Well, the other shoe called Documentum dropped that everyone was expecting once Dell and EMC got together. And in somewhat record speed. AIIM does not take positions on things like acquisitions, but obviously the extended AIIM community is buzzing about this. I thought I would find as many articles as I could and put them in one place and let folks form their own opinions.
Information management is boldly on the horizon. Everyone from C-level thought leaders to end users are dreaming up enterprise content management possibilities and asking an important question: how can my organization go beyond its current ECM state? In order to determine which enterprise content management component(s) an organization requires to take the next step in their ECM capability– whether it be a technology, methodology, or human resource – begins with taking stock of what is already in place; only then, can it be resolved where we are currently, and where we desire to go in the enterprise content management space.
Today the use of E-Signatures is an acceptable business practice that is admissible in times of litigation and audit. The key to success is to identify and understand regulations based on particular business processes for E-Signing. In Europe one regulation is changing the game. Effective July 2016, the new EU regulation on electronic identification and trust services 910/2014 – typically referred to as eIDAS - goes into force. It is designed to propel digital transformation a as a major corner stone for a single European Market. One of its major goals is to fuel E-Signature adoption in Europe by largely replacing 28 nation laws on E-Signatures. eIDAS comes with new options to go digital with both identification and signing processes.
I've been collecting examples of "Digital Disruption" -- the negative flip side of Digital Transformation. In other words, examples in which a well-entrenched incumbent just failed to see the writing on the wall. My experience has been that when Digital Disruption sweeps through an industry, it usually meets this test: In less than 10 years, 90% of a company's/industry's value DISAPPEARS. Here are just five examples.
In pursuit of the paperless enterprise it is often easy to lose our way. Projects stall, months pass and ROI is nowhere on the horizon, and all the while paper continues to rifle through our processes like stubborn weeds. Paper overwhelms the enterprise, and the difficult task to remove it all can cause a crisis of motivation. Stakeholders ask: “What is the point of driving out paper? What destination is this digital journey leading us to? And is it worth it?” The short answer: yes, and here’s why.
I hear people from around the globe, complain about SharePoint that it doesn’t do this, or we thought it did that. Yet the AIIM Industry Watch Report titled “The Impact of SharePoint 2016” finds when it comes to SharePoint meeting organizational expectations, nearly half of our respondents are happy with SharePoint and the on-going product roadmap, with half also in agreement that SharePoint is providing good value for the cost. Typically, these organizations have a focused plan, working as a cross-functional team rather than total reliance on IT to make it all happen. This should also be an on-going practice for every aspect of a SharePoint project from initial purchase through upgrades and expansion, to ensure SharePoint is addressing the business needs and solving business problems, and not put in place for technology sake alone.
Here are 8 paper free nuggets to get the juices flowing. Number 1 -- Paper in the Office -- only 17% of respondents work in what could be described as a paper-free office. 31% admit their office is piled high with paper documents and paper processes. 40% still use paper for filing “important stuff," and 56% are wed to signatures on paper for contracts and order forms.
Agility and efficiency have become the keys to meeting the growing and changing demands that come with digital disruption. Businesses can no longer afford to waste time with lengthy business analysis, development and implementation projects spanning two or more years. Organization leaders know that change must occur rapidly to remain competitive, retain current clients, and attract new business and BPM has become the method of choice. Business Process Management (BPM) in a true sense is the combination of process, people, information, and technology focused on resolving operational business problems – making businesses run more effectively.
Process improvement and automation using BPM as the framework is an essential part of the Digital Transformation of businesses. The more paper is eliminated from processes and digitally born information is created, the greater the dependence upon and need for efficient, effective, and secure digital workflows. When assessing process improvement and automation opportunities, include the identification of and ways various information sets are integrated with the process and remember to look at the end-to-end process rather than just the departmental workflow. What gets changed in the department could have negative impact on other departments feeding this process or that this process feeds.
It is the best of times and the worst of times for HR professionals. Many organizations have reaped enormous benefits from more effectively managing the unstructured information association with core Human Resources processes. That’s the good news. The bad news is that MOST organizations have not yet moved down the path of HR automation, creating huge inefficiencies and risks in their hiring, retaining, employee servicing and firing practices. Consider for a moment the huge variety and volume of documents associated with HR processes, each of which carries with it different regulatory and legal requirements.
You might also be interested in the following to get 2017 off to a GREAT start:
How to Plan Your Information Management Strategy in 2017 -- To help you, AIIM’s chief analyst, Bob Larrivee, has compiled the data from five community-wide surveys and identified the game-changing trends you need to know about. Join us as we outline these trends, the stats behind them, and offer strategies to approach these critical changes to the way you manage information in 2017
How to Plan Your Information Management Strategy in 2017
Information management constantly adjusts and reacts to advancements in technology and attitudes. While the way we manage information has undergone a substantial transformation in the last few years, the technology that incited the changes is still growing and at a faster pace than most can keep up with.
So, what does this mean for you? How can you stay ahead rather than simply jump on the bandwagon? To help you, AIIM’s chief analyst, Bob Larrivee, has compiled the data from five community-wide surveys and identified the game-changing trends you need to know about.
Join us on January 18 at 2pm as we outline these trends, the stats behind them, and offer strategies to approach these critical changes to the way you manage information in 2017, including: the rise in compliance and risk driving Information Management, the importance of inbound capture processes, the benefit of automated capture processes, the role of capture with content analytics.
We’ll also hear from leading technology consultant Mark Brousseau as he shares customer use case stories to put this analysis into context. Mark and Bob will then offer best practices and recommendations for applying this knowledge within YOUR organization and help you make the case to your executives to help you succeed.
Interestingly, 2 of the 10 are more than 5 years old, proving that content does indeed have a long tail. Take a guess before clicking which X2 are the long tail – no cheating – and then see if you’re right!
Now that you’ve looked at which two are more than 5 years old, what does that tell you about the continuing risk-centered challenges associated with unmanaged content. Much as I think the business driver for content management HAS to change to the value side of the equation if we’re ever going to get more widespread adoption, there is still a VERY LONG tail of risk and compliance concerns that haven’t gone away – in fact, I think they’re getting worse.
Calling all #InfoGov experts – What Advice Would YOU give?
I was thinking about one of the data points in our current State of the Industry Report (Free Executive Summary HERE) – the one that points to a rise in focus at large companies on risk and compliance as a primary business driver for IM.
The number of large organizations citing compliance and risk as the largest driver for IM has risen sharply in the past year from 38% to 59%. 44% of mid-sized organizations also cite this as the biggest driver whereas smaller organizations consider cost savings and productivity improvements to be more significant drivers.
To be honest, this data point bugged me a bit – it seemed at variance with some of my thoughts about Information Governance – i.e., that they key to moving Information Governance out of its narrow RM niche was to focus more on value rather than risk.
But I got a call from a significant company on the Fortune 1000 list (that will remain nameless for now) who posed a business problem that perhaps reinforces the above data point – but perhaps in a different way than I would normally consider the question.
Here are the points he/she raised. Kind of like a Harvard business case:
We have our knowledge worker content currently in 3 places: 1) Google Docs; 2) an EFFS product; and 3) file shares. We are not a SharePoint shop.
We are not in an industry space like financial services or pharma where there are a lot of industry-specific compliance or regulatory requirements.
We want wherever possible to leave our existing information in place, and apply a “lite” governance layer (his/her words) above our 3 primary repositories that would allow us to understand what people are doing, apply retention and disposition where appropriate, be able to audit/verify these processes, and be able to apply holds should the occasion arise.
Usability and simplicity – at both the administrative and individual knowledge worker level – is our top priority.
In a nutshell, we want to be able to demonstrate that there is a level of adult supervision and accountability to how we manage our knowledge worker information. Does this need to be perfect, no. Does it need to be a verifiable process, yes.
We want to start with three departments, but then scale up. Ultimately, the potential scale is quite large -- 10+ terabytes.
We are not interested in a lot of workflow functionality at this point. Perhaps down the road, but for now this project is being driven by the legal folks.
The fundamental question we would like to address and at reasonable cost is a very basic one and one that you, John, have raised in your presentations:
Where should we tell our knowledge workers put their “stuff” so that it is…1) Secure, shareable, and searchable so the ORGANIZATION can accomplish its goals; and 2) Works the way they work and is useful to THEM in getting THEIR job done.
I have my own ideas about this, but I thought I would open it up to the community and perhaps everyone could share in the results.
The Advice Clinic is Open.
What recommendations would you give, and why?
You might also be interested in this white paper on EFFS technologies:
There will be more follow-up re AIIM16 in the weeks ahead, but suffice it to say it was one incredible event. 800 people pasionate about helping their organizations turn information chaos into information opportunity. On behalf of the staff, thanks so much to the speakers and attendees who made #AIIM16 a roaring success.
“Surveillance is the business model of the Internet for two primary reasons: people like free, and people like convenient. The truth is, though, that people aren’t given much of a choice. It’s either surveillance or nothing, and the surveillance is conveniently invisible so you don’t have to think about it.”
“In the 17th century, the French statesman Cardinal Richelieu famously said, ‘Show me six lines written by the most honest man in the world, and I will find enough therein to hang him.’ Lavrentiy Beria, head of Joseph Stalin’s secret police in the old Soviet Union, declared, ‘Show me the man, and I’ll show you the crime.’ Both were saying the same thing: if you have enough data about someone, you can find sufficient evidence to find him guilty of something.”
And there you have it in a nutshell. What I call the Internet’s “Privacy Enigma":
How much information am I willing to trade off for convenience?
Who should have access to MY information?
Do I care whether this access is by a government or by Google? Why?
How far am I willing to stretch the bounds of access and privacy to allow law enforcement to go after the bad guys (like ISIS)?
Do I have any confidence that governments will stop there?
Does sounder encryption ultimately help or hurt the bad guys?
Until recently, the protection and security of information on identifiable individuals had a relatively low profile. Most countries, regions and states have data protection legislation but they vary considerably in the level of protection decreed. Exposure of personal information or data breaches were relatively rare, and state surveillance of such information was generally covert and not acknowledged by governments.
All of this changed quite dramatically in the last few years as a result of the following tensions:
Tension #1 -- We’re Saving Everything.
The amount of personal data stored by companies and governments has soared, and the value of that data to thieves and fraudsters has multiplied as more and more personal business is transacted on the internet. Schneier provides a good summary of the dynamic at play:
“Some quick math. Your laptop probably has a 500-gigabyte hard drive. That big backup drive you might have purchased with it can probably store two or three terabytes. Your corporate network might have one thousand times that: a petabyte. There are names for bigger numbers. A thousand petabytes is an exabyte (a billion billion bytes), a thousand exabytes is a zettabyte, and a thousand zettabytes is a yottabyte. To put it in human terms, an exabyte of data is 500 billion pages of text. All of our data exhaust adds up. By 2010, we as a species were creating more data per day than we did from the beginning of time until 2003. By 2015, 76 exabytes of data will travel across the Internet every year.”
Per Schneier, “In 2015, a petabyte of cloud storage will cost $ 100,000 per year, down 90% from $1 million in 2011.” On an individual level, we are now saving all of the “stuff” that we all used to periodically get rid of because it was too expensive to save. And so are many companies and organizations.
Tension #2 -- We Actually Have Tools to Understand all the Stuff We’re Saving.
At the very same time that the volume of information being stored has soared, so too has the capability of analytics to make sense of, interpret, find, and link information that was previously incomprehensible due to its sheer volume.
There are any number of ways of demonstrating that this revolution is here and it’s real, but for me one is sufficient. Who could have imagined these Watson commercials even a few years ago?
Wow. Bob Dylan meets Hal in a commercial during a football game. Who would have thunk it? The times they are a changing.
Tension #3 -- Multiple and Inconsistent Responses to Privacy.
The Target security breach and the nearly weekly parade of similar breaches forced companies to look at new approaches to battle organized security attacks. Per AIIM, 36% of smaller organizations, 43% of mid-sized and 52% of large organizations have reported a data breach in the past 12 months. 19% reported a loss due to staff intent and 28% from staff negligence, compared to 13% from external hackers. As a result, 26% suffered loss or exposure of customer data and 18% lost employee data.
Different countries and even different states have different interpretations of what is and isn’t regarded as personally identifiable information. They have varied regulations on the obligations organizations have regarding seeking permission to hold data, keeping information secure, disclosing what they hold, how long they have held it, what it is used for, and also their obligations should they lose it. For example, an AIIM report outlined significant differences across 13 countries for storing personal information in the cloud.
In Europe, legislation to protect personal information originated in the OECD in 1980. The ideas were taken up by the EU Data Protection Directive in 1986, but were interpreted differently across European states - and have been ever since. The US endorsed the OECD recommendations but did not implement them, creating further discontinuities to the global legal framework. In 2012 the European Commission published a draft European General Data Protection Regulation (GDPR) which will be mandatory throughout the EU and the EEA. Although much delayed, it is expected that a final version of the GDPR will be signed off early in 2016, and will become mandatory in 2018. Per a recent AIIM survey, for 45% of organizations, privacy rules are changing faster than they can change their systems.
Tensions #4 and #5 -- The Snowden Revelations and the ISIS Threat.
In the midst of this storage and analytics revolution and the resultant attempts by governments to deal with these forces, two additional external forces have raised the stakes even higher. A drive by organizations and individuals to protect and encrypt private information was a natural reaction to the Patriot Act, to the Snowden revelations and to what these revelations said about the ability of governments to access private information.
“There are two basic ways people use digital encryption. The first is to lock up data ‘at rest,’ or when you're trying to protect information that's stored somewhere, such as on your computer or your smartphone. You can think of it sort of like a combination safe for your data. In most cases, you use a password or passcode to unlock it. This kind of protection is especially useful if a device gets lost or stolen because it means that whoever gets a hold of it won't be able to dig through whatever personal information might be stored on it.
The second is to secure data ‘in transit,’ or when you're trying to protect information as it travels across the Internet. Here, you can think of encryption as sort of a decoder ring: The two sides of a digital conversation exchange keys that let them understand what each side is saying but prevent others from being able to understand it.”
There has been much controversy of late about the necessity and convenience of using encryption to protect data – partly due to governments in the US, Canada and the UK seeking to preserve the ability of intelligence agencies to monitor and intercept communications, whilst acknowledging the need for all organizations to comply with their data protection and commercial security obligations.
Traditionally, it has been simpler not to encrypt general content as it can disrupt search mechanisms, and create password issues when sharing amongst multi-discipline project teams. However, with the increase in cloud content management services, encryption by default has become a desirable feature, although unless the keys are held by the user, rather than the service provider, it only offers protection from a bulk failure of the host security, rather than built-in security for any individual document. Encrypting all content stored on laptops, USB drives and phones makes much more sense, as bulk data loss is quite likely to occur.
After being burned in the Snowden revelations, private companies also announced policies to inform their customers when they were under government surveillance. Per Techspot in a December 2015 article, “Last week, it was reported that Yahoo had become the latest company that promised to alert users who it suspected were being spied on by state-sponsored actors. Twitter, Facebook and Google had previously assured their users that they would also warn them of any potential government spying.”
As individuals and corporations implemented more advanced encryption capabilities to protect their information, governments began to get concerned about being shut out of these systems, a tension exacerbated by the use of encryption technologies by ISIS.
Again per Techspot, “UK ministers want to make it a criminal offence for tech firms to warn users of requests for access to their communication data made by security organizations such as MI5, MI6 and GCHQ (the Government Communications Headquarters).”
Per the Washington Post, “over the past year, the U.S. government has been mired in a debate over encryption, one that some intelligence and law enforcement officials have tried to rekindle in the wake of the recent attacks in Paris and San Bernardino, Calif. In a televised address...President Obama even alluded to the issue, saying he 'will urge high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice.' And now, the chairman of the House Homeland Security Committee is calling for a commission on encryption and security threats.”
Watch this space. I am convinced that ultimately, all of the conversation about information governance will ultimately be subsumed into the conversation about information privacy and security.
These are some of the security and governance issues we'll be discussing at AIIM16. Join us.