Whether we like it or not, we’re storing more and more content in the cloud, and that content needs to be governed. Here are some things that I think about and talk about with clients when they are getting started with Information Governance (reg req’d):
- To paraphrase Ann Cavoukian – You can outsource your data but you can’t outsource responsibility. All of the rules and regulations that applied to your content in your data center still apply. If something goes wrong you are still, ultimately, responsible. You may or may not have company in court or jail.
- Content in the cloud is likely more secure than content in your data center. Remember all those breaches that were so widely publicized? Well, most of them happened to corporate data centres. Companies whose business is storing other companies’ data haver better tools and resources to secure data than you do; it’s their job.
- To be effective, managing and governing content in the cloud needs a modern, simplified approach. Trying to manage content like it’s paper or stored in on-premises repositories just isn’t going to work. You chose cloud content management because it’s a better, modern experience for your users, governing your info can’t break that.
- FOCUS ON THE VALUE OF YOUR INFORMATION. IF YOUR ENTIRE APPROACH TO GOVERNING INFORMATION IS BASED ON MINIMIZING RISK (LITIGATION, LEAKS, ETC.), YOU ARE NEVER GOING TO BE ABLE TO FOCUS ON LEVERAGING THE VALUE OF YOUR INFORMATION ASSETS. IT’S THE VALUE THAT’S GOING TO ENABLE YOU TO INNOVATE AND TRANSFORM YOUR BUSINESS. (colour and bolding as requested by a loyal reader – thanks, Dan)
- Start Something. Anything. Sitting around navel gazing is going to result in you being crushed. Pick something small, easy, and safe, but with tangible benefits and get going. You don’t need to have everything planned and analyzed to get started; you just need to have enough thought out to allow you to get moving. Remember, some governance is better than no governance.
- BONUS THOUGHT – Your information governance doesn’t need to be perfect, it merely needs to be good enough to get the job done and to allow you to meet your obligations.
This Box whitepaper (reg req’d) provides some additional thoughts about Information Governance for cloud-stored content, as well as details about how Box is tackling some of the necessary functionality. We (Box and I) would love to chat with you about Cloud IG. And as always, I’d love your feedback about this post and the paper.
 Ann Cavoukian is the former Privacy Commissioner for Ontario (1997 – 2014) and is currently the Executive Director of the Privacy and Big Data Institute at Ryerson University.
Two key changes from last year really made me happy:
- Box’s enterprise customers (at least the ones on the panel during the analyst event) are calling Box content management (advanced content management, even);
- Box is unequivocally stating that Platform is the base upon which the Box application is built – they weren’t so clear about that last year.
On a personal level, the first of those makes me the happiest because, along with Cheryl McKinnon of Forrester (my reaction to Box’s inclusion in the Forrest Wave), I was the first analyst / person-who-should-know type that came out and unabashedly called Box an Enterprise Content Management vendor. Here’s my post from June 2015 when I first called Box ECM (you can also get to the whitepaper I wrote on the topic via that post). Whatever. I’m just happy and gratified that Box is finally being seen as what they are. I’m guessing they’re pretty pleased about it as well.
Remember in this post I included a footnote stating that BoxWorks could be a better Information Management / Governance conference than the AIIM conference (I didn’t even mention that records management conference or organization)? Yeah, nothing took place at BoxWorks that made me change my mind.
On to my thoughts about the conference happenings … I’m not going to recap all the announcements; they’re available on the Box site over here and elsewhere on the web and on Box’s site. There were a bunch of announcements about making Box more usable, intuitive, and user friendly, but they didn’t tell me that Box Capture for Android is coming. Box Desktop, Files, and Notes are much needed improvements that are coming, and will make for a much better user (yeah, I said “user”) experience.
If I’ve got this all right, Box Platform can serve up Relay (workflow) and Governance (governance), as well as versioning and all the other mundane content management stuff as a service. While that’s very cool and all, what I really find exciting is that there is a growing ecosystem of partners / developers that include companies like Cognizant, as well as in-house IT shops, ISV’s, and small niche / boutique app developers. The potential implications are pretty cool for all the stakeholders. For example – during his session at the analyst event, Jeetu Patel (heads up Platform and Strategy for Box and is a really nice guy) mentioned that: A – all companies are becoming digital companies (glad he gave up using all companies are becoming SW companies), and; 2 – there’s no templates for digital transformation (I am summarizing). So it seems that there is an opportunity for Box to do for digital transformation on an industry basis what SAP did for ERP on an industry basis. Between in-built capabilities and partnerships, Box has the beginnings of being able to build content-centric digital transformation on-ramps / roadmaps / whateveryouwanttocallthem. The Perkins+Will demo was really cool and a harbinger of what is possible.
What’s really cool and significant is that, if the implementation gets done properly, that whole thing about putting governance in the background and letting users just focus on their jobs will actually happen.
There’s also some other stuff happening with Platform and the application that, if done correctly, could make the whole auto-classification thing a reality. There are other ECM providers that have been working on it for years, to very little uptake. What’s happening, I believe, is that Box is trying to solve the same problems, but in a different way.
One of the product managers told me something to the effect that she was talking to her team and they were telling her they knew nothing about Information Management or Governance. She responded by telling them that they were actually delivering it. There’s a whole bunch more detail, but that’s actually a very cool story. It’s possible because Platform takes care of it in the back end.
Regardless of the size of a company, if they operate in a regulated industry they have to comply with the relevant regulations and legislation. At the same time, if you’re one of the smaller players you likely need to do more with less and can’t afford dedicated compliance solutions. Where Box fits is that they don’t know how to do it the legacy way, and this is a very good thing.
During the customer panel at the analyst session, one of the customers, in a highly regulated industry, was lamenting that they could not use Box for some of their controlled documents. The issue is that Box brings out new stuff too fast and the regulators and legislators simply cannot keep pace. That just sucks.
I asked Aaron Levie something along the lines of “do you think that current legislation and regulations hamper your ability to innovate?” I liked that he acknowledged that it’s the customers, not Box, that are actually being hampered. Box’s approach is to innovate to the spirit of the legislation or regulation, rather than to the letter. I.e.: they’ll satisfy the what, but the how may look a little different.
Odds ‘n’ Enns
- One of the most interesting, to me, integrations I saw at the conference had to do with SAP (apparently you don’t pronounce it “sap”). There’s this company based in Calgary, Alberta, Canada that effectively does for Box-SAP what OpenText Extended ECM does for OT-SAP. I don’t know a ton about it yet, but it is something I will be looking into and getting more familiar with. The fact that the folks at e-Wave Solutions have put effort into building a Box-SAP integration in addition to their Filenet-SAP integration (I think I have that right) is significant. They’re not just chucking up content that’s relevant to stuff happening in SAP. No, they’re doing it in an intelligent way that leverages / manages metadata and preserves the integrity of the “records”. That’s kinda cool. Like I said, I’ll be looking into this a bit more.
- One of the really good things about being an analyst at an event like BoxWorks is that you get one-on-one time with some key people at Box. The normal scenario is the analyst asks questions and the company person answers them. What I love about the people at Box is that we both get to ask questions and have an open, frank discussion.
- Thanks to the Box Governance Product Marketing people (thanks, Veena!!!) for inviting me to share some of my thoughts on Box Governance.
- Thanks to Aaron Levie for taking the time to come and chat with us analysts. I’m a bit of a sceptic at times, and I sometimes wonder if certain tech CEO’s are putting on a show for analysts, the press, prospects, etc. After sitting less than thirty feet from him and being able to look into his eyes, I’m pretty certain that Aaron Levie truly believes in what he and the rest of Box are doing.
- Lastly, a huge thank you to Joely, Signe, and Megan for making the analyst day and, especially, the analyst dinner truly excellent. The whole idea of going to a chef’s residence and having a home made meal in a more intimate setting … loved it.
- That pic is what greeted us as we walked into the chef’s home. There were leftovers.
The one thing that I didn’t hear anything about is a service organization that can make it (all this next generation ECMness) happen (Box Shuttle aside). I still believe that without the right services capabilities, things will not progress as smoothly as they could. Overall I’m pleased about Box’s progress over the last 12 months. You could even say I’m optimistic and excited for what they can achieve and change about ECM in the future. The recently announced OpenText acquisition of Dell EMC ECD (ya know, Documentum and LEAP) just made Box a more attractive option for ECM buyers. As one industry analyst type mentioned, it’s a changing of the guard in the ECM space. Among others, Box is leading the charge. Not to say I told ya so, but I told ya so.
What follows in this post is pure fantasy and speculation, directly out of my head. Or not.
Over the past few weeks I’ve been talking to vendors and some end user types about Information-Governance-as-a-Service (IGaaS). Forget for a moment that no one vendor does all aspects of IG, or that there’s not even a universally accepted definition of IG. Focus instead on the lighter touch that’s required today when so many enterprise tools are required to have a consumer experience about them. Also think about Content-as-a-Service (CaaS, defined here) and what that means for building the apps needed to work with, manage, and govern content.
To save time, let’s get the fawning out of the way:
- Box – I am unashamedly and unabashedly a fan;
- Egnyte – see Box. I’m not getting into what Egnyte announced in this blog as there are plenty of great summaries around the web, including Egnyte’s site;
- GlassIG – more quietly, but see Egnyte.
Pay attention to all three of those companies if you are remotely interested in Information Governance and/or Management. There are other companies that I think are pretty damn good, but when it comes to managing and governing content in cloud or hybrid environments, these are my three. Oracle Web Center Content would be my go to for on-premises ECM (w/some nascent cloud capabilities like file syncing).
When I mentioned to someone at Egnyte a while back that if they added governance to what they already had they could absolutely kill things, I wasn’t thinking about what came out in Egnyte Protect, announced earlier yesterday (June 7,2016). I was thinking more about things that the AIIM and ARMA crowds, especially ARMA, would consider governance. You know, stuff like retention management, legal holds, classification … all that records management-y goodness.
So, even though I was a little, initially, underwhelmed with what Egnyte did release, I sat back and thought that it’s not necessarily a bad thing. What was released is good and what’s coming up is good. Without getting too deep into the weeds, let me paint a little picture for you …
Let’s pretend, for the sake of discussion, that my organization just went out and procured Box as a content management platform. Let’s also pretend that I’ve got stuff stored in SharePoint and network drives, and that in addition to the standard security stuff, I also have to deal with internal policies and external regulatory requirements, a lawsuit or two, some retention requirements, …, you know, a bunch of IG stuff. Let’s also pretend that I want to monitor who’s doing what with content to determine its effectiveness. In other words, let’s say I need to manage and govern content like it’s 1999, but my content isn’t all paper or in one convenient spot that’s on my infrastructure. My point is, the what of what we need to do hasn’t really changed all that much; why, and especially how, have. Ideally, I want to, as much as possible, centralize policies and controls. Enter my IG Mirepoix (yeah, I just made that up) …
In order to meet the requirements outlined above, one could go to each of the individual repositories and do what’s necessary, hoping that things stay in sync and no one ever forgets to do anything in any of the repositories. Even if all that happened, there’s still nothing in place to handle any of the records management, legal hold, and discovery functionality needed. Note to self – go buy more software that needs to be installed, configured, and maintained. Or …
Deploy Egnyte Protect to handle my security and analytics across all the in-scope repositories; deploy GlassIG to handle the records management and related functions. The fact that two tools are needed is not an issue as the tools will be used by different roles in the organization.
I know mega-suites were all the rage for a while, but look what happened. I like the approach outlined above because it’s a best of breed approach. Each tool gets used for the stuff it’s best at. There are areas of overlap between Egnyte Protect and Box, and between GlassIG and Egnyte Protect, but it’s using the three tools as complementary technologies that, I believe, provides the greatest overall value to organizations.
Last week the Information Coalition hosted an InfoChat. During the chat a question was asked about who the most important stakeholders in Information Governance projects are. I answered that I don’t believe in InfoGov projects.
Instead of writing a whole post about why I don’t believe in InfoGov projects I thought I’d give you all a break and, instead of reading my stuff, let you see and listen to me. 🙂
Anyway … my thoughts …
So Box came out and announced Box Governance this week. For those of you thinking that Box is just one of the surfeit of file sharing providers on the planet, think again. Box has been steadfast in stating that they are providing content management and this week’s announcement is further proof of that.
Box Governance provides three important capabilities: 1) Retention Management; 2) Content Security Policies (really should have something about “sensitive information” in the name); 3) Defensible eDiscovery. While having these capabilities available is in and of itself a major step forward, it’s also important to note that organizations that choose to deploy Box can now claim compliance with a number of government and industry regulations and standards (e.g.: PII, FINRA, SOX, SEC 17a-4). However, the most important thing about this announcement, in my opinion, is that it serves to remove additional barriers to including Box in the conversation when talking about Enterprise Content Management vendors (pay attention Gartner, Forrester, IDC, et al). Coupled with Box’s Enterprise Key Management (my post on the topic) announcement earlier this year, organizations relying on FUD (Fear, Uncertainty, Doubt) to exclude Box from consideration are losing rationale for doing so. Security and information governance are what separates true managed content from just another shared drive, and Box has them. Bleat all you want about cloud not being secure and cloud content repositories being unmanaged messes, it’s not working anymore.
Since BoxWorks last September (my thoughts) Box has made a number of feature additions, announcements, integrations, and alliances that are moving it closer to being able to deliver the right balance of System of Record and System of Engagement. At this point it’s still a little ugly and cumbersome for administrators to configure the backend to deliver the various governance, workflow, and security bits to work properly, but that’s what the team at Box Consulting is paid to help with. Those paid to worry about security, legal, regulatory, and audit have less to worry about now than a few months ago. From a content consumer/contributor perspective it’s all pretty slick and that’s what it’s all about.
It’s no coincidence that a white paper I wrote for Digital Clarity Group was released yesterday. The paper is about the next generation of ECM (#ECMnext) and how Enterprise File Sync and Share (EFSS) platforms will provide it. We’d (Box, DCG, me) love to get your thoughts on the paper. Feel free to reach out to any of us (you can reach me via email at email@example.com as I am no longer with DCG) to rant or rave. There’s no data collection, fees, marketing gates or other intrusive nonsense to get the paper, so download The Next Generation of Enterprise Content Management to your heart’s content.