! Cloud services are here to stay and we need to figure out how to make them work within all the rules and constraints that apply to us. Jamming our fingers in our ears and ignoring things is not going to work. Going forward, cloud services and mobile devices are part of the mix. We better dump the outdated ECM model and wise up to the fact that the model has changed (for the better, IMO). Cloud services and consumer devices are going to be the norm, but they are not going to be the only thing. There will, for the foreseeable future, also be on premises components. The key is going to be to stop thinking about the enterprise. Really, it is. Any organization is an agglomeration of businesses, each with their own needs in terms of information, governance, processes, tools, etc. Why then go for an enterprise play? Solve stuff one business at a time, one opportunity at a time. Connect the dots as you move along.
Industry research has shown over and over that organizations run multiple content repositories from multiple vendors. They run them for different purposes driven by different factors. What makes any vendor, cloud or otherwise, think that this is going to change? I actually think the vendors secretly agree, but it makes for crappy marketing to say it out loud.
Organizations are hybrids of various businesses. Why can’t this industry understand, then, that managing content requires a hybrid approach? I don’t think this is going to change anytime soon.
Claims processing, mortgage approvals, patient diagnoses, learning material production, repair manuals, safety procedures, employee onboarding … tell me how to make these things better, cheaper, easier, and more efficient, without compromising confidentiality and privacy. Tell me how I can execute these things wherever I or my colleagues happen to be. Tell me how your stuff is gonna work with stuff I already have to make this happen. Don’t tell me that I need to buy 3,000 seats of something and you’ll build me something.
Bottom line … make the customer the center of your universe. Focus on what the customer sees as value. The proportion of organizations that operate purely on fear and risk is pretty small compared to organizations that need to focus on value. Focus on selling me something and I won’t sign anything until the last day of the fiscal quarter; I used to work for a couple of vendors, I know how the game works.
Here’s a couple things you ought to read:
- Joe Shepley wrote this piece in late November; heed his words and you will actually accomplish something.
- Chris Riley wrote this earlier this week; he’s as fed up as I am. Maybe a little more.
To wrap things up:
- ECM isn’t
- Policies, people, and procedure are way more important than tools
- Offence (value) before defence (risk)
- Cloud and on-premises are like wine and cheese; better together but don’t always smell so good and sometimes give you a headache
- Information is like wine; better when shared. But share according to who’s got a palate refined enough to appreciate it.