A Tunnel of Opportunity


On May 5, 2020 I participated in a panel discussion (fun starts at the 1:35 mark), presented by AO Docs, about how the COVID-19 pandemic is affecting work and how technology is helping, or hurting, us adapt. Tunnel

The pandemic hasn’t really impacted the way I work. I’ve been consulting in one way or another for over thirty years and am used to working from home, hotels, coffee shops, airports, wherever. Some of my colleagues on my current engagement have been working from an office for their entire careers, and struggled a bit, at first, with not being in physical proximity to their friends and coworkers at the office. But that’s not really what I want to write about; I want to write about opportunity.

I’m never going back

On my current engagement I’m at my client on a back-fill assignment until the end of this year. This means that under normal circumstances I’m in the office every day, working as if I’m one of their staff. On March 14th I, along with everyone else that works there, received an email: don’t come in on Monday, you’re working from home until this COVID-19 thing blows over. Now, being the super-intelligent, partially clairvoyant type that I am, I’d been bringing my laptop home with me for about a week, in anticipation of receiving just such an email. Not everyone was as prepared, so there were some logistical issues to sort out so people could get into the office safely to retrieve what they needed to work from home.

While this operation did have a pandemic plan, it was predicated on a significant percentage of their workforce being incapacitated by illness and the rest being able to go to the office. 100% of staff being healthy but having almost zero access to the premises just didn’t figure into their models. There were some connectivity issues the first couple of weeks, as well as getting to grips with some new tools (they were / are in the early stages of moving over to M365).

Opportunity 1

A few weeks into our present state work is still getting done, productivity hasn’t collapsed, and the world wasn’t on fire. A company that pretty much manages by bums in seats found out that working from home works well and people are meeting their goals and commitments. There really is no reason to herd us all back into the office when the physical distancing restrictions are lifted, or EVER. Leave us to determine for ourselves when we need to be in the office and when it’s better to work from home. The benefits of working from home are numerous: better work life balance; less stress from commuting; better for the environment; reduction of physical infrastructure costs, and increased, yes, increased productivity.

Watch where you’re pushing that cart

Unless it’s related to cigars, guitars, whisky, motorcycles, gourmet local food, or beer I really don’t like shopping. This pandemic has forced me to change my grocery shopping habits. I used to figure out what I wanted for supper sometime during the day (when I was at the office) and pick up what I needed on the way home. Now I have to figure things out a week in advance to minimize the number of times I have to go out and face the multitudes and their germs, or perhaps it’s me with the germs. I dunno. Strange, but I actually find going to the grocery store a more pleasant experience now than in the before times (barren deli counters notwithstanding). Stores are less crowded; there aren’t any 4 cart collisions in front of the dairy case; no one is crashing their cart into my bum in the checkout line; and people just seem to be a little more chill and friendly.

Opportunities 2 & 3

Planning my shopping excursions has made me a little bit more thoughtful and deliberate, which has actually given me more time to do the things that actually bring joy to my life. Limiting my errand running to once a week means I have more time to play guitar, have virtual happy hours catching up with old friends, and have the occasional herf (you’ll have to google that) via zoom.

It seems that in grocery stores and liquor stores (they’re an essential service, you know) we’re all being a bit friendlier to, and respectful of, each other. I hope we keep being kind and considerate after this pandemic thing is over and done with.

How long will this last?

I’m not going to sit here and type that this COVID-19 thing is the best thing that’s ever happened. To be honest, it sucks. I have missed being able to see my kids (divorced – finally saw 2 of 3 this past weekend) and my girlfriend, missed being able to go to my favourite guitar and cigar shops, missed being able socialize in person with friends, and missed going to the office (that last is an outright fabrication). At the same time, I consider myself very fortunate that no one I care about has gotten ill or died, that we’ve protected the most vulnerable, I’m still working and making a living, and I’ve gotten the opportunity to virtually connect with some old friends (why’d it take a pandemic for us to figure this out?).

As awful as the pandemic is, and it is truly horrible on so many levels for so many people, it’s also an opportunity and a gift. We can use this time to heal and to be better. We can heal the planet, heal each other, and heal ourselves. We can become better companies, better people, and a better society. It really is up to us.

What would be even worse than the pandemic is if we came out the other end and went back to how things were a few months ago. If we do that, we dishonour the tens of thousands who have been taken from us. We can’t let that happen.

We don’t know when this will all be over. Anyone who even tries to make a prediction is a liar, a fool, or a politician. All I know is that there is light at the end of the tunnel; we just don’t know how long the tunnel is.

Three’s Company


Threes CompanyWhat follows in this post is pure fantasy and speculation, directly out of my head. Or not.

Over the past few weeks I’ve been talking to vendors and some end user types about Information-Governance-as-a-Service (IGaaS). Forget for a moment that no one vendor does all aspects of IG, or that there’s not even a universally accepted definition of IG. Focus instead on the lighter touch that’s required today when so many enterprise tools are required to have a consumer experience about them. Also think about Content-as-a-Service (CaaS, defined here) and what that means for building the apps needed to work with, manage, and govern content.

To save time, let’s get the fawning out of the way:

  • Box – I am unashamedly and unabashedly a fan;
  • Egnyte – see Box. I’m not getting into what Egnyte announced in this blog as there are plenty of great summaries around the web, including Egnyte’s site;
  • GlassIG – more quietly, but see Egnyte.

Pay attention to all three of those companies if you are remotely interested in Information Governance and/or Management. There are other companies that I think are pretty damn good, but when it comes to managing and governing content in cloud or hybrid environments, these are my three. Oracle Web Center Content would be my go to for on-premises ECM (w/some nascent cloud capabilities like file syncing).

When I mentioned to someone at Egnyte a while back that if they added governance to what they already had they could absolutely kill things, I wasn’t thinking about what came out in Egnyte Protect, announced earlier yesterday (June 7,2016). I was thinking more about things that the AIIM and ARMA crowds, especially ARMA, would consider governance. You know, stuff like retention management, legal holds, classification … all that records management-y goodness.

So, even though I was a little, initially, underwhelmed with what Egnyte did release, I sat back and thought that it’s not necessarily a bad thing. What was released is good and what’s coming up is good. Without getting too deep into the weeds, let me paint a little picture for you …

Let’s pretend, for the sake of discussion, that my organization just went out and procured Box as a content management platform. Let’s also pretend that I’ve got stuff stored in SharePoint and network drives, and that in addition to the standard security stuff, I also have to deal with internal policies and external regulatory requirements, a lawsuit or two, some retention requirements, …, you know, a bunch of IG stuff. Let’s also pretend that I want to monitor who’s doing what with content to determine its effectiveness. In other words, let’s say I need to manage and govern content like it’s 1999, but my content isn’t all paper or in one convenient spot that’s on my infrastructure. My point is, the what of what we need to do hasn’t really changed all that much; why, and especially how, have. Ideally, I want to, as much as possible, centralize policies and controls. Enter my IG Mirepoix (yeah, I just made that up) …

In order to meet the requirements outlined above, one could go to each of the individual repositories and do what’s necessary, hoping that things stay in sync EgnyteBoxGlassIG Logoand no one ever forgets to do anything in any of the repositories. Even if all that happened, there’s still nothing in place to handle any of the records management, legal hold, and discovery functionality needed. Note to self – go buy more software that needs to be installed, configured, and maintained. Or …

Deploy Egnyte Protect to handle my security and analytics across all the in-scope repositories; deploy GlassIG to handle the records management and related functions. The fact that two tools are needed is not an issue as the tools will be used by different roles in the organization.

I know mega-suites were all the rage for a while, but look what happened. I like the approach outlined above because it’s a best of breed approach. Each tool gets used for the stuff it’s best at. There are areas of overlap between Egnyte Protect and Box, and between GlassIG and Egnyte Protect, but it’s using the three tools as complementary technologies that, I believe, provides the greatest overall value to organizations.

Enterprise File Sync & Share Should Just Go Away


Image source: https://www.flickr.com/photos/125799907@N07/15386549097Gartner released their 2nd annual Enterprise File Sync & Share Magic Quadrant (EFSS MQ) recently (2015-07-22). Coincidentally, this is my 2nd annual post taking issue with it.

It’s not that I’m denying the existence of vendors that provide EFSS capabilities, I just don’t think that they deserve a market all their own. EFSS as a unique market is pretty much next to useless. Without being an extension of other markets or software categories WE. DON’T. NEED. IT. And don’t even get me started about the definition of what the market actually is. I read Gartner’s description and, if it were describing an animal, it would be a hippo-leprechaun-smurf-wombat-grouper-shark-budgie-chipmunk looking thing with a unicorn horn for a willy. Or maybe a light sabre – I dunno.

File synchronization and sharing capabilities are required for doing business today. Whether you get them from a so called EFFS vendor, an ECM vendor, or a collaboration vendor makes no difference. Hell, maybe your use cases and environment mean you’ll need all three. What matters is that you’ve got a bunch of information that you need to get to a bunch of people that may or may not have yourorg.com email addresses. What matters is that all this information needs to be governed, managed, secured, and integrated into work processes. EFSS tools that don’t do any of these things are plug-ins to other stuff (nothing wrong with that). EFSS capabilities that are found in other stuff are, well, functions in other stuff (nothing wrong with that either).

I hope by this time next year there won’t by an EFSS MQ, Wave (a Forrester eval thing), or any other thing defining EFSS as a unique market. I hope, instead, that we’ll start seeing EFSS capabilities as must-haves in other markets, like, I dunno, ECM for instance. And instead of just sitting around hoping, I’ve done something about it.

Check out The Next Generation of ECM, a Box sponsored whitepaper (no pitch, no registration). It lays out my thoughts about the coming changes – driven by EFSS – in the ECM market.

If you want to get your very own copy of Gartner’s 2015 MQ for EFSS you can head over to this post on Box’s blog and click away.

Microsoft Signs GE – Good or Bad for Box?


Satya and AaronOn July 19, 2015 it was announced that Microsoft landed GE as an Office 365 customer. A little over a month ago Box for Office Online was announced. Now, the Box-MSFT thing isn’t really a partnership in the sense that Box-IBM is, but it is more than just OEMing or white labelling, it seems to me. It also seems that, if cards are played correctly, the MSFT-GE announcement could prove to be quite good for Box.

First of all, I do not have any knowledge of how GE is using Box or how many folks at GE it’s been deployed to; everything in this post is speculative on my part. Anyways, what follows is my pretend version of a fictitious conversation between Aaron Levie and Satya Nadella (apologies in advance to both – no disrespect is intended).

Satya and Aaron chat about the O365-GE deal.

And there you have it. Can Box leverage the opportunity that’s in front of them? I know how I’d play it if I were Aaron Levie. However, if GE opted to go with OneDrive (why would they?) this story could have a less than happy ending (in the GE context, I mean).

The Sky’s NOT Falling – A Missed Opportunity


sky-is-fallingI read Use of File-Sharing Service Leads to $218,400 Fine for HIPAA Violation this morning (2015-07-17); it set me off.

I have no issue with the facts as reported in the article; what I do have issue with is the complete lack of balance. The article is written by Eric Packel of BakerHostetler (law firm in a buncha U.S. cities). As a lawyer, as someone who advises and counsels, he should know better than to leave things as they ended in the article. Yes, the company in question screwed up by stuffing a bunch of sensitive data in what I can only assume was a consumer-grade or mickey mouse type of cloud based file sharing system. They got what they deserved, hopefully learned a lesson, and hopefully not too many patients were compromised or inconvenienced.

No, what really, REALLY irks me about the article is that Eric did not conclude with concrete advice on how to prevent this type of situation. As a consultant, it’s my obligation to provide advice whether it’s directly on a client engagement or when I’m writing a post or article; and I hope I meet that obligation. The author of that article has the same obligation as I do, albeit at multiples of my billing rate.

It would have taken about three minutes to write a closing paragraph along the lines of …

“Hey! Don’t let this happen to you. There are many, many (130+ according to Alan Pelz-Sharpe until he stopped counting) cloud-based storage and sharing services out there. Pick one that’s certified for [whatever you need] and go. And don’t forget – you can outsource data but you can’t outsource accountability (paraphrasing Ann Cavoukian – former Info & Privacy Commish for Ontario).”

… how hard was that?

As it is, Eric feeds the FUD (fear – uncertainty – doubt). The cloud deniers have another “holy cow look what happens when you store stuff in the cloud!” incident to feed their paranoia.

Eric, buddy, you missed a glorious opportunity to make your point and educate the market a bit.

ECM Isn’t


No ECMI finished reading this article from CMS Wire (I don’t mean I actually read the whole article) and it got me thinking …

Between that article, others I’ve read, and some of the projects I’ve been working on this year, this whole ECM thing is a total crock. The vendors, the consultants, the analysts, and the professional bodies are conspiring against the customers and themselves to prevent success (what defines success on a quarter by quarter basis beggars belief).

“We just bought an ECM and we’re not sure what to do with it.” is something one of my clients said to me earlier this year. Actually, a variant of that statement is something I’ve been hearing ever since I got involved with ECM. So clients don’t really know what they’re doing. Right? Sort of.

Clients have been listening to those of us who make our livings by “doing ECM” for far too long. Vendors sell licenses and get compensated on how things went over a fiscal quarter, plus the annual support and maintenance fees. The fact that less than half of the licenses purchased have actually been deployed means bugger all. Consultants (I’m one, BTW) come in and develop all sorts of strategies to help manage or govern information (they’re not the same thing) without any stake in what goes on after the engagement is over. Analysts, many of whom are paid by vendors and service providers, come up with all sorts of nifty schemes for scoring offerings and invent new sectors. Professional associations put on marvelous conferences where you get to listen to prognostications from vendors, consultants, and analysts that further … the agendas of vendors, consultants, analysts, and professional associations.

I don’t for a minute mean to imply that there is any malice intended in any of this; there likely isn’t. The problem is that we’re in a vicious cycle that we created. We’re all afraid to step back and admit that we ballsed it up, big time. ECM was a good idea at the time. Times have changed, sunshine. ECM is dead (assumes that it was actually alive in the first place) and has been replaced by Information Governance (IG) (which is not a synonym for records management, as a certain professional organization would have you believe). The promise of IG is … I don’t know what the promise is; there’s a bunch of marketing departments out there that will let you know. As far as I can tell IG is ECM with some Big Data, ediscovery, and analytics stuff thrown in (yeah, I’m simplifying); as my dad used to say, “Same shit, different day.”

Despite the changes over the last few years, the stuff I want to see is still the exception; getting value out of information and solving business problems. In a recent client engagement the client told me that they wanted to move HR documents into SharePoint. Why? Because, SP is our ECM pillar. What’ll you do with the docs once they’re in SP? What do you mean?

The above snippet is an example of ECM gone wrong. Move your stuff into a managed repository as a replacement for shared drives. Holy Crap!!! The vendors dig this stuff. The consultants love figuring out a migration strategy. The analysts love another data point. The professional associations love another case study. The client loves … well they love nothing because they’re not getting any real value other than ticking a checkbox.

Who the hell manages information for the sake of managing information? Don’t you want something that leverages information to create value? What if someone just said that there’s a bunch of stuff they need to do that relies on information and that they need to secure that information? What if they could do that without running out and financing some account exec’s BMW or Caribbean vacation?

I’m not suggesting that organizations not buy ECM related software and services. I’m just suggesting that before they do they actually figure out what the end game is and what they’re missing to achieve it. The longer I stay in this game the more I’m certain that achieving ECM-ness is really a matter of processes and will, rather than spending tons on software licenses.

If an organization doesn’t have the processes and will to get their information under control and leverage it, spending butt-loads on software will get them nowhere. If they do have the processes and will, they’ll be able to make stuff happen without the big spend (they’ll likely have to spend some coin, but not what you’d think – integration is wonderful).

Which brings me to …

Cloud. Oh yes! Cloud services are here to stay and we need to figure out how to make them work within all the rules and constraints that apply to us. Jamming our fingers in our ears and ignoring things is not going to work. Going forward, cloud services and mobile devices are part of the mix. We better dump the outdated ECM model and wise up to the fact that the model has changed (for the better, IMO). Cloud services and consumer devices are going to be the norm, but they are not going to be the only thing. There will, for the foreseeable future, also be on premises components. The key is going to be to stop thinking about the enterprise. Really, it is. Any organization is an agglomeration of businesses, each with their own needs in terms of information, governance, processes, tools, etc. Why then go for an enterprise play? Solve stuff one business at a time, one opportunity at a time. Connect the dots as you move along.

Industry research has shown over and over that organizations run multiple content repositories from multiple vendors. They run them for different purposes driven by different factors. What makes any vendor, cloud or otherwise, think that this is going to change? I actually think the vendors secretly agree, but it makes for crappy marketing to say it out loud.

Organizations are hybrids of various businesses. Why can’t this industry understand, then, that managing content requires a hybrid approach? I don’t think this is going to change anytime soon.

Claims processing, mortgage approvals, patient diagnoses, learning material production, repair manuals, safety procedures, employee onboarding … tell me how to make these things better, cheaper, easier, and more efficient, without compromising confidentiality and privacy. Tell me how I can execute these things wherever I or my colleagues happen to be. Tell me how your stuff is gonna work with stuff I already have to make this happen. Don’t tell me that I need to buy 3,000 seats of something and you’ll build me something.

Bottom line … make the customer the center of your universe. Focus on what the customer sees as value. The proportion of organizations that operate purely on fear and risk is pretty small compared to organizations that need to focus on value. Focus on selling me something and I won’t sign anything until the last day of the fiscal quarter; I used to work for a couple of vendors, I know how the game works.

Here’s a couple things you ought to read:

  • Joe Shepley wrote this piece in late November; heed his words and you will actually accomplish something.
  • Chris Riley wrote this earlier this week; he’s as fed up as I am. Maybe a little more.

To wrap things up:

  • ECM isn’t
  • Policies, people, and procedure are way more important than tools
  • Offence (value) before defence (risk)
  • Cloud and on-premises are like wine and cheese; better together but don’t always smell so good and sometimes give you a headache
  • Information is like wine; better when shared. But share according to who’s got a palate refined enough to appreciate it.

From the Podium – My Perspective on AIIM and ARMA Canada Conferences


PHIGs God Cow

On June 10th I presented, for the third time, at the ARMA Canada regional conference. Earlier this year, in April, I presented for the first time at AIIM’s annual conference. The experiences were both positive, but very different. This post isn’t really about those experiences; it’s about a comment I received on the evaluation forms from my ARMA Canada session.

The comment was that I was “preaching to the choir”. Uhm, yeah, I was. The topic of my session wasn’t related to the “why” of information governance, it was about a variant of how to do it. I’d fully expect that the session would be attended by people that already understood why information governance is necessary. That said, I fully agree with the sentiment.

Whether it’s at industry conferences, at vendor events, at analyst events, or on online communities, we (IG / IM practitioners) do spend a lot of our time preaching to the choir. But, it’s not always our fault. And I’m going to keep my focus on conferences …

Pick a conference you’re fond of attending, go back over the last few years’ agendas and pick out what’s really fresh/new/exciting year after year. Not much, really. Even at a single conference you can see tons of repetition, albeit using different PowerPoint templates. So, what are we going to do about it? My guess is not very much, but here’s a few suggestions anyways.

Presenters need to give themselves a kick in the hindquarters to get out of their comfort zones. I’ve got my topic for this year, but I will go on to something different next year, or I won’t bother to submit a proposal. Here’s a thought … try something new that doesn’t just address the latest SharePoint release or, if you’re a vendor, the latest version of your product (new branding doesn’t count).

Attendees, you need to get active in conference planning and let the organizers know what you want to hear and see. I know that some of you are there primarily for the networking opportunities and vendor swag, but the sessions can be pretty useful too. In order to make them useful you need to jump in and provide direction. Here’s a little secret … YOU’RE PAYING THE FRICKIN’ FEES YOU ARE THE FRICKIN’ CUSTOMER!!!

Conference organizers need to do a better job of screening and selecting content. Before you slit my throat, I do appreciate that your lot isn’t easy, and you really do a pretty terrific job. I do realize that it’s not easy to get people and organizations to show up and speak for however long you need them to. But, I’d rather see a two day conference with stellar content, than three days that includes some pretty mediocre content. If you’ve got one session that addresses “the state of IM in 2020 and beyond”, you really have more than enough.

As for getting people not in the choir to attend … I don’t know. But I would start with making sure the content to be presented is appealing to them. When was the last time you heard a CMO say “I am so gonna attend that session on managing documented images as records in SharePoint 2013!”? I’d love to see more attendance from IM beneficiaries instead of practitioners.

As for comparing my AIIM experience to the ARMA Canada experience … sorry AIIM, ARMA Canada wins by a landslide because the session was way more a discussion than a lecture. And the credit for that goes to the 39 people that came out at 8:15am (though some did linger a bit over their breakfast). So here’s my proposal for next year’s AIIM conference: I’ll put up a slide with my contact info only. I’ll field questions, challenges, comments from the audience and we’ll all have nice chat for 25 minutes or so. We can call it IM Improv. Deal? Oh, I’ll also try not to step off any stages this time. 🙂

To those in the audience being critical – if you do it the right way, I appreciate it because it makes me better the next time. My contact info is included on every slide deck I use; call or email me to offer criticisms and suggestions. I received some criticism after my AIIM presentation and used it to make my ARMA Canada session, I hope, better. As long as you’re not just being mean I’ll use the input to improve.

Lastly, to those of you sitting in the choir and not singing, get up on stage and join us. I’m certain you’ve got stories, wisdom, and experience that we could all benefit from. The experience is always rewarding, whether it’s by making new connections, learning something, or seeing that “aha” look on someone’s face. It’s hard work and can be nerve-wracking, but it is so worth it.

IRMS 001 – discussion with Chris Walker on auto-classification and on e-mail


Honoured to be in Episode 1 of the IRMS Podcast Series.

IRMS podcast series

Chris Walker is an independent information governance consultant based in Canada, who has previously worked in the enterprise content management space for Open Text and Oracle.    He writes the Info Mgt Nuggets blog.

In this discussion  Chris gives his perspective on auto-classification.   He differentiates between:

  • auto-classification in an eDiscovery context where organisations are seeking to identify documents responsive to a particular case
  • auto-classification in an enterprise content management system (ECM) context where the   ECM repostitory is ingesting content from other repositories (shared drives. line of business systems, ERP systems etc.) and is attributing an appropriate category/classification to that content.

The interview concludes with a discussion on filtering trivial and personal e-mails from e-mail accounts

The conversation between  James Lappin and Chris Walker took place in September 2013.

The podcast is introduced by your hosts Heather Jack and James Lappin

Links to things mentioned in the interview:

View original post 73 more words

Process Definition – A Little Help


Taking a pointer from Laurence Hart, I’ve decided to post something that people can (I hope) actually use in their projects.

Over the last few weeks there’s been lots of “material” about process management / definition / modeling that has caught my attention. So, I am going to do my little bit by simply putting out a couple items that have served me well over a number of years.

You can download the completely editable file here (Workflow Definition Template v1). All I ask is that if you’re going to bash or change it let me know so that I can make changes to the originals. If it’s of value to you, great. If not: A) I don’t care; or B) Be cool and let me know what improvements are needed.

This bit lays out the approach that I use when starting off workshops. It’s based on a JAD approach and assumes that we have the right stakeholders attending.

Process -> Workflow -> Activity Hierarchy

  • Process  –  a series of related workflows that produce value for an organization
  •      Typically involves multiple roles & multiple business units
  •      E.g.: Corporate Procurement
  • Workflow  –  a series of related tasks required to complete a portion of a process
  •      May involve multiple roles & multiple business units
  •      E.g.: Process Purchase Request
  • Activity  –  a single piece of work that must be completed in order to allow a workflow to progress
  •      Involves single role & single business unit
  •      E.g.: Initiate Purchase Request

What we Address

  • Identify task objectives
  • Identify inputs to the task
  • Identify task steps
  • Identify task outputs
  • Identify task Key Performance Indicators (KPI’s)
  • Identify task roles
  • Identify decision support requirements (What information is needed to make decisions about this task? What subsequent decisions will be made based on the results of this task? What authorizations are needed for decisions?)

The template hasn’t been updated in a while, but I do still use it as a starting point. Feel free to leverage it however you see fit, just let me know how you’ve changed it.

%d bloggers like this: