Box Makes a Huge Leap in Security


The Keymaster and Gatekeeper from GhostbustersI saw the Box’s announcement of their Enterprise Key Management (EKM) feature yesterday. This is a big jump forward for Box and puts them well in the front lines for cloud security among vendors with traction. Matt Weinberger had a good write-up about how Box’s EKM works complete with a Ghostbuster reference.

Chris Walker wrote about Box’s EKM announcement and quoted a tweet I made. The tweet follows but I encourage you to go read his post as it is a good one.

I wanted to expand on the quote up above in a comment on Chris’s post then I couldn’t stop typing. I decided to write it here.

The Government has Rules

Obvious right? Let me use the U.S. Citizenship and Immigration Service (USCIS) as an example. I was a contractor there for multiple projects and had to staff many roles on those projects. Let me tell you, it was challenging.

USCIS has a rule that only citizens can access certain data systems. The reason is they don’t want a person for whom they are determining benefits to have access to the data. This is a legitimate rule and aimed to not just stop corruption but to keep any hint of corruption at bay. Defense and Intelligence agencies have requirements for clearances to have access to classified information.

The IT staff has to meet those same requirements. For cloud vendors, it means THEIR admins would have to have clearances and/or be a citizen for the information to be managed. When a Box show came through DC a few years back, attendees were asked about the citizenship of Box’s employees. Encryption was proposed as a solution but was shot down if those same non-citizen, uncleared people had access to the encryption keys.

The EKM solution fixes that problem. All content is encrypted with a customer owned and controlled key so Box employees cannot access the content. They can access metadata, which could be an issue, but not content. The key lives in a secure appliance hosted by Amazon. That is important because it is now beyond the reach of the Box administrators.

It is also important because Amazon has a government cloud that has been through FedRAMP. That means that encryption keys for government agencies could be stored there. In fact, if Box was able to get their FedRAMP certification, then they would be able to operate with impunity in the U.S. Government.

This announcement is huge. I expect that this is just a first step to bigger things.

Sony, Information Governance, and the Quest for Relevancy


Movie: The InterviewPeople have been writing for months about what could have prevented or lessened the impact the Sony hack. I’ve talked to many people in the information governance industry on this very topic. I’m a firm believer that even with proper information governance policies that were properly followed, the impact of the Sony hacks would be the same.

Of course, not everyone agrees. Lubor Ptacek asked if enterprise content management (ECM) could have prevented the hack. While his answer was not a definitive ‘Yes’, it did fall strongly on the side that it would have made a significant difference.

Lubor is a smart person so I’ve decided to visit his points in this post.  Before I start going point-by-point…

You Can’t Govern Stupid

Continue reading

Reports from the Content Management Frontier


The following are excerpts from an explorer hiking the Gartner Hype Cycle for Enterprise Content Management (ECM) technologies.

Day 1, Reached the Peak

Today we finally reached the Peak of Inflated Expectations. The view is simply amazing. This technology is going to revolutionize everything. Everyone is excited and  teaming up with their friends. Documentum just got some great new equipment from EMC. I suspect that those two will be very happy together for a long time.

Life is good.

Day 2, Getting Crowded

Apparently everyone is excited and more and more people are joining us on the Peak. While the view is still lovely, they ground is starting to get muddy from all the people trampling everywhere.

Stellent showed up with their new pal Oracle. Everyone thinks they are a bunch of posers but they are mostly keeping quiet because Oracle has a bit of a temper.

There seems to be a new noise. I’m going to go check it out.

Day 4, Ooops

That noise from the other day? That was the beginning of an avalanche that carried the entire group off of the Peak. According to our maps we are in the Trough of Disillusionment. It is hard to validate because nobody can get a clear signal anymore. It is a bit gloomy but some people seem to think we can get out.

OMG! Open Text ate Hummingbird while we were sleeping! They must be panicking already.

Tensions are very high.

Continue reading

Box and Dropbox Race for Long-Term Relevancy


The Spanish InquisitionIn case you missed it, Dropbox has followed the path blazed by Box and has integrated with Microsoft Office. While Box integrated on the desktop, Dropbox is integrating with the Office mobile apps and plans to extend it to the Online Office versions. This is a no-brainer move as anything that simplifies people’s ability to work with content within Dropbox helps keep people using both tools.

On top of all this, Microsoft announced that their Android and iOS versions of Office will now be free. Microsoft is clearly trying to maintain their edge on the office productivity world and Dropbox is aiming to stay in front of people’s eyeballs.

Continue reading

EMC’s Faulty Perception of Content Management


How I Met Your Mother Spit TakeWhile at the Monktoberfest last week, I had the luck to run into some people from EMC.  Not just any folk from EMC, they were from “core”, the storage side of the business. After convincing them that I knew enough about EMC to have a real conversation, we discussed Documentum and the Information Intelligence Group (IIG) where Documentum sits.

The talk quickly turned to why Documentum did not live up to the potential they had when EMC acquired them. While I have many opinions, I thought I’d get their opinion. It was a little surprising.

They didn’t adopt Virtual fast enough.

There have been a lot of missteps over the years, but that wasn’t one of them. I was selling Documentum during the rise of VMWare and I can state this for a fact, I NEVER lost a deal because Documentum didn’t support virtual machines.

Continue reading

Box Just Threw Down the Gauntlet


Clint Eastwood as Dirty HarryLast week, Box held their annual conference. Many announcements were expected and the announcement of Workflow coming to Box in 2015 was quite exciting. If you want a high-level look at everything that happened, check out Chris Walker’s quick thoughts on BoxWorks.

None of that is why I am writing this post.

Buried in the wave of tweets were two game-changing announcements. Box announced Retention Management and Auto-Classification of Content.

That’s right. Information Governance behind the scenes on an application that people actually use AND a way to get content in the right retention bucket without people having to intervene.

All in the cloud.

Continue reading

The Two Sides of Information Governance


Sometimes things just fall together. This past weekend, I watched Raiders of the Lost Ark with my sons, reveling as they experienced all the quirks for the first time.

Then on Monday, I had a conversation about Information Governance with a fellow practitioner. They remarked that there were two pillars of Information Governance. At first I agreed, Value (Information Management) and Risk (Records Management/eDiscovery) are the two dynamics at play in Information Governance.

I then realized that they were really two sides of the same coin. They are not as separate as two pillars might be. They are intertwined. After a little thought, I decided that the headpiece to the Staff of Ra from the movie Raiders of the Lost Ark was actually the perfect paradigm.

Continue reading