Box Capture – Quick Review


Box CaptureOne of the things announced this week at BoxWorks was Box Capture. Box Capture is a little iOS app that lets users upload pictures and videos from their phones and iPads directly to a specified folder in Box.

So what? I can already do that.

Yes, you can. However, there is a subtle difference between just loading photos and videos from your device’s storage into a Box folder via the Box iOS app and using Box Capture. That difference is that with Box Capture the photos and videos are never stored on the device itself. It’s a minor thing, but for certain use cases could prove to be very beneficial.

Any use case in which content security and privacy are important would benefit. If the device is lost or otherwise compromised, there’s no longer the risk of someone getting access to content they shouldn’t (assuming you don’t leave yourself logged in to Box via the main app). It’s also handy for those that have limited capacity on their devices.

From an ease-of-use perspective it’s as easy to use as you’d expect of anything from Box. If your use case requires removing the photo or video from your device, Box Capture saves you a step or two. It’s not a big deal for one off’s or occasional use, but if it’s something that you do a lot, it could turn out to be significant.

UPDATE: As I was on the first of my two flights home today, I thought about how cool it would be if the new app had some sort of offline capability wherein I could take a picture and it would plunk it into the selected folder once I was online again. So I took a couple of pics to see what would happen. Initially, nothing. Once I was back on the ground and had a reliable signal, well, to my delight those pics I took on the plane suddenly appeared where I had wanted them to. Pretty slick. Keep in mind that my phone was in airplane mode the entire time; I don’t know what the result would be if I’d turned my phone off (does anyone actually do that?).

UPDATE TOO: If you set review to “on” (see the image), Box Capture allows you to change the file name and add a comment before the picture or video is saved to the selected folder. It also presents a list of recently selected folders. And in keeping with keeping things slick and fast, the picture files are saved in .png format.

Box Capture UI

5 Thoughts – The Ashley Madison Hack


cube-482035_640As most of you know by now, Ashley Madison (“Ashley Madison is the most famous name in infidelity and married dating.” quote from their site) was hacked last month and much of the data the hackers stole was released this week, on the dark web. Like many of you, I’ve been reading bits and pieces of the saga. Anyway, here’s five things that struck me about the whole affair:

  1. With a 6:1 ratio of men to women, a guy’s chance of “getting some” via AM are slightly less than they were in high school.
  2. Anyone (private sector, public sector, military, whatever) stupid enough to use a work email address and corporate assets (computer, network) to access AM ought to be dealt with according to corporate acceptable use policies and morals clauses in their employment contracts. It’s akin to using corporate assets to surf porn; just don’t. For what it’s worth, I don’t believe that morals clauses belong in employment contracts. We’re all adults and what I do on my own time is none of my employer’s (I don’t actually have one) business, provided it can’t be linked back to an employer and cover them in poop.
  3. There are a lot of morally superior and judgemental people on the planet. What they’re losing sight of is: 1 – Other people’s lives that don’t affect you are none of your ******* business; 2 – the hack was a criminal act. FULL. STOP.
  4. If what the hackers allege about AM’s security and not cleaning out data is true, the folks at AM are monumentally, irredeemably, irrefutably stupid and negligent.
  5. Lawyers and lawsuits – that didn’t take long. Tied with “Holy crap did we all of a sudden get a lot of downloads”, said the folks responsible for the TOR browser.

Apologies for jumping on the bandwagon and adding to the nonsense.

Security 2015 or Why I Sometimes Hate My Clients


Last month Box announced their Enterprise Key Management thing. Today they announced their acquisition of Subspace, and are part of ACE (really important app standard). I sometimes marvel at the progress that the industry that pays my bills is making, and then this kind of shit shows up in my mailbox (the Canada Post version, not the Outlook one) …

Cyber Security 2015

In case you were wondering, mobile access is not supported and it’s recommended that you use IE or Safari.

Cloudy With a Chance of Success – the Update


I originally posted this back in November 2011. A lot has changed since then, but there’s also a lot that hasn’t. One of the biggest things that’s changed is that Enterprise File Sync and Share (EFSS) has gained a ton of legitimacy over the last little while.

I’m reposting this for a couple of reasons: 1) There’s much in the post that is still relevant; 2) I’ll be posting something in early January that’s related and want to use this post as a kind of introduction.

I debated whether or not I should edit the original post but decided against it. I’ve simply added some comments where I felt they were necessary to clarify things, likely as much for me as for you.

CloudsThis post was inspired by this article on CMSWire by @billycripe and by the Cloud themed tweet jam hosted by CMSWire on November 17, 2011. As usual this is just my opinion.

I’m not an expert on cloud computing, I’m just some guy that likes to be able to access the content I need to do my work, from wherever I happen to be, using whatever device I feel like using at the moment. Take this post, for example; it was written on a laptop and a tablet, in a dining room and a swimming pool (not really in the pool since my tablet isn’t waterproof though that would be mega-cool).

I agree with Billy Cripe’s thoughts that Agile can (ought to) be applied in the development of cloud based ECM solutions. However, as Billy correctly states, “Managing content is not the goal of most businesses.” Most businesses exist to make money by providing products and/or services that consumers want. Businesses rely on information in order to get their stuff done, whatever their stuff is. In order to fully exploit information, the tools (i.e.: information stores) that the businesses rely on need to be connected to each other (so do the people – the tools need to facilitate this). Content / information management tools (cloud or not) need to be part of bigger picture business solutions. We need to build solutions that deliver “I need to share this” in the context of why it needs to be shared (answer why you need to share and you’ll likely figure out who and what).

Re-reading this now it seems as of the above is meant to imply that the topic is legacy ECM systems. That may have been true originally, but it’s not now. I’m really looking at this in terms of anywhere that content can be stored.

No sane person can argue the value and validity of the cloud. Except me. I’m not daft enough to think that cloud computing doesn’t have value or is not a valid approach to take. However, I do think that we’re not going to realize the full potential of the cloud (and by extension, content) if we simply limit its scope to content management. Yeah, I know that there are other things that are done in the cloud, such as CRM, payroll, and accounting.

We’ve gotten to the point where there really is no need to keep much on premises anymore.

When I refer to “cloud” I am referring to more than just the data centre, if that’s not obvious.

Content Wherever I Am

One of the cool things about content in the cloud is that my content is wherever I am. (Okay, so it’s not really my content, it’s my organization’s content.) That’s not the point, though. The point is that I can work with content wherever I happen to be, using whatever device I choose. This does assume that the chosen content repository is able to be synched appropriately. Wouldn’t it be cool, though, that if in addition to being able to work with the content and share it with collaborators (the work variety, not the WWII Nazi variety) the content could also be appropriately tagged, filed, and placed under retention at the point that I plunk it into the repository? I.e.: Cloud repositories need to become extensions of ECM and ERM systems, probably through federation.

So the whole thing about federation is a little off. This really should be thought of as centralized policy administration and enforcement.

Correctly Connecting Corporate Content

Content is spread throughout an organization; cloudification just increases the spread. When I say content, I mean anything that is stored on digital media that serves any legitimate business activity. (For obvious reasons I am excluding physical content.) A key to widespread cloud acceptance is to be to able access / leverage content in order to execute a business activity, regardless of where the various pieces of content reside. An agent in a social services organization should not have to know or care that a citizen’s information is spread over a number of repositories that could be on-premises, in a private cloud, and in a public cloud. The agent is there to service the needs of the citizen, not to figure out some (likely) convoluted architecture just to try and find stuff.

CMIS is a step in the right direction, but where CMIS falls short is that it doesn’t address non-CMS (think ECM) repositories. What we need is something that allows connecting everything that we need, when we need it. Device and location should not be factors. In fact, the only thing that a user should worry about is whether or not they have the right content to do the job. Governance, classification, and security ought to be just taken care of.

If the scope opens up to include non-ECM tools, how much of a factor is CMIS? Look at what’s happening in the broader EFSS space with open standards and open API’s.

Speaking of Governance…

Until the governance issues get sorted, I doubt very much that we’ll see widespread adoption of public cloud services. Smaller organizations, organizations with lax regulatory / privacy regulations, and organizations that can bully providers into rock-solid SLA’s may be able to go full public cloud, but I doubt they will. I think the reality is that organizations will end up having hybrid environments of cloud and on-premises.

When I say governance I am not only referring to the poo that legislators, regulators and litigators throw in our way. Governance needs to address issues such as:

  1. what can / should be stored in the cloud
  2. service level agreements
  3. disaster recovery / business continuity
  4. security
  5. classification / categorization
  6. retention & disposition (thanks to @JamesLappin & @AlanPelzSharpe for bringing this up)

Governance of cloud content has to deal with all of the things that we need to deal with for on-premises stored content, with the added complication that we also have to deal with where the damn box is and if some foreign government can get at it whenever they bloody well feel like it. Canada’s Anti-terrorism Act and the United States’ PATRIOT Act are not going to be very helpful in encouraging organizations to move to the cloud in a big way.

With so many employees using consumer devices and consumer services it’s better to accept the potential peek from the government than it is to continue to deny things and have content out in the wild.

Parting Shots

  1. Hybrid (cloud / on-premises) will be in the majority
  2. Governance (internally & externally imposed) has to be figured out
  3. Integration / interoperability are critical
  4. Privacy concerns and government snooping are major inhibitors (@ron_miller wrote a pretty good piece about this)
  5. If we’re not careful we’ll just move the mess from our hard drives to someone else’s
  6. Some Systems of Record will end up in the cloud, if they’re not already there
  7. Services are where it’s at

Bonus Material

I couldn’t decide which song I wanted to use for this post, so you’re getting three:

  1. CCR – Have You Ever Seen the Rain?
  2. CCR – Who’ll Stop the Rain?
  3. SRV – Couldn’t Stand the Weather

A couple definitions for those that think it should be “on-premise”

  1. http://oxforddictionaries.com/definition/premise
  2. http://oxforddictionaries.com/definition/premises

 

You’re out of Your Mind


crazy faceYou’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting stuff in the cloud is dangerous.

When I mentioned to a client of mine that some of their users were using consumer file sharing services there were noddings of heads, murmurs of assent, and an “OMG how does he know?” Less than five hours after I mentioned it in a meeting, an exec from one of the stakeholder groups got a call from security stating that her team was violating policy by using Dropbox. This client had deployed an Enterprise Content Management platform. One of the key drivers for the platform is sharing of content among collaborators. One of the key inhibitors is Citrix. So, what do the users do? They email documents to each other. They store stuff on local drives. They get laptops with intellectual property and personal information stolen, and can’t wipe the laptops or recover the content. They use cloud services to store sensitive information. And security struts around proudly thinking they’ve done something. They have; they’ve created a security hole bigger than the one they tried to plug. Hell, even the frickin’ President was storing company confidential documents in his personal Dropbox account.

So I mention to the client that they may want to use an Enterprise File Syncing and Sharing (EFSS – I really don’t like this term) service like, I dunno, BOX! (Yeah, I like Box. So what?) Their Director of IT Infrastructure tells me that the execs are scared of any service that stores data in the U.S. because of the PATRIOT act. Really? Do they not know that Canada has an equally odious piece of legislation? Do they not realize that if the U.S. government wants to get at stuff in Canadian data centres they will? And dig this … Box is working on something that would let the customer (that’s you, btw) maintain control of, and access to, encryption keys. No more sneak attacks by those pesky gubbmint people. Hey, they can still come to you and ask, but at least you’ll know, no?  Can you imagine!?!

Every time I have these types of conversations with people I usually end up wanting to lay a choke hold on someone. Whether it’s for spreading FUD (Fear, Uncertainty, Doubt) or for believing it … I’m not sure which irritates me more.

Blocking access to file sharing services doesn’t work. People will find other ways to connect (e.g.: phones make great wi-fi access points) or email documents around. Instead of blocking access to consumer services, IT and security ought to: 1) find out why staff is using the services in the first place; 2) identify and provision SECURE enterprise grade services; 3) develop appropriate policies for using EFSS services, including remedial action for violating the policies. If staff are using consumer services to share business content it’s a pretty safe bet something is wrong with the corporately provided tools. Fix them.

Part of the fix may actually be to provision EFSS to staff. Think about it before you have a freakin’ hissy fit. EFSS providers make money by providing a secure way for people to share content and collaborate. How do you make money? What’s your core strength? Hell, you can’t even stop your staff from sharing content unsecurely (is that even a word?).

%d bloggers like this: