Three’s Company


Threes CompanyWhat follows in this post is pure fantasy and speculation, directly out of my head. Or not.

Over the past few weeks I’ve been talking to vendors and some end user types about Information-Governance-as-a-Service (IGaaS). Forget for a moment that no one vendor does all aspects of IG, or that there’s not even a universally accepted definition of IG. Focus instead on the lighter touch that’s required today when so many enterprise tools are required to have a consumer experience about them. Also think about Content-as-a-Service (CaaS, defined here) and what that means for building the apps needed to work with, manage, and govern content.

To save time, let’s get the fawning out of the way:

  • Box – I am unashamedly and unabashedly a fan;
  • Egnyte – see Box. I’m not getting into what Egnyte announced in this blog as there are plenty of great summaries around the web, including Egnyte’s site;
  • GlassIG – more quietly, but see Egnyte.

Pay attention to all three of those companies if you are remotely interested in Information Governance and/or Management. There are other companies that I think are pretty damn good, but when it comes to managing and governing content in cloud or hybrid environments, these are my three. Oracle Web Center Content would be my go to for on-premises ECM (w/some nascent cloud capabilities like file syncing).

When I mentioned to someone at Egnyte a while back that if they added governance to what they already had they could absolutely kill things, I wasn’t thinking about what came out in Egnyte Protect, announced earlier yesterday (June 7,2016). I was thinking more about things that the AIIM and ARMA crowds, especially ARMA, would consider governance. You know, stuff like retention management, legal holds, classification … all that records management-y goodness.

So, even though I was a little, initially, underwhelmed with what Egnyte did release, I sat back and thought that it’s not necessarily a bad thing. What was released is good and what’s coming up is good. Without getting too deep into the weeds, let me paint a little picture for you …

Let’s pretend, for the sake of discussion, that my organization just went out and procured Box as a content management platform. Let’s also pretend that I’ve got stuff stored in SharePoint and network drives, and that in addition to the standard security stuff, I also have to deal with internal policies and external regulatory requirements, a lawsuit or two, some retention requirements, …, you know, a bunch of IG stuff. Let’s also pretend that I want to monitor who’s doing what with content to determine its effectiveness. In other words, let’s say I need to manage and govern content like it’s 1999, but my content isn’t all paper or in one convenient spot that’s on my infrastructure. My point is, the what of what we need to do hasn’t really changed all that much; why, and especially how, have. Ideally, I want to, as much as possible, centralize policies and controls. Enter my IG Mirepoix (yeah, I just made that up) …

In order to meet the requirements outlined above, one could go to each of the individual repositories and do what’s necessary, hoping that things stay in sync EgnyteBoxGlassIG Logoand no one ever forgets to do anything in any of the repositories. Even if all that happened, there’s still nothing in place to handle any of the records management, legal hold, and discovery functionality needed. Note to self – go buy more software that needs to be installed, configured, and maintained. Or …

Deploy Egnyte Protect to handle my security and analytics across all the in-scope repositories; deploy GlassIG to handle the records management and related functions. The fact that two tools are needed is not an issue as the tools will be used by different roles in the organization.

I know mega-suites were all the rage for a while, but look what happened. I like the approach outlined above because it’s a best of breed approach. Each tool gets used for the stuff it’s best at. There are areas of overlap between Egnyte Protect and Box, and between GlassIG and Egnyte Protect, but it’s using the three tools as complementary technologies that, I believe, provides the greatest overall value to organizations.

Enterprise File Sync & Share Should Just Go Away


Image source: https://www.flickr.com/photos/125799907@N07/15386549097Gartner released their 2nd annual Enterprise File Sync & Share Magic Quadrant (EFSS MQ) recently (2015-07-22). Coincidentally, this is my 2nd annual post taking issue with it.

It’s not that I’m denying the existence of vendors that provide EFSS capabilities, I just don’t think that they deserve a market all their own. EFSS as a unique market is pretty much next to useless. Without being an extension of other markets or software categories WE. DON’T. NEED. IT. And don’t even get me started about the definition of what the market actually is. I read Gartner’s description and, if it were describing an animal, it would be a hippo-leprechaun-smurf-wombat-grouper-shark-budgie-chipmunk looking thing with a unicorn horn for a willy. Or maybe a light sabre – I dunno.

File synchronization and sharing capabilities are required for doing business today. Whether you get them from a so called EFFS vendor, an ECM vendor, or a collaboration vendor makes no difference. Hell, maybe your use cases and environment mean you’ll need all three. What matters is that you’ve got a bunch of information that you need to get to a bunch of people that may or may not have yourorg.com email addresses. What matters is that all this information needs to be governed, managed, secured, and integrated into work processes. EFSS tools that don’t do any of these things are plug-ins to other stuff (nothing wrong with that). EFSS capabilities that are found in other stuff are, well, functions in other stuff (nothing wrong with that either).

I hope by this time next year there won’t by an EFSS MQ, Wave (a Forrester eval thing), or any other thing defining EFSS as a unique market. I hope, instead, that we’ll start seeing EFSS capabilities as must-haves in other markets, like, I dunno, ECM for instance. And instead of just sitting around hoping, I’ve done something about it.

Check out The Next Generation of ECM, a Box sponsored whitepaper (no pitch, no registration). It lays out my thoughts about the coming changes – driven by EFSS – in the ECM market.

If you want to get your very own copy of Gartner’s 2015 MQ for EFSS you can head over to this post on Box’s blog and click away.

Microsoft Signs GE – Good or Bad for Box?


Satya and AaronOn July 19, 2015 it was announced that Microsoft landed GE as an Office 365 customer. A little over a month ago Box for Office Online was announced. Now, the Box-MSFT thing isn’t really a partnership in the sense that Box-IBM is, but it is more than just OEMing or white labelling, it seems to me. It also seems that, if cards are played correctly, the MSFT-GE announcement could prove to be quite good for Box.

First of all, I do not have any knowledge of how GE is using Box or how many folks at GE it’s been deployed to; everything in this post is speculative on my part. Anyways, what follows is my pretend version of a fictitious conversation between Aaron Levie and Satya Nadella (apologies in advance to both – no disrespect is intended).

Satya and Aaron chat about the O365-GE deal.

And there you have it. Can Box leverage the opportunity that’s in front of them? I know how I’d play it if I were Aaron Levie. However, if GE opted to go with OneDrive (why would they?) this story could have a less than happy ending (in the GE context, I mean).

The Sky’s NOT Falling – A Missed Opportunity


sky-is-fallingI read Use of File-Sharing Service Leads to $218,400 Fine for HIPAA Violation this morning (2015-07-17); it set me off.

I have no issue with the facts as reported in the article; what I do have issue with is the complete lack of balance. The article is written by Eric Packel of BakerHostetler (law firm in a buncha U.S. cities). As a lawyer, as someone who advises and counsels, he should know better than to leave things as they ended in the article. Yes, the company in question screwed up by stuffing a bunch of sensitive data in what I can only assume was a consumer-grade or mickey mouse type of cloud based file sharing system. They got what they deserved, hopefully learned a lesson, and hopefully not too many patients were compromised or inconvenienced.

No, what really, REALLY irks me about the article is that Eric did not conclude with concrete advice on how to prevent this type of situation. As a consultant, it’s my obligation to provide advice whether it’s directly on a client engagement or when I’m writing a post or article; and I hope I meet that obligation. The author of that article has the same obligation as I do, albeit at multiples of my billing rate.

It would have taken about three minutes to write a closing paragraph along the lines of …

“Hey! Don’t let this happen to you. There are many, many (130+ according to Alan Pelz-Sharpe until he stopped counting) cloud-based storage and sharing services out there. Pick one that’s certified for [whatever you need] and go. And don’t forget – you can outsource data but you can’t outsource accountability (paraphrasing Ann Cavoukian – former Info & Privacy Commish for Ontario).”

… how hard was that?

As it is, Eric feeds the FUD (fear – uncertainty – doubt). The cloud deniers have another “holy cow look what happens when you store stuff in the cloud!” incident to feed their paranoia.

Eric, buddy, you missed a glorious opportunity to make your point and educate the market a bit.

ECM Isn’t


No ECMI finished reading this article from CMS Wire (I don’t mean I actually read the whole article) and it got me thinking …

Between that article, others I’ve read, and some of the projects I’ve been working on this year, this whole ECM thing is a total crock. The vendors, the consultants, the analysts, and the professional bodies are conspiring against the customers and themselves to prevent success (what defines success on a quarter by quarter basis beggars belief).

“We just bought an ECM and we’re not sure what to do with it.” is something one of my clients said to me earlier this year. Actually, a variant of that statement is something I’ve been hearing ever since I got involved with ECM. So clients don’t really know what they’re doing. Right? Sort of.

Clients have been listening to those of us who make our livings by “doing ECM” for far too long. Vendors sell licenses and get compensated on how things went over a fiscal quarter, plus the annual support and maintenance fees. The fact that less than half of the licenses purchased have actually been deployed means bugger all. Consultants (I’m one, BTW) come in and develop all sorts of strategies to help manage or govern information (they’re not the same thing) without any stake in what goes on after the engagement is over. Analysts, many of whom are paid by vendors and service providers, come up with all sorts of nifty schemes for scoring offerings and invent new sectors. Professional associations put on marvelous conferences where you get to listen to prognostications from vendors, consultants, and analysts that further … the agendas of vendors, consultants, analysts, and professional associations.

I don’t for a minute mean to imply that there is any malice intended in any of this; there likely isn’t. The problem is that we’re in a vicious cycle that we created. We’re all afraid to step back and admit that we ballsed it up, big time. ECM was a good idea at the time. Times have changed, sunshine. ECM is dead (assumes that it was actually alive in the first place) and has been replaced by Information Governance (IG) (which is not a synonym for records management, as a certain professional organization would have you believe). The promise of IG is … I don’t know what the promise is; there’s a bunch of marketing departments out there that will let you know. As far as I can tell IG is ECM with some Big Data, ediscovery, and analytics stuff thrown in (yeah, I’m simplifying); as my dad used to say, “Same shit, different day.”

Despite the changes over the last few years, the stuff I want to see is still the exception; getting value out of information and solving business problems. In a recent client engagement the client told me that they wanted to move HR documents into SharePoint. Why? Because, SP is our ECM pillar. What’ll you do with the docs once they’re in SP? What do you mean?

The above snippet is an example of ECM gone wrong. Move your stuff into a managed repository as a replacement for shared drives. Holy Crap!!! The vendors dig this stuff. The consultants love figuring out a migration strategy. The analysts love another data point. The professional associations love another case study. The client loves … well they love nothing because they’re not getting any real value other than ticking a checkbox.

Who the hell manages information for the sake of managing information? Don’t you want something that leverages information to create value? What if someone just said that there’s a bunch of stuff they need to do that relies on information and that they need to secure that information? What if they could do that without running out and financing some account exec’s BMW or Caribbean vacation?

I’m not suggesting that organizations not buy ECM related software and services. I’m just suggesting that before they do they actually figure out what the end game is and what they’re missing to achieve it. The longer I stay in this game the more I’m certain that achieving ECM-ness is really a matter of processes and will, rather than spending tons on software licenses.

If an organization doesn’t have the processes and will to get their information under control and leverage it, spending butt-loads on software will get them nowhere. If they do have the processes and will, they’ll be able to make stuff happen without the big spend (they’ll likely have to spend some coin, but not what you’d think – integration is wonderful).

Which brings me to …

Cloud. Oh yes! Cloud services are here to stay and we need to figure out how to make them work within all the rules and constraints that apply to us. Jamming our fingers in our ears and ignoring things is not going to work. Going forward, cloud services and mobile devices are part of the mix. We better dump the outdated ECM model and wise up to the fact that the model has changed (for the better, IMO). Cloud services and consumer devices are going to be the norm, but they are not going to be the only thing. There will, for the foreseeable future, also be on premises components. The key is going to be to stop thinking about the enterprise. Really, it is. Any organization is an agglomeration of businesses, each with their own needs in terms of information, governance, processes, tools, etc. Why then go for an enterprise play? Solve stuff one business at a time, one opportunity at a time. Connect the dots as you move along.

Industry research has shown over and over that organizations run multiple content repositories from multiple vendors. They run them for different purposes driven by different factors. What makes any vendor, cloud or otherwise, think that this is going to change? I actually think the vendors secretly agree, but it makes for crappy marketing to say it out loud.

Organizations are hybrids of various businesses. Why can’t this industry understand, then, that managing content requires a hybrid approach? I don’t think this is going to change anytime soon.

Claims processing, mortgage approvals, patient diagnoses, learning material production, repair manuals, safety procedures, employee onboarding … tell me how to make these things better, cheaper, easier, and more efficient, without compromising confidentiality and privacy. Tell me how I can execute these things wherever I or my colleagues happen to be. Tell me how your stuff is gonna work with stuff I already have to make this happen. Don’t tell me that I need to buy 3,000 seats of something and you’ll build me something.

Bottom line … make the customer the center of your universe. Focus on what the customer sees as value. The proportion of organizations that operate purely on fear and risk is pretty small compared to organizations that need to focus on value. Focus on selling me something and I won’t sign anything until the last day of the fiscal quarter; I used to work for a couple of vendors, I know how the game works.

Here’s a couple things you ought to read:

  • Joe Shepley wrote this piece in late November; heed his words and you will actually accomplish something.
  • Chris Riley wrote this earlier this week; he’s as fed up as I am. Maybe a little more.

To wrap things up:

  • ECM isn’t
  • Policies, people, and procedure are way more important than tools
  • Offence (value) before defence (risk)
  • Cloud and on-premises are like wine and cheese; better together but don’t always smell so good and sometimes give you a headache
  • Information is like wine; better when shared. But share according to who’s got a palate refined enough to appreciate it.
%d bloggers like this: