Box Makes a Huge Leap in Security


The Keymaster and Gatekeeper from GhostbustersI saw the Box’s announcement of their Enterprise Key Management (EKM) feature yesterday. This is a big jump forward for Box and puts them well in the front lines for cloud security among vendors with traction. Matt Weinberger had a good write-up about how Box’s EKM works complete with a Ghostbuster reference.

Chris Walker wrote about Box’s EKM announcement and quoted a tweet I made. The tweet follows but I encourage you to go read his post as it is a good one.

I wanted to expand on the quote up above in a comment on Chris’s post then I couldn’t stop typing. I decided to write it here.

The Government has Rules

Obvious right? Let me use the U.S. Citizenship and Immigration Service (USCIS) as an example. I was a contractor there for multiple projects and had to staff many roles on those projects. Let me tell you, it was challenging.

USCIS has a rule that only citizens can access certain data systems. The reason is they don’t want a person for whom they are determining benefits to have access to the data. This is a legitimate rule and aimed to not just stop corruption but to keep any hint of corruption at bay. Defense and Intelligence agencies have requirements for clearances to have access to classified information.

The IT staff has to meet those same requirements. For cloud vendors, it means THEIR admins would have to have clearances and/or be a citizen for the information to be managed. When a Box show came through DC a few years back, attendees were asked about the citizenship of Box’s employees. Encryption was proposed as a solution but was shot down if those same non-citizen, uncleared people had access to the encryption keys.

The EKM solution fixes that problem. All content is encrypted with a customer owned and controlled key so Box employees cannot access the content. They can access metadata, which could be an issue, but not content. The key lives in a secure appliance hosted by Amazon. That is important because it is now beyond the reach of the Box administrators.

It is also important because Amazon has a government cloud that has been through FedRAMP. That means that encryption keys for government agencies could be stored there. In fact, if Box was able to get their FedRAMP certification, then they would be able to operate with impunity in the U.S. Government.

This announcement is huge. I expect that this is just a first step to bigger things.

Sony, Information Governance, and the Quest for Relevancy


Movie: The InterviewPeople have been writing for months about what could have prevented or lessened the impact the Sony hack. I’ve talked to many people in the information governance industry on this very topic. I’m a firm believer that even with proper information governance policies that were properly followed, the impact of the Sony hacks would be the same.

Of course, not everyone agrees. Lubor Ptacek asked if enterprise content management (ECM) could have prevented the hack. While his answer was not a definitive ‘Yes’, it did fall strongly on the side that it would have made a significant difference.

Lubor is a smart person so I’ve decided to visit his points in this post.  Before I start going point-by-point…

You Can’t Govern Stupid

Continue reading

Stop Talking about Backups Tapes!!!


Bookshelf of backup tapesThis isn’t a rant against backup tapes in IT infrastructure. This isn’t a rant about how backup strategies need to change. It is a rant about all the people that depend on backups for managing information.

Stop it!

Backup tapes are to restore your system when things go wrong. Period. If you have to keep something, don’t use tapes. There are other ways. There are several archive vendors out there that will gladly take your phone calls.

Tapes are even worse for this than other backup methods. Tapes degrade. Tapes become corrupted. Tapes are easy to lose. Tapes get out of order. Tapes take up space that we are trying to save by going digital.

Continue reading

Reports from the Content Management Frontier


The following are excerpts from an explorer hiking the Gartner Hype Cycle for Enterprise Content Management (ECM) technologies.

Day 1, Reached the Peak

Today we finally reached the Peak of Inflated Expectations. The view is simply amazing. This technology is going to revolutionize everything. Everyone is excited and  teaming up with their friends. Documentum just got some great new equipment from EMC. I suspect that those two will be very happy together for a long time.

Life is good.

Day 2, Getting Crowded

Apparently everyone is excited and more and more people are joining us on the Peak. While the view is still lovely, they ground is starting to get muddy from all the people trampling everywhere.

Stellent showed up with their new pal Oracle. Everyone thinks they are a bunch of posers but they are mostly keeping quiet because Oracle has a bit of a temper.

There seems to be a new noise. I’m going to go check it out.

Day 4, Ooops

That noise from the other day? That was the beginning of an avalanche that carried the entire group off of the Peak. According to our maps we are in the Trough of Disillusionment. It is hard to validate because nobody can get a clear signal anymore. It is a bit gloomy but some people seem to think we can get out.

OMG! Open Text ate Hummingbird while we were sleeping! They must be panicking already.

Tensions are very high.

Continue reading

Box and Dropbox Race for Long-Term Relevancy


The Spanish InquisitionIn case you missed it, Dropbox has followed the path blazed by Box and has integrated with Microsoft Office. While Box integrated on the desktop, Dropbox is integrating with the Office mobile apps and plans to extend it to the Online Office versions. This is a no-brainer move as anything that simplifies people’s ability to work with content within Dropbox helps keep people using both tools.

On top of all this, Microsoft announced that their Android and iOS versions of Office will now be free. Microsoft is clearly trying to maintain their edge on the office productivity world and Dropbox is aiming to stay in front of people’s eyeballs.

Continue reading

Celebrating Women of Technology, My Mother and Her Sister


World's Most Dificult Jigsaw Puzzle, Leprechaun StyleFor Ada Lovelace Day, I was all set to write a post on making the tech industry more welcoming to women. I was almost done with that post when I decided that it was the wrong focus for today. I want to celebrate inspiring women in tech. Instead of picking from a slate of relatively well-known women or scrounging together some research on lesser known ones, I thought I’d target some people closer to home.

My mother and her sister.

I could say that a PhD in Biochemistry and a Bachelor’s degree in Mechanical Engineering is enough to inspire, but there is more. Diplomas sit on walls. It is their journey to those degrees and how they live their lives that show the impact.

What was that impact? Three of my four women 1st cousins work in STEM (Science, Technology, Engineering, and Math). In fact, in my generation, if you earned a college degree, the men were less likely to be in STEM than the women.

That is an impact.

Continue reading

EMC’s Faulty Perception of Content Management


How I Met Your Mother Spit TakeWhile at the Monktoberfest last week, I had the luck to run into some people from EMC.  Not just any folk from EMC, they were from “core”, the storage side of the business. After convincing them that I knew enough about EMC to have a real conversation, we discussed Documentum and the Information Intelligence Group (IIG) where Documentum sits.

The talk quickly turned to why Documentum did not live up to the potential they had when EMC acquired them. While I have many opinions, I thought I’d get their opinion. It was a little surprising.

They didn’t adopt Virtual fast enough.

There have been a lot of missteps over the years, but that wasn’t one of them. I was selling Documentum during the rise of VMWare and I can state this for a fact, I NEVER lost a deal because Documentum didn’t support virtual machines.

Continue reading