Digital Landfill

Arthur Hedge is the President of Castle Ventures LLC, an Information Security consulting firm.  Arthur is active on several AIIM standards committees and is on the board of the AIIM Garden State Chapter. 

Arthur is a member of OWASP, ISSA, and a Certified Information Systems Security Professional.

8 Information Management Security Predictions for 2010

1 -- Someone will develop an alternative to the PDF file.

With all of the security issues that have plagued the Adobe PDF format due to its use of JavaScript, someone will come up with a new, safer, long-lasting document format.

2 -- To improve security companies will increase the use of cloud-based document storage.

For many small and mid-size organizations the promise of a more secure facility offered by cloud service providers will drive them to increase the use of third party solutions for document storage.  This will be driven the by the economies of scale that the cloud providers can generate.

3 -- To improve security some companies will avoid cloud storage.

Yes, this seems like a contradiction to the previous prediction, but larger organizations will react differently to cloud computing. There are two key drivers. First, as the clouds grow in importance they will become more of a target. Researchers at UC, San Diego and MIT have already demonstrated a theoretical attack on the Amazon infrastructure. Secondly, litigation fears will increase. For example, Google is repeatedly subpoenaed for information. A cloud provider is far less likely to go to the mat to defend the privacy of documents than the organization that owns them. Some organizations, especially large multinationals, will be afraid to keep documents in an environment where a government can get access to that information via the simple threat of a subpoena.

4 -- Hacked email scandals will increase.

Hackers tend to be copycats. In light of all of the publicity generated by the theft and release of the emails in “Climategate” scandal involving the Climate Research Unit at the University of East Anglia, the hacker community will increase its efforts to breach other politically sensitive organizations. As that makes news a vicious cycle of attacks will begin.

5 -- The cyber security czar will not directly affect the enterprise content management (ECM) market.

In December of 2009, President Obama named Howard Schmidt as the White House cyber security coordinator. My guess is that his focus will be on big-picture threats to the United States that will not drive any changes in the short run to the ECM market.

6 -- State privacy regulations will drive security efforts in the ECM space.

The Commonwealth of Massachusetts’s regulations on personal information go into effect on March 1, 2010. This will lead to other states following suit and the requirements for businesses to better protect personal information will continue to increase.

7 -- A celebrity will have their Electronic Medical Records hacked.

With the drive to move more and more medical records into an electronic format, the temptations for rogue computer users to access patient information illegally will grow, leading to a high profile release of a celebrity’s medical history.

8 -- Document integrity will grow in importance.

With the increasing publicity shed on breaches, someone in 2010 will release documents that are forged.

-----

Some other posts worth considering...

• 8 things you need to know about information risk 
• 8 things you need to know to build an ECM strategy 
• 8 things you need to know about developing an ECM information architecture 
• 8 things that changed the history of document management 
• 8 things you need to know to manage the explosion of information  
• 8 things you need to know about workflow and business process engineering   
• 8 things small businesses need to know about document management 
• 8 things you need to know about using ECM for regulatory compliance

Document Management Service Companies are the Rodney Dangerfield of the ECM industry -- they just don't get no respect. Or maybe a better way of saying this is that they are the great hidden treasure of the document management industry.

We've done some 8 things postings by guest bloggers on many topics, but none have adequately covered the case for working with a service bureau.  Last year, Mitch Taube from Digiscribe talked about the 8 things you should look for in a document management service provider. The piece was very insightful in helping end users sort through how to choose among service providers. 

But that begs the question of why an organization would think about working with a document management service company or service provider in the first place. 

So I thought I would post my opinions on the role that Service Companies play, with a little help from some of the experts in the space (listed at the bottom of the post).

Any resemblance between me and Rodney Dangerfield is purely accidental.

8 Reasons to Consider a Document Management Service Company as Part of Your Information Strategy

1 -- The modern service company ain't your father's service bureau.

Because service companies have been a part of the document industry for so long, sometimes there is a preconception that they are not skilled in the latest technologies. Nothing could be further from the truth. The modern service company offers a wide portfolio of services -- outsourced scanning, software sales, and the professional services to tie everything together. There are many organizations for whom document management is not a core competency -- nor should it be. A service company can fill this gap, and do so with a guarantee that the parts will fit together.

A professional service company has probably seen every size and type of document known to organizations today.  They have a wealth of experience is solving problems in all industries and can often suggest a better solution than what a company may develop internally.  The service provider is constantly in touch with business partners that have new solutions that can be applied to old problems.

2 -- On the other hand, it very likely COULD be your father's service bureau -- and that's not a bad thing.

Unlike many companies that have only been in the information management business for years -- or months -- many service companies in the document industry have been around for decades. Many got their start in the microfilm business. One of the best events AIIM does is an annual Executive Forum for owners and senior executives of service providers. This event has been in existence for more than 30 years, and is more successful than ever. 

In an industry with many fleeting connections, this longevity and commitment -- within the industry and within local communities -- is a valuable asset. It provides a guarantee to end users that they will have a stable and committed partner so that they can focus on their core business.

3 – The information management landscape is changing rapidly.

Partnering with a progressive and quality document management company will provide you the peace of mind that comes with knowing where the land mines are also allow you to concentrate your efforts on your core business development. The nature of the conversion business dictates that you must continually update software and hardware offerings to stay current with the latest technology.  Corporations attempting to do their own scanning and information processing are not going to update software and hardware anywhere near the regularity of a full-service conversion partner.

4 -- This document stuff just ain’t what you wanna do for a living.

What are the questions that should be asked by any business to determine if a function is a core competency? If the answer to any of these three questions is “no." you should seek to outsource the function. 

• If my organization was started today, would we do it ourselves or contract it out?
• Could we do it so well that others would hire us to do it for them?
• Will future leaders of my organization come from this skill set?

For most companies looking at either large backfile capture projects or ongoing scanning, the answers to ALL of these questions is “no." If the job ain’t one you wanna do and DO RIGHT, you should look for a company for which this IS their core competency!

5 – Service companies do way more than just scanning.

These days most service bureaus offer much more than just scanning. They actually offer solutions to client business problems, and in this day and age that is what clients should be looking for in a service bureau. This might come with consulting with the client on how to index the scanned documents for easy retrieval, offering a document management system, offering a capture solution or e-forms package. All of these are offered to the client to make their job more efficient, and in the end be more productive and drive down the cost of doing business. 

6 -- It’s the security stupid!

We are continually reminded of the importance of protecting confidential information and personal identification that is often found on the documents being converted.  A professional document conversion company will be SAS 70 Type II Certified and PCI DSS Certified, and will often be in compliance with new data privacy laws being enacted at the state level.  These requirements mandate items like background checks on all employees, CORI investigations, 24X7 building security from an outside agency, multiple building entrance requirements and detailed procedures for chain of custody when customer documents are in their possession.

7 -- Your staffing requirements fluctuate. 

Dealing with multiple clients and a variety of application solutions allows the professional service company to maintain a qualified staff and distribute the workload appropriately.  Companies that try to maintain an in-house scanning operation must deal with personnel issues, promotions, absent staff, etc. that will disrupt the orderly conversion of documents and data because this is not their core business.

8 -- What's worse than no document management system? A document management system with nothing in it!

We frequently find end users who spend an enormous amount of effort to select a document or ECM system, but next to no thought or planning on actually getting information into that system. The last thing you want to do with your brand spanking new document management system is spend precious staff time doing backfile conversion. Leave that to the professional and focus on your business.

-----

If you are an executive at a Service Company or Systems Integrator, you need to get AIIM's Document Management Service Provider Executive Forum on your calendar. The event will be November 4-6 in Nashville, and I can personally guarantee that you won't go to a better event this year. Check it out.

Thanks to AIIM immediate past chair Bob Zagami and to the following members of our Executive Forum planning committee who helped with this post:

• Chris Kelley, DataChambers Records Management
• Paul Engle, VeBridge Document Management Services
• Bob Zagami, DataBank
• Rich Seery, Seery Systems Group
• Also check out Bob Zagami's article, Managing Outsourced Conversion Services from Infonomics

Have you downloaded our free e-books yet?

 This is another in my 8 things series. And another anonymous posting to protect the innocent (and the guilty). I can vouch for the credibility of the author, but am sworn to protect his identity. This article focuses on the obstacles encountered by external consultants as they work to implement a SharePoint project -- and how they can avoid these pitfalls.

The posting was inspired by a previous popular one by an anonymous end user (Mona Lisa), 8 Ways to Kill Your ECM Project. 

Before consulting on any SharePoint project, a little detective work on the IT department can really pay off. One reason for this is that SharePoint has the reputation for being a "disruptive" technology. Let's deconstruct what this term means with respect to IT office politics before getting to the wrecking strategy detailed below.

First, we must acknowledge that SharePoint doesn't really fit any of the standard categories used to manage IT applications. It's not an ECM system in the sense of being exclusively focused on that function alone, though it can be used to manage content. It's not a search engine, though it can search across many types of content. It manages web content, but it manages lots of other content too. And finally, the straw that we always grasp at, it's a "collaboration" platform which is fuzziness itself when bean counters try to measure its ROI.

The ability of SharePoint to break IT boundaries is often at the root of the fear and loathing it inspires. For many, SharePoint challenges the inherent constraints that give IT processes whatever security and predictability they currently have. SharePoint lays bare these constraints, or, more diplomatically, standardized controls, in a way that often causes IT pros to deploy passive-aggressive strategies that sabotage their own ship. These strategies resemble those carried out by those disgruntled French railway workers who brought the whole train system to its knees simply by following a few neglected bureaucratic rules, like carrying out thorough bridge inspections before any bridge could be crossed.

It's a form of organizational jui-jitsu designed to stall projects that threaten the IT comfort zone. So, what are the key practices that foster such disasters? First, couple of definitions. The "infrastructure team" means the permanent enterprise operations staff. The support team signifies the permanently staffed technical personnel that supported and maintained enterprise applications, as well as developed new functionality during on-going projects as assigned by management.

So what are the most likely mistakes that are made in dealing with internal IT staff?

8 Ways IT Politics Can Wreck a SharePoint Project

1 -- Use a non-technical term to describe your server when conversing with the system administrator.

It takes only one mistake like this to land you in the same bin as project managers and sales people -- those who have to be heard but never listened to. If you find that your emails no longer get responses, even when you request specific operations, this may be the reason. Once you are marked in this way, it will take much more effort than is available in a high-pressure SharePoint project to get you out of the bin.

2 -- Imply that network issues may be the root of SharePoint performance problems.

Performance and stability issues always move the project team into the bulls-eye of suspicion. 

Who knows what can happen once untested code leaks out. And aren't you the same goof-ball that already confirmed your lack of systems knowledge? What an interesting idea you have. We'll discuss it among ourselves at the next Change Board meeting and get back with you.

The solution to this dead-end is to find a procedure that allows you to identify the network bottleneck. Unfortunately, this means troubleshooting a network that you played no part in setting up and whose documentation is safe from your prying eyes. Fortunately, the system administrators will usually realize at some point that the network really is the issue and come up with a fix, usually right after you have lost 5 days of project time searching for nonexistent object disposal errors.

3 -- Explain to IT that SharePoint is a single application rather than a collection of separately maintained applications.

Because of the way application boundaries are drawn, it is often impossible for IT to comprehend that SharePoint sites are not separate applications. They are polite, but they plainly don't believe you when you say that separate sites all share the same database, security, components, and configuration files and really don't require completely separate sets of architectural documentation. 

Such documentation, you say, would merely repeat the same descriptions over and over again for each separate "application." They nod their heads, smiling that smile that says, "We understand how lazy you developers are, and we sympathize, but we can't make an exception for you just because this will result in a monumental waste of time and eat into the functionality you are required to create for your customer."

4 -- Involve the support team in the detailed design of your SharePoint solution.

Though infrastructure and support people may have no SharePoint experience, they often insist on being included in the detailed design of your solution. During these discussions, they will ask penetrating questions such as "Have you thought about what will happen if documents are added to the system?" or "What will happen if users don't use the system the way you trained them to?" This latter question is always asked with a menacing glare that suggests that you have failed to devise a sufficiently severe method for punishing disobedient users.

5 -- Form a governance committee by getting your developers to convince end users to join.

Professional .NET developers tend to have the social skills of Vlad the Impaler. However, if the project managers don't accept the responsibility to form a governance committee and the business owner doesn't have time to do it and it's not the IT department's responsibility to help (in any way), then it's up to Vlad or Vladessa to add this vital ingredient for any successful SharePoint project. Vlad's RESTful web services are likely to be much more effective than the results of this assignment.

6 -- Make sure that high-level team managers never communicate with each other.

If managers don't communicate about what their teams are doing, then everyone feels less threatened and can carry out their jobs with lots more "Cheers" at the ends of their emails. So be sure to identify the most-overworked developer on your team, the one who does most of the actual work of creating solutions, and assign him or her lots of extra communication tasks. Use any means necessary to keep his or her attention off improving the quality of the code so that they are not such narrow and dull bar companions. By pushing communication duties down the chain, you ensure that those with the least overall sense of company dynamics have the most influence. And in a double win, you ensure that no synergies between teams can be leveraged.

7 -- Make sure no one on the support team has time to read project documentation.

The less they know about your project, the easier it will be to criticize. Therefore, since the goal of the support team is duplicate as much existing functionality as possible, keep them so busy on competing projects that they can never learn the project's applications. That way, when they're asked to support it, they'll have the ironclad excuse that they are too busy on another project that meets the same requirements already implemented by the SharePoint project team. Customers love to hear that the expensive project they just paid for needs to be redone correctly.

8 -- As soon as the support team sees that SharePoint is gaining acceptance, set up as many competing projects as possible.

Nothing succeeds like success. If users like the functionality SharePoint provides, then they'll like it even more if it's provided on an obscure, unfriendly platform that only the support team can maintain. Therefore, do development the right way by dividing up the previously delivered SharePoint functionality into parts that fit neatly into your pre-determined IT application types and make each new application into a six month's project. That way you'll prove to those cowboys on the project team the value of proper controls.

So what are the lessons derived from this disaster?

1. Get buy-in early from the infrastructure team by anticipating their questions and concerns and making sure that they hear your questions in their language.
2. Clearly communicate the infrastructure requirements, expectations for operational support, and other project issues. Get the necessary feedback about key project enablers such as network support. The time to identify network issues is at the beginning of the project, not the morning after the first release to production.
3. Demonstrate how SharePoint works by giving the support team a virtual image that they can study to attain the necessary comfort level with what your team is producing. Once they begin to buy into to the SharePoint model, whole categories of bureaucratic meddling can be eliminated.
4. No matter how busy you might be on project work, communicate and over-communicate with the support team, but do it in a way that maximizes both of your strengths. Your strength is your detailed knowledge of the team product. Their strength is their knowledge of the organization and the history of previous projects and what it takes to support them.
5. Governance is not only crucial to a successful SharePoint implementation, but it can be a major enabler of user commitment to the platform. Having said that, the politics involved in gathering together a worthwhile working committee are often beyond the influence of anyone on the project team. The lack of commitment of organizations to governance best practices is one of those issues inherent to the way modern corporations are structured. In most cases, the best hope is that one of your team is persuasive enough to make someone at the C-level support the initiative. Governance is something they understand and service on the governance committee can be rewarded in many ways.
6. Lack of communication between team leaders is very difficult to remedy at the lower levels. Someone needs to coordinate across teams to ensure that they are not competing with each other in a destructive way.
7. Rather than creating voluminous documentation, find ways to demonstrate the product through demonstrations. In the modern IT environment, the chances of anyone reading project documentation other than in an emergency are close to nil.
8. Make sure that the support team understands that your project will add to existing applications - not replace them. Your team's very existence may be interpreted as a sign of inadequacy. A persuasive case must be made that your team has been brought in to add new functionality that can best be provided by the SharePoint platform - and that the support team can use this as an opportunity to expand their skill set. Any planner worth his or her salt will make sure they thoroughly appreciate this.

Some other posts that may be of interest...

• 8 things you need to know about SharePoint governance 
• 8 things SharePoint 2010 needs to be a true ECM system  
• 8 more things you need to know about SharePoint 
• 8 things to consider when implementing SharePoint with another ECM engine 
• 8 ways to use SharePoint for social computing 
• 8 things you need to know about automatic classification and metadata tagging in SharePoint 
• 8 things to do to make content more findable in SharePoint 
• 8 ways SharePoint help in Enterprise Governance, Risk and Compliance 
• 8 things to consider when selecting an application to scan or capture into SharePoint 
• 8 Ways SharePoint 2010 Moves Toward "ECM for the Masses" 
  
• 8 Things You Should Know About Transactional Processing in SharePoint 
  
• 8 Ways To Benchmark Your Collaboration Strategy