I just spent the last few days (May 25th – 27th) at the ARMA Canada conference in Calgary. As you’d expect it was great to get together with people that I typically only engage with online. But that’s not the reason I go through the effort and expense of attending. I come to this and other conferences to learn and see what’s new, and maybe make some new connections (that whole networking thing). Unless there’s something really compelling (there wasn’t, for me) I do much of my learning on the trade show floor rather than by attending sessions. I try to figure out what’s new, innovative, and exciting by talking to the vendors and attendees.
- What’s new? Other than RSD’s first appearance (I think) at ARMA Canada, nothing really.
- What’s innovative? Nothing really.
- What’s exciting? Nothing really.
The problem seems to be that the Records Management community is not evolving with the times. Sure, they say “information governance”, but I’m not convinced they know what it means or what the implications are. They talk about social media, but do they use it (there was actually a session during which they were taught to tweet). They talk about cloud but then do nothing about it other than give in to the boogie man prognostications. Shit! Even the younger RM folks are sounding like the older ones who are close to retiring.
Based on what I saw and heard at the conference, I hold no optimism that the state of Records and Information Management will join the 21st century any time soon. RIM professionals are complaining about not being given the dues and respect they deserve (and they DO deserve it) but they have to take it, not wait for it to be handed out. ARMA Canada as an association is not helping. They’ve had pretty much the same content, speakers, and vendors since I went to my first conference in 2008. Yes, the names have changed, but you know what I mean.
I’m not sure how, but ARMA Canada needs to freshen things up a bit. Dump the vendors that do nothing but SharePoint stuff or physical records management; that stuff hasn’t changed since the shelf was invented. Attract vendors that represent the new way of doing business and are influencing and enabling digital transformation of business. Solicit speakers that want to do more than talk about how to build another functional file plan or how to implement an ECM platform. ARMA Canada needs a slate of speakers and vendors that represent a balance of what today’s realities are, and what the very near future will hold for managing information.
I’ll wait until I see what the agenda for next year’s conference is, but if it’s pretty much like this year’s this is likely my last ARMA Canada conference for a while. And if things don’t change fast, the RIM profession will be further marginalized, and I’ll likely contribute to the further marginalization; not because we dislike RIM and RIM professionals, but because the rest of us have to move forward to succeed.
Just to add a little positivity …
Over dinner with a friend of mine I got a good look at Oracle’s Document Cloud (I think that’s the name). It’s Oracle’s offering to the EFSS (I HATE that name) market. It’s really, really slick. The version I saw (not sure if it’s generally available yet) looks as easy to use as Box (which is what I use for my business). I know a couple of things about where Oracle is going with it, but not a ton. One thing that I do really like about it is that it sits on top of Oracle Web Center Content so all the security, metadata, workflow, and retention are taken care of. By the way, for those of you who care; Oracle’s Web Center Content is likely the best kept secret amongst ECM platforms. It’s a secret because Oracle really sucks at marketing it.
Image taken from http://www.a-tips-of-life.com/tag/awake/
Last month Box announced their Enterprise Key Management thing. Today they announced their acquisition of Subspace, and are part of ACE (really important app standard). I sometimes marvel at the progress that the industry that pays my bills is making, and then this kind of shit shows up in my mailbox (the Canada Post version, not the Outlook one) …
In case you were wondering, mobile access is not supported and it’s recommended that you use IE or Safari.
I finished reading this article from CMS Wire (I don’t mean I actually read the whole article) and it got me thinking …
Between that article, others I’ve read, and some of the projects I’ve been working on this year, this whole ECM thing is a total crock. The vendors, the consultants, the analysts, and the professional bodies are conspiring against the customers and themselves to prevent success (what defines success on a quarter by quarter basis beggars belief).
“We just bought an ECM and we’re not sure what to do with it.” is something one of my clients said to me earlier this year. Actually, a variant of that statement is something I’ve been hearing ever since I got involved with ECM. So clients don’t really know what they’re doing. Right? Sort of.
Clients have been listening to those of us who make our livings by “doing ECM” for far too long. Vendors sell licenses and get compensated on how things went over a fiscal quarter, plus the annual support and maintenance fees. The fact that less than half of the licenses purchased have actually been deployed means bugger all. Consultants (I’m one, BTW) come in and develop all sorts of strategies to help manage or govern information (they’re not the same thing) without any stake in what goes on after the engagement is over. Analysts, many of whom are paid by vendors and service providers, come up with all sorts of nifty schemes for scoring offerings and invent new sectors. Professional associations put on marvelous conferences where you get to listen to prognostications from vendors, consultants, and analysts that further … the agendas of vendors, consultants, analysts, and professional associations.
I don’t for a minute mean to imply that there is any malice intended in any of this; there likely isn’t. The problem is that we’re in a vicious cycle that we created. We’re all afraid to step back and admit that we ballsed it up, big time. ECM was a good idea at the time. Times have changed, sunshine. ECM is dead (assumes that it was actually alive in the first place) and has been replaced by Information Governance (IG) (which is not a synonym for records management, as a certain professional organization would have you believe). The promise of IG is … I don’t know what the promise is; there’s a bunch of marketing departments out there that will let you know. As far as I can tell IG is ECM with some Big Data, ediscovery, and analytics stuff thrown in (yeah, I’m simplifying); as my dad used to say, “Same shit, different day.”
Despite the changes over the last few years, the stuff I want to see is still the exception; getting value out of information and solving business problems. In a recent client engagement the client told me that they wanted to move HR documents into SharePoint. Why? Because, SP is our ECM pillar. What’ll you do with the docs once they’re in SP? What do you mean?
The above snippet is an example of ECM gone wrong. Move your stuff into a managed repository as a replacement for shared drives. Holy Crap!!! The vendors dig this stuff. The consultants love figuring out a migration strategy. The analysts love another data point. The professional associations love another case study. The client loves … well they love nothing because they’re not getting any real value other than ticking a checkbox.
Who the hell manages information for the sake of managing information? Don’t you want something that leverages information to create value? What if someone just said that there’s a bunch of stuff they need to do that relies on information and that they need to secure that information? What if they could do that without running out and financing some account exec’s BMW or Caribbean vacation?
I’m not suggesting that organizations not buy ECM related software and services. I’m just suggesting that before they do they actually figure out what the end game is and what they’re missing to achieve it. The longer I stay in this game the more I’m certain that achieving ECM-ness is really a matter of processes and will, rather than spending tons on software licenses.
If an organization doesn’t have the processes and will to get their information under control and leverage it, spending butt-loads on software will get them nowhere. If they do have the processes and will, they’ll be able to make stuff happen without the big spend (they’ll likely have to spend some coin, but not what you’d think – integration is wonderful).
Which brings me to …
Cloud. Oh yes! Cloud services are here to stay and we need to figure out how to make them work within all the rules and constraints that apply to us. Jamming our fingers in our ears and ignoring things is not going to work. Going forward, cloud services and mobile devices are part of the mix. We better dump the outdated ECM model and wise up to the fact that the model has changed (for the better, IMO). Cloud services and consumer devices are going to be the norm, but they are not going to be the only thing. There will, for the foreseeable future, also be on premises components. The key is going to be to stop thinking about the enterprise. Really, it is. Any organization is an agglomeration of businesses, each with their own needs in terms of information, governance, processes, tools, etc. Why then go for an enterprise play? Solve stuff one business at a time, one opportunity at a time. Connect the dots as you move along.
Industry research has shown over and over that organizations run multiple content repositories from multiple vendors. They run them for different purposes driven by different factors. What makes any vendor, cloud or otherwise, think that this is going to change? I actually think the vendors secretly agree, but it makes for crappy marketing to say it out loud.
Organizations are hybrids of various businesses. Why can’t this industry understand, then, that managing content requires a hybrid approach? I don’t think this is going to change anytime soon.
Claims processing, mortgage approvals, patient diagnoses, learning material production, repair manuals, safety procedures, employee onboarding … tell me how to make these things better, cheaper, easier, and more efficient, without compromising confidentiality and privacy. Tell me how I can execute these things wherever I or my colleagues happen to be. Tell me how your stuff is gonna work with stuff I already have to make this happen. Don’t tell me that I need to buy 3,000 seats of something and you’ll build me something.
Bottom line … make the customer the center of your universe. Focus on what the customer sees as value. The proportion of organizations that operate purely on fear and risk is pretty small compared to organizations that need to focus on value. Focus on selling me something and I won’t sign anything until the last day of the fiscal quarter; I used to work for a couple of vendors, I know how the game works.
Here’s a couple things you ought to read:
- Joe Shepley wrote this piece in late November; heed his words and you will actually accomplish something.
- Chris Riley wrote this earlier this week; he’s as fed up as I am. Maybe a little more.
To wrap things up:
- ECM isn’t
- Policies, people, and procedure are way more important than tools
- Offence (value) before defence (risk)
- Cloud and on-premises are like wine and cheese; better together but don’t always smell so good and sometimes give you a headache
- Information is like wine; better when shared. But share according to who’s got a palate refined enough to appreciate it.
You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting stuff in the cloud is dangerous.
When I mentioned to a client of mine that some of their users were using consumer file sharing services there were noddings of heads, murmurs of assent, and an “OMG how does he know?” Less than five hours after I mentioned it in a meeting, an exec from one of the stakeholder groups got a call from security stating that her team was violating policy by using Dropbox. This client had deployed an Enterprise Content Management platform. One of the key drivers for the platform is sharing of content among collaborators. One of the key inhibitors is Citrix. So, what do the users do? They email documents to each other. They store stuff on local drives. They get laptops with intellectual property and personal information stolen, and can’t wipe the laptops or recover the content. They use cloud services to store sensitive information. And security struts around proudly thinking they’ve done something. They have; they’ve created a security hole bigger than the one they tried to plug. Hell, even the frickin’ President was storing company confidential documents in his personal Dropbox account.
So I mention to the client that they may want to use an Enterprise File Syncing and Sharing (EFSS – I really don’t like this term) service like, I dunno, BOX! (Yeah, I like Box. So what?) Their Director of IT Infrastructure tells me that the execs are scared of any service that stores data in the U.S. because of the PATRIOT act. Really? Do they not know that Canada has an equally odious piece of legislation? Do they not realize that if the U.S. government wants to get at stuff in Canadian data centres they will? And dig this … Box is working on something that would let the customer (that’s you, btw) maintain control of, and access to, encryption keys. No more sneak attacks by those pesky gubbmint people. Hey, they can still come to you and ask, but at least you’ll know, no? Can you imagine!?!
Every time I have these types of conversations with people I usually end up wanting to lay a choke hold on someone. Whether it’s for spreading FUD (Fear, Uncertainty, Doubt) or for believing it … I’m not sure which irritates me more.
Blocking access to file sharing services doesn’t work. People will find other ways to connect (e.g.: phones make great wi-fi access points) or email documents around. Instead of blocking access to consumer services, IT and security ought to: 1) find out why staff is using the services in the first place; 2) identify and provision SECURE enterprise grade services; 3) develop appropriate policies for using EFSS services, including remedial action for violating the policies. If staff are using consumer services to share business content it’s a pretty safe bet something is wrong with the corporately provided tools. Fix them.
Part of the fix may actually be to provision EFSS to staff. Think about it before you have a freakin’ hissy fit. EFSS providers make money by providing a secure way for people to share content and collaborate. How do you make money? What’s your core strength? Hell, you can’t even stop your staff from sharing content unsecurely (is that even a word?).