TakingAIIM

Yesterday HP and Tower Software announced a pre-bid agreement for HP to acquire Tower. (See press release.)

The independent/standalone ECM solution market got 1 vendor less with this acquisition, leaving this segment of the market extremely lean.  Are Interwoven and Open Text the only two top tier players left alone (belles of the ball or wall flowers?).

OK, that aside, what does this mean specifically for HP and Tower?  According to the press release, " The acquisition of Tower will add electronic records management to HP Software’s existing e-discovery and compliance capabilities in information collection and retention."  No argument there, nothing very new there either.  Under an pre-existing agreement, Tower TRIM Context was already integrated with the HP Integrated Archive Platform, providing records management within the compliance archiving platform. 

Although Tower has consistently touted its records management capabilities, it did so within a full ECM suite, that includes functionality such as workflow, document management, e-mail management, document assembly, web content management and, to a certain degree, collaboration (i.e. a small step into the Enterprise 2.0 arena). 

There is more potential to this acquisition than HP is touting in the release. Are they being near-sighted based on the previous partner relationship?  It would behoove HP to re-assess the value of this acquisition and perhaps position these new capabilities beyond records management, e-discovery and compliance, into the realm of a full fledged ECM platform offering from a systems and hardware provider, putting them head-to-head with the likes of IBM and EMC.

Nearly twenty years ago I gave my first ECM seminar.  Cutting edge topics included imaging and optical storage.  Much has changed since then.  Imaging, then a standalone, typically proprietary siloed technology has evolved into a function or feature of an ECM.  Optical storage is no longer viewed as "different and confusing", and has evolved into a mainstream component of a hierarchical storage management strategy (HSM).  Some things haven't changed however.  One of the more frequent questions back then, is still often asked - "If I migrate business content to electronic format, how to I guarantee that the content will still be accessible and readable 20 years from now, 50 years from now, 100 years from now."

The question often caused me, and other presenters to go into the consultant song and dance routine.  There was no one sure fire way to do it.    The industry has made a major step forward in addressing that concern.  The AIIM standards group has developed a electronic archiving file format standard known as PDF/Archival, or PDF/A.   

PDF/A, is the first PDF standard developed in a collaborative manner by AIIM and NPES (The Association for Suppliers of Printing, Publishing, and Converting Technologies). It was developed to define a file format based on top of the Adobe PDF standard, that provides a mechanism for representing electronic documents in a manner that preserves their visual appearance over time, independent of the tools and systems used for creating, storing, or tending the files.  In other words, PDF/A provides a file format for long-term preservation of electronic documents.

In order to raise  market's awareness of the standard, AIIM has developed a new training course on PDF/A.

Beginning in April, this two day training focused on PDF/A (ISO 19005-1) and its use as a file format for archiving and preserving electronic data will be available as either web-based, public or private class offerings. This course will enable the person attending to speak more knowledgeably about PDF/A as well as know how and when to apply the use of PDF/A.

AIIM is responsible for the majority of the PDF family of standards which includes PDF, PDF/E, PDF/UA, PDF Healthcare and PDF/A.

Those who are interested in the training should contact Betsy Fanning (bfanning@aiim.org or 301-755-2682).

Iron Mountain (NYSE: IRM), today announced the signing of a
definitive agreement to acquire Stratify, Inc. for approximately $158
million in cash. (See press release)

Iron Mountain and Stratify have been courting for several months.  In January of this year they announced an alliance. Today this “common law couple” announced their officially tying the knot.  The big winner here is Stratify, a company that began as Purple Yogi, offering dynamic taxonomy construction and management technology.  After floundering in the taxonomy space for a few years Stratify re-branded itself as an e-discovery service provider, leveraging their expertise and technology in a SaaS model.

Iron Mountain’s position in the paper records storage business is unparalleled.  They are in an enviable position from which they can turn these “paper customers” into “e-customers" as well.  Of course, in order to do this they have to establish a level of credibility and services in this new space.  The turning of the alliance with Stratify into an acquisition strengthens that position somewhat.

The SaaS model of Stratify complements the traditional Iron Mountain role as “custodian” of records, i.e. they will physically house and manage the electronic records and documents. It is interesting to note, however, that in our recent Market IQ on Content Security, 78% of the 600 organizations polled indicated that they would not likely implement their content security (read records management, compliance, etc.) system in a SaaS model.  As we stated in the Market IQ, this is more likely based on immaturity among the public, than legitimate concern for the model.  Iron Mountain will nonetheless, along with other players in this space, have to educate the market and overcome this resistance.  The reputation they have built in the paper world can only serve to help.

Happy Halloween.  As I sit here thinking about tonight's activities with the kids, I could not help but think about Content Security - what can I say I am a real content geek I guess.  But it is true - the volume of content and the ease with which it can now be shared/accessed has created a real trick-or-treat dilemma for virtually every organization.  On one hand, our ability to collaborate and innovate as teams, to share our knowledge and build networks far beyond the physical boundaries of our offices is unprecedented and powerful.  There's the treat.  But on the other hand, this same volume and  ease of sharing has put the organization at great risk.  Careful or you may get tricked.  Whether through malicious intent, or accident, it is far too easy today to put the organization at great risk by mismanaging content.

Content security is no longer an issue for the IT department alone.  It is no longer a black and white issue - keep the "wrong" people out and then trust the "insiders" to do the right thing.  Content security is now an issue for virtually every business executive, knowledge worker and IT professional alike. 

So if you find yourself faced with this dilemma, join us tomorrow when we take a deep look at positioning content security as both an enabler of innovation and guardian of content.  The webinar will include insights into our recently published Market IQ.

To register for the webinar (2:00 pm EST 11/1/2007), go to http://www.aiim.org/webinar-events.asp?ID=4091&Task=Register.

Do you want a good Halloween scare for today?  Consider this, among the 600 organizations we polled,43% said they did not know if their content had been inappropriately accessed in last 2 years. AHHH - what is scarier then the darkness of the unknown.  (Similar findings were uncovered regarding malicious and accidental inappropriate deletion of content.)  I hope to see you at the webinar. 

As I mentioned in an earlier post, I recently returned from the UK, where I attended the ATM meeting of AIIM Europe.  In addition to making a presentation on the role of ECM in Enterprise 2.0, which was the focus of the previous blog, I also had the pleasure of chairing a panel of ECM end users who discussed the realities of their ECM deployments.  There were three panelists representing Johnson Controls, Nationwide Building Society and Inland Revenue. 

Each panelist was very articulate and well seasoned.  I had great respect for the depth of the insights they offered and the degree of candor with which they were offered.  Though some of what they said has been said before, perhaps it needs repeating.  I have taken the liberty of paraphrasing their comments, and am providing them here as a snapshot on the pulse of the ECM user experience.  These are presented in no particular order – just the order in which comments were made by the panel in response to questions from the AIIM ATMs.

It is critical that ECM projects involve the business/user community early on and throughout the project’s lifecycle.  Business users need to be educated on the what and why proposition of ECM, or else they will resist any adoption.  It is often helpful to start with a simple, targeted deployment and use it as part of the learning experience, enabling more wide-scale deployments later in the project.

The introduction of the CIO is considered a best practice. The chief or manager of IT services may still exist, but reports to the CIO.  The most important difference is the focus of the CIO on enterprise information, as an asset, and not technology per se.

It is wise to have a CRO (Chief Risk Officer) sign off on all ECM projects.  Typically, ECM implementations will make concessions on functionality for a variety of reasons, ranging from lack of budget to a need for infrastructure investment.  These concessions need to be documented and understood and appreciated by the CRO, i.e. what have we accomplished and are we still vulnerable in any manner. 

It is wise for the solution providers (i.e. vendors) to sell their wares to the CIO, and not to the end users of the solution.  Education and “internal selling” is seen as a role of corporate personnel, not the solution provider.  Software purchases need to be coordinated across multiple priorities and platform issues, and should not be addressed as piecemeal buys between a vendor and a user department.

Collaboration is a very real issue within the organization.  Various levels throughout the enterprise are seeking ways to collaborate.  Enterprise 2.0, however, is not a word that is used much, if at all.  It is seen as something off in the distance, whereas records management, web content management, document management and e-mail management are very real.  However, if Enterprise 2.0 is positioned as a new approach to collaboration, you are likely to get some attention, because, again, collaboration is on the minds of many.

The key business driver behind any ECM purchase is an alignment and support of a bigger business strategy.  You need to take a good look into what are the business drivers of the organization, and then determine (and educate the business) on how specific technologies can help achieve those goals.  Do not discuss the technology or tactical deployments, but the realization of a business objective.  If this is accomplished, the issue of cost savings and ROI becomes a “nice to have” component of the justification, not mandatory, unless you are a government entity in which case cost and ROI will likely be the most compelling driver behind any ECM investment. 

In today's headlines it was declared that the theft of millions of customers' credit card numbers from discount retail giant TJX was due to outdated security systems.  The headline resonated with me so loudly, it was almost deafening.  I could not help but think, "DUH."

We are in the final stages of writing our first Market IQ Report, on Content Security.  Two of the more interesting findings in the report echo the headline.  So I figured I would share a glimpse into them, given the relevancy to today's news.  Survey findings seem to suggest that the revelation regarding TJX is not the exception, but the norm.   Despite the availability of a host of technology solutions that keep pace with the technologies that enable content proliferation and creation, security remains the ugly setp child in most organizations.

When asked to identify where they believed content security was in its market adoption cycle, the great majority of respondents indicated "early majority."  The market perception is that most companies have embraced security technologies and have updated their systems. Upon inspection of other survey data, however, we found that most organizations have not made investments in security.  Indeed, individual responses indicated that content security, although recognized, typically is without a project owner, sponsor, clear budget and implementation time line.  Organizations seems to be doing mush talking about security (including compliance and discovery), but are not taking much action.  Reported uptake of technologies is very low, with the only somewhat exception being in traditional tools such as records and document management.  Many organizations will probably find themseleves like TJX, concluding that breaches in content security were caused by "outdated systems". One has to ask, give all the attention on compliance, e-discovery and major security breaches of late, what will it take for organizations to take content security seriously, as a senior management issue, funded, sponsored and adequately addressed and updated.  Does it take "getting caught", like TJX?  One wonders what that company's plans for security are now.

Want to know more?  Stay tuned.  Details regarding the statistics quoted in this blog, and much more are forthcoming in the AIIM Market IQ on Content Security, due for publication to the AIIM site in less than  2 weeks.

I am getting a bit perplexed (at best), a bit aggravated (at worst) by all the attention being paid to e-mail management of late. Why do people/companies believe that e-mail requires management, skills and training separate and distinct from the rest of enterprise content?  If all your organization is worried about is its e-mail management, then fuggedaboutit, you're in better shape than most.  I am not proposing that this is not an important business issue.  But, if e-mail is the only form of business content that you do not have well managed, then sit back and relax.  Bringing e-mail into control won't take much.

Whether viewing e-mail management from a compliance or knowledge sharing perspective, realize that the issue is larger than e-mail.  The media/format of e-mail is not "special" enough to warrant specific approaches to management. (You may consider corporate guidelines for how/when to use e-mail. But that is a separate and distinct topic.)  E-mail is nothing more than another form of business content, and, as such, should be subject to a common approach to content management – all business content, whether an e-mail message, Word file, PDF file, blog entry, wiki page, paper-based mail, file sent by FTP or recorded phone conversation.  If there is no records management policy within your organization, no corporate compliance initiative, no enterprise search strategy, no content sharing/collaboration environment, than addressing these issues only for e-mail is way too little too late.  If on the other hand your organization has a well-defined practice with regards to records, compliance, search and collaboration, then extending these to include content authored and/or stored in e-mail is fairly straightforward.

Consider two clients of mine, for whom I developed Enterprise Content Management strategies, which included e-mail.  In one case, e-mail was poorly administered to begin with.  Most e-mail was stored on C: drives, not subject to official back-up and recovery.  Many were printing e-mails and storing them in paper files.  When I asked how this compared to the approach used to manage paper files I was told that that did not matter, management was specifically concerned with e-mail.  I pushed a bit harder and learned that the approach to e-mail was symptomatic of the organization's approach to controlling any form of content.  Records management was a guideline, not a policy.  Their e-mail project quickly grew in complexity and stature.

The other client also felt they needed to establish an e-mail management practice.  In this case, there was a records management group that exercised control over many forms of content.  Established policies were in place and enforced that governed things such as retention.  Their solution was as simple as incorporating the e-mail files to the existing rules and review processes.  But that realization did not come easily.  When I first proposed that they take existing records policies and extend them to e-mail they looked at me as if I was crazy.  "This is e-mail" they said.  "No, this is business content" I retorted,  Courts and regulators do not hold e-mail to a  higher or lesser degree of scrutiny than any other form of content.  It’s the subject matter of the content and its business purpose that governs the approach to management and control, not format or media. 

Organizations can be easily confused.  Some technology providers purport e-mail management solutions that address the situation singularly.  While these products may work as a standalone solution, they create yet another stovepipe in the organization.  Seek out solutions that can be leveraged throughout the organization and bring e-mail into compliance with the policies and procedures of the organization as a whole.  Content filtering, security, search/retrieval and records retention should be deployed across media types and controlled by a centralized policy.  If you take the myopic view, not only are you not establishing a centralized approach, but you leave yourself vulnerable to the next insurgence of electronic communication.

So if you believe you have to manage your e-mail take this as a wake-up call and take a broader view.  If you find that your electronic content is in disarray then set up a system to address all content.  But if you find it is truly just e-mail that you have to bring under control, then quit your whining, you are in better shape than you thought, and better than most other organizations.

And that is precisely why you will not see AIIM Market Intelligence covering e-mail and its management as a separate and distinct topic.  Email will be covered, tangentially in many upcoming whitepapers and Market IQs (such as the Content Security IQ due for release in October 2007), but we will not focus on it exclusively only to lead misguided business and technology leaders further down the wrong path.

Yesterday I blogged regarding the lawsuit between ConnectU and Facebook (Web 2.0 Back to Business 1.0), commenting on the need for Web 2.0 content and processes to be secured and governed with the same degree of scrutiny and thoroughness of any other form of enterprise content. 

Well, the lawsuit was in the news again today, and continues to provide fodder for the ECM community.  Judge Woodlock delayed the case asking for the plaintiff, ConnectU, to provide more legally admissable evidence to support the claims of the lawsuit (fraud, copyright infringement and misappropriation of trade secrets).  To quote Judge Woodward, "Dorm room chit chat does not make a contract.".  The judge asked that the ConnectU legal team substantiate more effectively leverage its evidence, which is limited to e-mails and telephone voice mail messages. 

As the informality of Web 2.0 enters the business mainstream/Enterprise 2.0, participants need to realize that despite the power and informality/personal nature that somewhat characterizes Web 2.0 - when used in business settings - it is still business as usual.  The plaintiffs may learn that "Those that live by the sword die by the sword", or in this case "Those that live by the blunt instrument lose their case by the blunt instrument."  Content "captured" in wikis, blogs, e-mails and "dorm room conversations"  lose relevancy if they cannot be positioned and authenticated beyond repudiation.  Stay tuned . . .

For those of you following this blog, you know that a pet peeve of mine is the lack of business savvy among SOME proponents of Web 2.0 technology.  You may recall my ranting regarding a debate I got into at the Fast forward user conference with a Web 2.0 proponent who refused to see my issues regarding how Web 2.0/Social Networking and related content need to be/will still be subject to good business practice and legal compliance.   I was told, “You just don’t get it, and don’t trust your co-workers."

Well today, one of the bastions of Web 2.0, Facebook was sued by rival ConnectU, on the grounds of fraud, copyright infringement and misappropriation of trade secrets. (See article).  Earlier, in a related case, Facebook sued ConnectU for wrongfully collecting email addresses from its website and contacting these individuals.   “Ladies and gentlemen of the jury – I rest my case.”  The laws cited are “ancient”, but nonetheless very applicable.  Even if ConnectU loses their case, the case was nonetheless strong enough for the courts to hear it.  It is powerfully ironic that these pillars of the Web 2.0 market (at least in the case of Facebook), find themselves in a legitimate lawsuit regarding protection of intellectual property.

So at the risk of repeating myself, Web 2.0 and Enterprise 2.0 zealots need to temper their enthusiasm and realize that in spite of the power of these new technologies and business models, they still need to comply with the law and adhere to sound business practices.  Similar to their predecessors, the dot com enthusiasts who wished us to believe that the internet and e-commerce created a totally new set of business rules and models (ones that did not need to show profits in the first 5 year), Web 2.0 and Enterprise 2.0 zealots need to wake up and face reality.  Business content, patents, trade secrets,  customer data, etc., still need to be protected whether they are “willfully” shared in a blog, wiki, social network, etc. or clandestinely leaked in the dark of night.  Web 2.0 does not spell the end of content security, records management, and copyright, but marks a whole new beginning for these business practices.  That is why AIIM Market Intelligence chose to cover Content Security and Enterprise 2.0  as the subjects of their first 2  Market IQ reports, scheduled for release in October and December 2008, repsectively.

By the way, just to be clear, I am not casting a disparaging light on Web 2.0, Facebook or ConnectU.   Heck I am a Facebook user (see my profile and link up before it is too late.) I am merely reminding all of us that business content and personal content need always be appropriately secured and protected.

Last week Autonomy announced plans to acquire Zantaz for $375 million in cash. (Press release)

In acquiring Zantaz, Autonomy adds to its inventory of functionality targeted at e-discovery and e-mail management, most notably archiving and exporting.  For Autonomy, this is a move of competitive parity, not advantage.  Many competitors such as OpenText, FAST (through partnerships) and EMC Documentum have had such capabilities in their respective e-discovery offerings for a considerable amount of time.  It is interesting to note that Industry Analyst, Barry Murphy of Forrester, was quoted as seeing this acquisition as making Autonomy a more attractive acquisition target by platform plays such as IBM, EMC and Oracle.  If his insights are correct (seems odd that Autonomy becomes more attractive because of its acquisition of a small e-mail archiving company), the anticipated subsequent acquisition of Autonomy/Zantaz by a platform player would be driven by eliminating competition / increasing market share, as opposed to acquiring additional functionality, which was the PR behind the Zantaz acquisition.

This acquisition also adds to the blurring of "search vendors" (e.g. Autonomy and FAST) and ECM platform vendors (e.g. EMC Documentum, OpenText) regarding who best handles e-discovery.  In this regard I concur with the general opinion of Dave Kellogg (not his blatant pitch), President of Mark Logic, whose take on the acquisition is worth a read.