TakingAIIM

Iron Mountain (NYSE: IRM), today announced the signing of a
definitive agreement to acquire Stratify, Inc. for approximately $158
million in cash. (See press release)

Iron Mountain and Stratify have been courting for several months.  In January of this year they announced an alliance. Today this “common law couple” announced their officially tying the knot.  The big winner here is Stratify, a company that began as Purple Yogi, offering dynamic taxonomy construction and management technology.  After floundering in the taxonomy space for a few years Stratify re-branded itself as an e-discovery service provider, leveraging their expertise and technology in a SaaS model.

Iron Mountain’s position in the paper records storage business is unparalleled.  They are in an enviable position from which they can turn these “paper customers” into “e-customers" as well.  Of course, in order to do this they have to establish a level of credibility and services in this new space.  The turning of the alliance with Stratify into an acquisition strengthens that position somewhat.

The SaaS model of Stratify complements the traditional Iron Mountain role as “custodian” of records, i.e. they will physically house and manage the electronic records and documents. It is interesting to note, however, that in our recent Market IQ on Content Security, 78% of the 600 organizations polled indicated that they would not likely implement their content security (read records management, compliance, etc.) system in a SaaS model.  As we stated in the Market IQ, this is more likely based on immaturity among the public, than legitimate concern for the model.  Iron Mountain will nonetheless, along with other players in this space, have to educate the market and overcome this resistance.  The reputation they have built in the paper world can only serve to help.

Happy Halloween.  As I sit here thinking about tonight's activities with the kids, I could not help but think about Content Security - what can I say I am a real content geek I guess.  But it is true - the volume of content and the ease with which it can now be shared/accessed has created a real trick-or-treat dilemma for virtually every organization.  On one hand, our ability to collaborate and innovate as teams, to share our knowledge and build networks far beyond the physical boundaries of our offices is unprecedented and powerful.  There's the treat.  But on the other hand, this same volume and  ease of sharing has put the organization at great risk.  Careful or you may get tricked.  Whether through malicious intent, or accident, it is far too easy today to put the organization at great risk by mismanaging content.

Content security is no longer an issue for the IT department alone.  It is no longer a black and white issue - keep the "wrong" people out and then trust the "insiders" to do the right thing.  Content security is now an issue for virtually every business executive, knowledge worker and IT professional alike. 

So if you find yourself faced with this dilemma, join us tomorrow when we take a deep look at positioning content security as both an enabler of innovation and guardian of content.  The webinar will include insights into our recently published Market IQ.

To register for the webinar (2:00 pm EST 11/1/2007), go to http://www.aiim.org/webinar-events.asp?ID=4091&Task=Register.

Do you want a good Halloween scare for today?  Consider this, among the 600 organizations we polled,43% said they did not know if their content had been inappropriately accessed in last 2 years. AHHH - what is scarier then the darkness of the unknown.  (Similar findings were uncovered regarding malicious and accidental inappropriate deletion of content.)  I hope to see you at the webinar. 

I recently became aware of another conference on Innovation Management, Global Innovation Exchange.  I have attended a handful of these over the last 2 years, but this one caught my attention because its very staging is a nod to innovation itself.  The conference is virtual.

As I mentioned in an earlier post, I recently returned from the UK, where I attended the ATM meeting of AIIM Europe.  In addition to making a presentation on the role of ECM in Enterprise 2.0, which was the focus of the previous blog, I also had the pleasure of chairing a panel of ECM end users who discussed the realities of their ECM deployments.  There were three panelists representing Johnson Controls, Nationwide Building Society and Inland Revenue. 

Each panelist was very articulate and well seasoned.  I had great respect for the depth of the insights they offered and the degree of candor with which they were offered.  Though some of what they said has been said before, perhaps it needs repeating.  I have taken the liberty of paraphrasing their comments, and am providing them here as a snapshot on the pulse of the ECM user experience.  These are presented in no particular order – just the order in which comments were made by the panel in response to questions from the AIIM ATMs.

It is critical that ECM projects involve the business/user community early on and throughout the project’s lifecycle.  Business users need to be educated on the what and why proposition of ECM, or else they will resist any adoption.  It is often helpful to start with a simple, targeted deployment and use it as part of the learning experience, enabling more wide-scale deployments later in the project.

The introduction of the CIO is considered a best practice. The chief or manager of IT services may still exist, but reports to the CIO.  The most important difference is the focus of the CIO on enterprise information, as an asset, and not technology per se.

It is wise to have a CRO (Chief Risk Officer) sign off on all ECM projects.  Typically, ECM implementations will make concessions on functionality for a variety of reasons, ranging from lack of budget to a need for infrastructure investment.  These concessions need to be documented and understood and appreciated by the CRO, i.e. what have we accomplished and are we still vulnerable in any manner. 

It is wise for the solution providers (i.e. vendors) to sell their wares to the CIO, and not to the end users of the solution.  Education and “internal selling” is seen as a role of corporate personnel, not the solution provider.  Software purchases need to be coordinated across multiple priorities and platform issues, and should not be addressed as piecemeal buys between a vendor and a user department.

Collaboration is a very real issue within the organization.  Various levels throughout the enterprise are seeking ways to collaborate.  Enterprise 2.0, however, is not a word that is used much, if at all.  It is seen as something off in the distance, whereas records management, web content management, document management and e-mail management are very real.  However, if Enterprise 2.0 is positioned as a new approach to collaboration, you are likely to get some attention, because, again, collaboration is on the minds of many.

The key business driver behind any ECM purchase is an alignment and support of a bigger business strategy.  You need to take a good look into what are the business drivers of the organization, and then determine (and educate the business) on how specific technologies can help achieve those goals.  Do not discuss the technology or tactical deployments, but the realization of a business objective.  If this is accomplished, the issue of cost savings and ROI becomes a “nice to have” component of the justification, not mandatory, unless you are a government entity in which case cost and ROI will likely be the most compelling driver behind any ECM investment. 

Autonomy announced an agreement to acquire record and document management vendor, Meridio.  (See announcement)

The ECM industry continues to consolidate through acquisition.  With this instance, Autonomy, whose roots are in enterprise search, strengthens its offering as a platform play in ECM, more in league with OpenText, IBM/FileNet and Documentum, distancing themselves from search/navigation pure plays from vendors such as FAST, Google, Endeca and Vivisimo. 

This acquisition builds on an earlier acquisition of Zantaz, which provided Autonomy with e-mail archiving and management.  In my aiimAlert on the Zantaz acquisition, I noted that Forrester was quoted as stating the Zantaz acquisition made Autonomy more attractive as an acquisition target for the likes of EMC, Oracle and IBM.  I did not agree with that observation then and still do not.  It would appear that Autonomy is more focused on direct competition than possible acquisition.  With its recent acquisitions, Autonomy is building a content management platform.  Its strategy is markedly different from  competitors such as Oracle and EMC who built their platform from the ground up.  Whereas these companies began as a storage/infrastructure, and acquired content management functionality leading to interface and search, Autonomy started as an interface and search company, and is working its way down the functionality chain, so to speak, to include fundamental management and archival.

With the acquisition of Merdio, Autonomy positions itself as an Enterprise 2.0 platform provider.  Merdio brings tight integration into Sharepoint (including collaboration and content management).  With the anticipated integration of the rest of the Autonomy technology, including a host of search functions, workflow, SNA, tagging, and archival, a multifaceted Enterprise 2.0 platform is emerging. 

It will be interesting to see how Autonomy handles the issue of search in its solution implementations.  As stated, Autonomy began as a search tool, and added to this functionality with its past acquisition of search rival, former search leader, Verity.  But, as it morphs into a Enterprise 2.0 platform play, will Autonomy be wise to make its search functionality optional, allowing customers to plug “best of breed” search tools, search engines that are not application specific?

This news came on the heels of Autonomy stock falling after Q3 numbers were released.  (See related article)

Earlier today I posted on the merits of ECM delivered in a SaaS model.  Over the least week, I have also been commenting on the newly released AIIM Market IQ on Content Security (download report).

There is a most interesting point of intersection between these two topics.  In the Market IQ report, we posed the question to 600 responding organizations, “Would You be Likely to Implement Your Content Security System in an Outsourced or SaaS Model?"   An overwhelming 78% stated that they would not.

Of those that said “No”, 38% cited “Lack of Control/Increased Security Concerns” as the number one reason why.  This is a legitimate concern.  As discussed in detail in the Market IQ report, security online content is a complex issue.  Today’s security much be agile enough not to inhibit communication and collaboration, yet thorough enough to eliminate unauthorized sharing/access, whether intentionally or accidentally.

One of the overall key findings in the Market IQ was that the market is relatively immature and requires a fair amount of education.  I believe this is the case with regards to a SaaS approach to Content Security.  Surely no organization should ever surrender control of their business content to a third party without a thorough examination of that party’s capabilities.  But it is reasonable to foresee a situation in which a content service provider offers a level of security as good as, or even better than what the content owning organization can provide. 

As the market and the courts mature (see earlier post: Courts Get  Serious About Digital Content), it will be interesting to see how this issue unfolds.  Those considering outsourcing content management (and security), need to make a thorough assessment of the security provisions offered by the service provider.  Agreements should clearly indicate the degree to which the service provider “guarantees” security and the limit to their liability should a breech of security occur.   Organizations will likely someday be provided statements of content management and security from a service provider that can be incorporated, by reference into the Corporate Governance Plan.

Indeed, looking forward I can see a time when organizations “surrender” their content (and its security) to a “professionals” that provides a state-of-the-art industry best practice in content management and security. Organizations have taken this approach with paper files for many years.  It is only a matter of acclimation before they become as comfortable with similar digital services.  Simultaneously, content management service providers are wise to begin developing such offerings, and determining how they will handle the legal assuring aspect of this nascent business proposition.

This and other related issues will be discussed in the upcoming AIIM Webinar on Content Security, being held on November 1, 2007. (register). 

SpringCM announced the availability of workflow/BPM and capture capabilities in its SaaS Document Management system.

On one level this is not news – document management systems such as Documentum, OpenText and FileNet have provided integrated workflow and capture functionality for several years.  Indeed, until now, for organizations looking at document management with a compelling need for workflow, the SaaS alternative offered by SpringCM would probably fall off the short list.  With the addition of these new capabilities, document management with integrated capture and workflow, as a service has become a viable alternative.  As I stated in a previous post focused on Alfresco, the SaaS and Open Source models are quickly becoming strong competitors in the ECM marketplace, with full functionality.

It is interesting to note that this post is being made at about the same time that Gartner released a “Magic Quadrant” on ECM vendors.  (I posted regarding this quadrant earlier this month, questioning the placement of Microsoft versus others.)  I failed to notice at the time, but was reminded by a post by Dan Ortega on his blog, that this “Magic Quadrant” is void of any SaaS or opensource ECM providers.  Dan does a good job pointing out that while SaaS vendors may be small in comparison, today, they represent a future market direction.  Here I would have to agree, especially in light of the comments I made above.   

Today, Xerox announced the release of new technology that automates the process of removing confidential information (i.e. redacting) from documents.  Known as Intelligent Redaction, this functionality represents a new component to content security.

Today, serendipitously, AIIM Market Intelligence released it Market IQ on Content Security (download report).  In this report we discuss the challenges enterprises face, given the growing volume of digital content, the ease of sharing digital content and the growing need to secure/meet compliance initiatives.  Many point technologies are reviewed in this report.  Content Security in our definition is not a single technology, but an ecosystem that manages and protects content in context, from cradle to grave.  Intelligent Redaction is not specifically overviewed in the report, for obvious reasons, but represents a new offering under the functionality of data leak protection, which is highlighted and positioned in the Market IQ report. Intelligent Redaction includes detection software that uses content analysis to protect sensitive information on demand, in context. It can encrypt only sensitive sections or paragraphs of a document.

Intelligent Redaction represents a growing family of technologies that are designed to support online collaboration and sharing of content, while not putting the content owners at risk.  This is the value statement of Content Security.