I have had a LOT of discussions with people over the past year about Edward Snowden, the NSA, and the impact on cloud adoption. My general response is that it would likely slow US adoption of the cloud by a few months and outside the US by a couple of years.
Well, it has be six months since this all started and I was starting to wonder about how this was panning out. Then Computerword kindly published a piece stating that Chief Information Officers (CIOs) were sticking with the cloud despite the NSA.
While 20 CIOs are in no way a fair sample size, even if they are geographically dispersed, they did raise several excellent points.
The best point was that the NSA was thwarted by an internal resource. The NSA didn’t use the cloud but they still had a massive security breach. If anything, the Snowden episodes reveals the threats posed by disgruntled employees.
IT chiefs appear to consider insider threats a more concrete and likely danger, including disgruntled employees or contractors like Snowden who out of malice or in retaliation expose confidential data or damage IT systems.
While all employees can leak data, systems professionals are a unique risk because they have greater access to information. While one would hope that everyone acts ethically, we know that it isn’t the case. When deploying cloud solutions, IT administration staff is reduced. Reducing the number of people with access to everything can reduce both security risks and costs.
If a technology like cloud computing can better serve the organization from both a cost and security perspective, why would you eliminate that from your strategy? Are your competitors doing the same?
Even with those factors in play, this isn’t a zero sum game. There is a security balance that has to be struck with every decision.
Who is Hack Proof?
Snowden demonstrated that nobody is leak proof. What about hack proof? The short answer is that nobody has 100% security. The question really is do you have enough security for the information that you are protecting?
The truth of the matter is that for most organizations, if the NSA wanted to hack your systems, they could. In fact, they could likely do it much easier than if they tried to hack a cloud provider. Most established cloud providers have larger staffs and have invested a lot more money in security over the past few years than your organization.
"I’m more comfortable with Microsoft’s security for our email than with handling that internally," BCBG MaxAzria’s Fuller said. "We’re a fashion company, not a tech company. We need to focus our resources on producing great dresses people want to buy."
This isn’t to say that you should drop everything and move to the cloud. Just don’t let a false sense of security from hackers keep you in your on-premises environment.
Pick the Right Time and Balance
The real lesson here is that there are a lot of factors that go into any change in infrastructure. The cloud is no different. The needs of the business should be the guiding principles, not fear of an external entity hacking your system.
As Snowden aptly showed us, the greater security threat is, and always has been, internal people who have grudges. You can’t protect against them, but you can strive to make your place a better place for people to work. This will reduce the odds that someone will decide to act with malicious intent.
The alternative is to employ a lot of security, keep everything internal, and only grant access to any piece of information if they need to know. What’s the worst that can happen?
Ask the NSA.
It is Thanksgiving in the United States this week. It is a time for turkey and pie. Oh the pies. I am thankful for many things, but I won’t go into many of those today. I want to talk about a Thanksgiving tradition. The Iron Bowl.
The Iron Bowl is the annual American football game between my alma mater, Auburn University, and the other major school in the state of Alabama, the University of Alabama. While those facts would normally be enough to make the game interesting, when one realizes how little else there is to do in Alabama besides watch college football, it escalates. It is more than bragging rights.
This year, Alabama is ranked number one and is the defending National Champion. Auburn is ranked fourth (out of 120 teams). The winner takes the division and will play in the the Southeastern Conference championship. As the SEC champion has won the last seven National Championships, In fact, the last four winners of the Iron Bowl have won the National Championship.
Finally pulling out the analogy to end all analogies in the argument of whether or not Enterprise Content Management is dead or alive. Honestly, it never existed and we need to focus on Content Services. Dan Antion, an AIIM Board Member, disagrees with me. While I never let someone disagreeing with me slow me down, Dan is a smart guy and a friend. When he feels that ECM is alive and real, I pay attention.
I have one question for Dan. How is his Enterprise Data Management system working out?
One thing that was missing from the events was representation of our Federal customer base. Given the current challenges facing many Federal agencies here in the United States, it wasn’t surprising. There isn’t a lot of traveling going on right now.
As a result, Alfresco bringing that learning experience directly to Washington, DC on January 29th for Content.gov 2014. That is more than hyperbole as we are bringing in our CEO, Doug Dennerline, our Chief Product Officer, Paul Holmes-Higgins, and many others to DC for the event.
Oh, and I’ll be there as well.
The reason I am taking time out to encourage you to come is that the drivers in the Federal marketplace are different than those in the rest of the world. The focus is not on revenue, but on serving constituents effectively and efficiently. Rules and regulations are more than factors in a risk equation, they are absolutes.
If you are trying to solve the Content problem in the Federal space, please come to Content.gov (it’s free) and talk to others facing the same problems. I, and the leadership of Alfresco, want to hear your perspectives on the unique Content challenges facing the Federal space.
It isn’t even a question of whether or not you use Alfresco. We all need to work together to solve this problem.
I love roller coasters. I’m not obsessed with them, but when presented with an opportunity to ride one, I take it. I particularly like old wooden coasters. They really make you feel like you are on the edge.
When I was a child, I had the same fascination but I rode only about half the coasters that I came across. I had a fear of the coasters with loops. I would be excited to ride them, wait in a long line, and then when the time came to finally board, it was a 50-50 shot whether or not I would just walked through to the other side.
The Loch Ness Monster roller coaster was a frequent victim to my whimsical abandonment. I think I was successful only a third of the time prior to the age of 10. This is a little silly because I had ridden it before and enjoyed it immensely. The fear remained. There was no logic behind it. It was an irrational fear.
This has passed and every time I go to Busch Gardens, I make a bee line for Loch Ness. I figured I had conquered the irrationality until…
I’ve been talking for a while about how we need to mix things up in the space. Records Management as we know it is dead and it has dragged Enterprise Content Management (ECM) down with it. We need to completely change things to get back on track.
While I was attending the ARMA conference, ARMA’s president, Julie Colgan, said that Records Management needed to evolve. I said that it wasn’t enough. Records Managers need to revolt against the system and change things. Julie saw the comment on twitter and promised a response.
Well, today Julie gave a response.
I also believe that RIM needs a revolution, but in order to get there, we first need the professionals in the space to be ready to revolt.
Let’s face it. As much as Records Management, and ECM as a whole, has failed, the needs for proper Information Governance has not changed. Organizations still have the same requirements.
We need to work WITH the Records Management professionals. We need to work together to find a way to meet the requirements of the organization while addressing the central failure point, which is that existing solutions make every employee a Records Manager.
They don’t want to be Records Managers.
I personally welcome ARMA to the battle. The members of ARMA have knowledge that we need. They also have ideas. I saw many speakers at the conference calling for a new approach. We need to learn how to relieve people from the burden of managing records to allow them to focus upon their jobs.
Shall we start a revolution together?
Yesterday, there was a pretty heated twitter debate between Ron Miller, Irina Guseva, Tony Byrne, and myself over what constitutes a Cloud Product. This was triggered by an article that Irina had published on the Real Story Group blog about what people should take away from the Adobe security breach (besides passwords).
I am not a big fan of how Irina portrayed cloud security as cloud systems are often more secure than many internal systems. Ron had more fundamental issues with the article.
I tend to ignore most contradictions in a Twitter debate given the limits of the medium. I do want to counter both of Ron’s statements.
Recently I’ve been trying to walk a narrow path. I have all but pronounced Enterprise Content Management (ECM) dead, and yet I have expressed a belief that Content Services need to be embedded into business applications.
The question is two-fold. How can you serve Content Services without a platform? Isn’t that ECM with a different name?
Yes and no.
Let’s dissect this apparent contradiction.
I wrote a piece for CMSWire last month asking if Content Management Systems were Good Enough for Digital Asset Management. I essentially said that if digital assets are the business, then a Digital Asset Management (DAM) system makes sense. If digital assets are part of a broader business need or solution, then perhaps the capabilities of a broader Content Management System (CMS) would suffice.
Ralph Windsor took exception at my conclusion, thinking I was pushing the same old Enterprise Content Management (ECM) story. He couldn’t be further from the truth.
Let me tell you why.
We have a problem in this industry. We live in a world where we constantly think about the “users” of our software. In that identification, we dehumanize the People that are using our system. While this is a small detail, we have to remember one thing…
Everywhere I look, in proposals, requirements, and manuals, the People that use the system are referred to as Users.
It is pervasive. We hold User Conferences. We write User Manuals. We assign User IDs.
The cruel thing is that we don’t do it to ourselves. There are developer conferences. The creators of the software get to be People, why not those who have to live with the software?
We even try and perfect the User Experience.
Why are we not working on the Human Experience?
Why do we insist on calling the People whom our software helps users? We aren’t pushing a drug. If we were, more People would be willing to use it.
One thing that we do have in common, aside from calling People “users”, is that we have to push People to use the software. We have to convince them to take that first step in using the software. People view the software as dangerous, a risk, something to be avoided.
We need to change this approach. As Content Professionals, we need to think of everyone as People. The first step is to change the way we talk.
I am not trying to help users.
I am helping People.