Adopting ECM – A Case Study in Failure


Head in HandsEarlier this year I completed an assessment of Alfresco for a university client. The university licensed Alfresco several years ago and did not have much success. They hired me to find out why, and what to do about it. The options they wanted to look at were to continue on with Alfresco or switch to SharePoint. An option they weren’t willing to consider was a cloud based option. I gave them one anyways, based on Box. Unfortunately I was asked to remove that option from the final report. Oh well.

While the platform in question was Alfresco, I can’t stress enough that the failure had nothing to do with the platform. Under the circumstance nothing would have succeeded. You can read a bit about it in an earlier post here.

I’m trying something a little different; because of my altruistic nature I am making the final report available as a downloadable PDF. I figure there’s stuff in it that many could use, and perhaps critique that would be helpful.

I want to thank Laurence Hart for his contribution to the report and the overall project. Thanks, Laurence. You can follow Laurence on twitter at https://twitter.com/piewords and check out his blog at http://wordofpie.com/.

Anyways, just follow the link and you ought to get to the report (no fees, no signup, no tracking). Feel free to provide feedback.

University ECM Assessment – I’m using Box to share this content. Please let me know if you have any issues.

Image: “Paris Tuileries Garden Facepalm statue” by Alex E. Proimos – http://www.flickr.com/photos/proimos/4199675334/. Licensed under CC BY 2.0 via Wikimedia Commons

 6 Comments

 Posted on April 22, 2015 by

 Change Management, ECM, EIM, Implementation, Information Management, PHIGs, SharePoint, Usability, User Adoption

     , , , , , , ,

A Day with Box – Quick Thoughts


1024px-Big_Ben_ClockIn late February of 2015 I attended Box’s analyst day in London. As many of you already know, I am quite a fan of Box and I see them as a contender to eventually displace legacy ECM vendors. What I heard and saw in London from the various speakers and panellists (Box and customers) just makes me surer that they are on the right track.

An example that really stands out to me, because I’m a parent that’s sent off a couple of unaccompanied minors, is that of a transportation provider that’s using Box to handle authorizations for getting kids on their conveyance and picked up at the destination. A couple of tweaks could be made to make the process a little smoother for all stakeholders, and really put something innovative out there. What struck me is the absolute simplicity and elegance of the whole thing and that it didn’t take weeks of requirements, design, development, testing, and deployment. A guy with a phone and Box credentials had an idea to make things a little easier and it was done. How friggin’ cool is that?

It’s awesome, but the information governance geek in me cringes a bit. Yes, I know Box comes with all sorts of tracking, auditing, and reporting capabilities, but they’re not enough. If I’m going to put Box or any other platform in front of my clients as a viable option, and I have, I need to be certain that the governance and compliance requirements can be fulfilled. And this is where Box currently has a bit of a disadvantage.

People like Box because it’s slick and easy to use. However, when you start adding in things such as regulatory compliance, metadata, records management, workflow, and eDiscovery, you need to add more rigour to how the platform is deployed and used. When you add rigour you remove flexibility and, more often than not, positive user experience. Things like metadata, Information Architecture, and repository design become extremely important. The usual result is that users lose flexibility, have added tasks, and generally have a poor experience in doing their jobs with the platform. The trick for Box will be in making sure the governance pieces get taken care of without sacrificing the experience that users have gotten used to. I think they’re on the right path.

Between Box for Industries, a burgeoning services organization, and the recently announced ACE (App Configuration for Enterprise) Standard, Box is ticking a lot of boxes (Oh jeez, pardon the pun). Of those three things, the least exciting to me is Box for Industries; everyone’s doing it and Box has to in order to compete. It’s important, just not overly exciting. I think the services and app aspects have the potential to be exciting.

I love the idea of apps that do just one thing and do it really well. I love the idea that an app can create a “tunnel” from my device to a managed repository somewhere and that I don’t have to worry about anything other than getting my job done. Whether it’s the end user organization or a development shop, ACE ought to simplify the job of building process and task specific apps that sit nicely on top of Box and maintain that slick experience we’ve grown accustomed to.

I’m excited about the services aspect because I am a services guy. In the Box context services are going to be critical on a number of fronts. First, planning and setting up a managed content repository is a basic task and is not easy or trivial. More than one ECM (Enterprise Content Management) deployment has failed right out of the gate because someone got the basics wrong, for whatever reason. By making services available Box takes a portion of the burden off the end user organization.

Services, if leveraged properly, can serve another couple of critical purposes to Box. An effective services organization can be a boon to product development. By bringing back requirements, complaints, and other intelligence from the field consultants are instrumental in informing product development and strategy of what works, what doesn’t, and what’s missing. Additionally, and this is pure speculation for now, I think an effective services organization can play a part in determining what apps are built, how they’re built, and who builds them (kind of a nice thought in light of the ACE announcement).

While I love the fact that Box is growing its services organization, I am curious to see how they’re going to sell it and price it to clients. Are they going to do what so many vendors, including a couple I’ve worked for, do? I sincerely hope not. In my utopian view, services are there to make sure the customer and the platform succeed and grow. Is Box going to use services as part of a one-and-done approach or are they going to foster partnerships / trusted advisor relationships. The chats I had in London lead me to conclude the latter.

One of the things that I’ve noticed over the years is that vendor services organisations are generally composed of consultants that are really, really good with the technology. What’s missing is consultants that know business and managing information. I hope that Box does not make this mistake.

Odds and Sods

While I was in London had breakfast with the CEO / Founder of cloudfind. Cloudfind is a service that looks at your cloud stored content (Dropbox, Google Drive, Salesforce, Box) and creates tags for it. I tried it out and it’s pretty good, but it’s too early for it to be very useful to me. That said, I got some insight into what the roadmap for cloudfind is and it’s pretty cool. Based on my conversation with the CEO / Founder I can envision the day where cloudfind could be used to help in eDiscovery, taxonomy design, and repository design. I’m looking forward to seeing what they come up with in the future.

I’ve never liked Box being referred to as Enterprise File Sync and Share (EFSS) or Enterprise Content Collaboration (ECC). So what should it be called? I’m of the opinion that Box fits into some slots in the Information Governance (IG) market. I mentioned this to one of the executives in London and she wasn’t thrilled; not because I’m wrong but because IG just isn’t sexy. As far as I’m concerned there’s something tremendously sexy about a platform that appeals to the users, satisfies IT, and can grow into satisfying the regulators.

 1 Comment

 Posted on March 4, 2015 by

 Box, Cloud, Collaboration, ECM, EFSS, EIM, Enterprise File Sync and Share, Governance, Information Governance, Information Management, Metadata, Usability, User Adoption

     , , , ,

You’re out of Your Mind


crazy faceYou’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting stuff in the cloud is dangerous.

When I mentioned to a client of mine that some of their users were using consumer file sharing services there were noddings of heads, murmurs of assent, and an “OMG how does he know?” Less than five hours after I mentioned it in a meeting, an exec from one of the stakeholder groups got a call from security stating that her team was violating policy by using Dropbox. This client had deployed an Enterprise Content Management platform. One of the key drivers for the platform is sharing of content among collaborators. One of the key inhibitors is Citrix. So, what do the users do? They email documents to each other. They store stuff on local drives. They get laptops with intellectual property and personal information stolen, and can’t wipe the laptops or recover the content. They use cloud services to store sensitive information. And security struts around proudly thinking they’ve done something. They have; they’ve created a security hole bigger than the one they tried to plug. Hell, even the frickin’ President was storing company confidential documents in his personal Dropbox account.

So I mention to the client that they may want to use an Enterprise File Syncing and Sharing (EFSS – I really don’t like this term) service like, I dunno, BOX! (Yeah, I like Box. So what?) Their Director of IT Infrastructure tells me that the execs are scared of any service that stores data in the U.S. because of the PATRIOT act. Really? Do they not know that Canada has an equally odious piece of legislation? Do they not realize that if the U.S. government wants to get at stuff in Canadian data centres they will? And dig this … Box is working on something that would let the customer (that’s you, btw) maintain control of, and access to, encryption keys. No more sneak attacks by those pesky gubbmint people. Hey, they can still come to you and ask, but at least you’ll know, no?  Can you imagine!?!

Every time I have these types of conversations with people I usually end up wanting to lay a choke hold on someone. Whether it’s for spreading FUD (Fear, Uncertainty, Doubt) or for believing it … I’m not sure which irritates me more.

Blocking access to file sharing services doesn’t work. People will find other ways to connect (e.g.: phones make great wi-fi access points) or email documents around. Instead of blocking access to consumer services, IT and security ought to: 1) find out why staff is using the services in the first place; 2) identify and provision SECURE enterprise grade services; 3) develop appropriate policies for using EFSS services, including remedial action for violating the policies. If staff are using consumer services to share business content it’s a pretty safe bet something is wrong with the corporately provided tools. Fix them.

Part of the fix may actually be to provision EFSS to staff. Think about it before you have a freakin’ hissy fit. EFSS providers make money by providing a secure way for people to share content and collaborate. How do you make money? What’s your core strength? Hell, you can’t even stop your staff from sharing content unsecurely (is that even a word?).

 1 Comment

 Posted on October 29, 2014 by

 Cloud, Collaboration, ECM, EIM, General, Government, Information Management, Rants, Security, Usability, Useability, User Adoption

     , , , , , , , , , , , , , ,

BYOD – Run What Ya Brung


This was originally posted on the AIIM Community on 2012-05-30.

In the interests of full disclosure; I use a corporately issued laptop, a self-provisioned smartphone (employer pays service), a self-provisioned tablet, and a personal laptop. My tablet, while being hugely convenient and making my life easier, is not necessary for me to live or work. This post was written using my personal laptop and tablet. I used MS Word and OnCloud to write it. The Word file is stored on Google Drive. Yeah, I believe in BYOD (Bring Your Own Device). I also think the cloud’s a good thing.

One day I’d really like to see what percentage of the overall workforce really needs to bring their own device to work, or would even benefit (need vs want) from doing so. 9-5ers, bank tellers, receptionists (can we still call them that?), gov’t front counter staff, fast food employees, gas station attendants, call centre staff, billing clerks, accounts payable clerks, refuse collection agents, … these and a whole bunch more jobs have no stake in BYOD.

Anyone whose work ties them to a desk, executing fairly structured tasks can get by quite nicely with whatever hardware their employer has plunked down for them (assumes that HW and apps are suitable for the job). Oh, they may want to bring in their tablets or smartphones, load up on apps, and do their work from the sidewalk while having a cigarette. But I really don’t give a rat’s ass and neither should you. Can you honestly tell me that someone who processes invoices is going to benefit from being able to do so on a tablet instead of on a PC? I thought not.

Don’t get me wrong; I am not diminishing the value of the jobs that people do or what they contribute to their organizations and/or society at large. What gets me is this whole consumerization of IT thing that’s going on. The next time you hear “I have such cool gadgets at home, why can’t I have them at work?”, consider this answer; “YOU DON”T BLOODY NEED IT!!!”. You know what they need? They need the right information, proper training & support, a decent organizational culture, paths for self-fulfilment, and recognition that what they do means something.

On the other hand, there are many job functions that can definitely benefit from BYOD. Most of you reading this are probably in one. I’m in one of those roles, but there’s still lots of stuff that I need to do at work that can’t get done on my phone or tablet. When I say that, I mean it’s either just not possible or so cumbersome as to be not worth the effort. Taking meeting notes, writing docs, & emailing are all pretty good on my tablet, a little less so on my phone. Running demos, drawing diagrams, entering timesheets, and doing expenses just can’t be done. That does not mean I will give up my tablet or phone. Hell no! What it means is that unless my job changes I am going to have to be content with running multiple devices to get my job done. Oh, I could just go back to using only my laptop, but that would be silly.

Assuming BYOD is the right path …

Security and privacy are major concerns. What’s going to happen if someone loses their tablet or phone? What’s going to happen if there is a discovery order or FOI request and employee procured devices are in scope? Employees who use their own devices are going to be accessing & storing corporate content as well as personal content on the same device. Some of them are going to let friends and family use those devices for all sorts of stuff. You can’t tell your employees not to because they paid for the devices. What are you gonna do about it?

One of the really nice things about having a tablet or smartphone is that I can be mobile. That means that I don’t need to be connected to my corporate LAN and I can still get the stuff I need to do my work. Not all the stuff, but most of it. It’s not just content that I’m referring to, it’s applications as well. If you’re going to make a move to BYOD it’s on your shoulders to make sure that your team has access to the content, applications, and processes that they need to do the job. If your BYOD is limited to a single platform (e.g.: iOS) you may be lucky because you’ll only need to provision apps that work on a limited set of devices. If, however, you’re going true BYOD, well … you could run into some difficulty. Not only are you going to have to deal with security and privacy issues, you’ll also have to get into the app development business, unless there are already apps available from the usual sources (which I really doubt). I’ve used apps developed by organizations that theoretically work across multiple devices; many have fallen short and the user experience simply sucks. Oh, those apps you’re going to build will have to be integrated to those line of business systems your organization runs to get stuff done. Think of them as additional UI’s and functions that you’ll need to build, maintain, and support.

Another nice thing about BYOD, depending on your perspective, is that lotsa people have their favourite device(s) with them pretty much all the time. That means they can respond to stuff from bed, the beach, while watching TV, while watching the kids at the playground (saw this woman almost get smoked by her kid on a swing while she was occupied with her iPhone – yes, I would have laughed), what/where/whenever. It’s really cool that you can get someone to respond at anytime, but remember that YOU ARE INFRINGING ON THEIR PERSONAL TIME. Granted that it’s likely their fault because they’re using the same device to watch Formula 1 videos on Youtube and respond to RFP’s but you can’t do anything about it because I bought the device so there. Nyah. Nyah, nyah! Sorry. Anyways, there are times that folks need to respond immediately, and BYOD certainly facilitates this. But, there are also time when folks need to chill without worrying about work. You’re the boss so I expect you to set the right tone and provide the right example.

So what’s my point? BYOD is a good thing in the right circumstances. Refuse collection specialists won’t benefit, but knowledge workers and field staff likely will. It’s also a pretty safe bet that if you allow your people to work with tools that they actually like and see as cool, they’ll be a bit happier and maybe even a bit more productive.

BYOD is appropriate based on the role, not the organization. In my job as a consultant it’s perfectly reasonable to allow me to use whatever device I choose. However, the same can’t be said for the people that process invoices, even though they bring as much value to the organization as anyone else. Have at ‘er and consider the following before going all BYOD:

  1. Are devices your major issue? You’re freakin’ lucky if they are. Most orgs have way more serious stuff going on than what can be solved by allowing someone to do their job on a tablet.
  2. Can you secure your stuff properly? My wife doesn’t want to see quarterly sales projections and my boss doesn’t want to see my wife & I [fill in the blank with whatever you want, you dirty devil, you].
  3. Do you want to get into app development? You do? How many platforms & form factors & screen sizes/resolutions do you want to develop for? Oh, and support? And maintain?
  4. Privacy. Closely related to the security thing. Yes, they are different. Go look it up if you don’t believe me.
  5. If you go BYOD, can your users still access everything they need to do their work?
  6. What’s the impact to employee working hours going to be? They’ll have the gadgets with them 24/7, will you expect them to be available/reactive 24/7? Shame on you if you will.

I’m not saying that BYOD is a bad thing, just think about it a bit before you commit.

 6 Comments

 Posted on June 4, 2012 by

 Cloud, Customer Experience, Devices, General, Governance, Implementation, Mobility, Privacy, Social Business, Social Media, Usability, Useability

     , , , , , ,

Archives

PHIGs IMC Inc.

Blog at WordPress.com.

%d bloggers like this: