Box Makes a Huge Leap in Security


The Keymaster and Gatekeeper from GhostbustersI saw the Box’s announcement of their Enterprise Key Management (EKM) feature yesterday. This is a big jump forward for Box and puts them well in the front lines for cloud security among vendors with traction. Matt Weinberger had a good write-up about how Box’s EKM works complete with a Ghostbuster reference.

Chris Walker wrote about Box’s EKM announcement and quoted a tweet I made. The tweet follows but I encourage you to go read his post as it is a good one.

I wanted to expand on the quote up above in a comment on Chris’s post then I couldn’t stop typing. I decided to write it here.

The Government has Rules

Obvious right? Let me use the U.S. Citizenship and Immigration Service (USCIS) as an example. I was a contractor there for multiple projects and had to staff many roles on those projects. Let me tell you, it was challenging.

USCIS has a rule that only citizens can access certain data systems. The reason is they don’t want a person for whom they are determining benefits to have access to the data. This is a legitimate rule and aimed to not just stop corruption but to keep any hint of corruption at bay. Defense and Intelligence agencies have requirements for clearances to have access to classified information.

The IT staff has to meet those same requirements. For cloud vendors, it means THEIR admins would have to have clearances and/or be a citizen for the information to be managed. When a Box show came through DC a few years back, attendees were asked about the citizenship of Box’s employees. Encryption was proposed as a solution but was shot down if those same non-citizen, uncleared people had access to the encryption keys.

The EKM solution fixes that problem. All content is encrypted with a customer owned and controlled key so Box employees cannot access the content. They can access metadata, which could be an issue, but not content. The key lives in a secure appliance hosted by Amazon. That is important because it is now beyond the reach of the Box administrators.

It is also important because Amazon has a government cloud that has been through FedRAMP. That means that encryption keys for government agencies could be stored there. In fact, if Box was able to get their FedRAMP certification, then they would be able to operate with impunity in the U.S. Government.

This announcement is huge. I expect that this is just a first step to bigger things.

Sony, Information Governance, and the Quest for Relevancy


Movie: The InterviewPeople have been writing for months about what could have prevented or lessened the impact the Sony hack. I’ve talked to many people in the information governance industry on this very topic. I’m a firm believer that even with proper information governance policies that were properly followed, the impact of the Sony hacks would be the same.

Of course, not everyone agrees. Lubor Ptacek asked if enterprise content management (ECM) could have prevented the hack. While his answer was not a definitive ‘Yes’, it did fall strongly on the side that it would have made a significant difference.

Lubor is a smart person so I’ve decided to visit his points in this post.  Before I start going point-by-point…

You Can’t Govern Stupid

Continue reading

Information Governance and eDiscovery


Back in May, Julia Colgan wrote a great post breaking down the latest version of the Electronic Discovery Reference Model (EDRM). She outlined the changes in her post but the most significant change is the use of Information Governance instead of Information Management.

Version 3 of the Electronic Discovery Reference Model

Before I dive into the model, I want to make one thing clear. The purpose of this model is to show how all these concepts work together for the purpose of eDiscovery. It is meant to drive understanding.

Which is why I am not happy with the model.

Continue reading

Information Governance and Records Management Need to get Radical Together


A couple weeks ago I ranted that we were beginning to make many of the same mistakes with Information Governance that we had made with Enterprise Content Management (ECM), and to some extent Records Management. The post stimulated posts from James Lappin and George Parapadakis.

I respect both of them and it is entertaining to see them taking completely opposite approaches to the problem. It would be entertaining, for me at least, to see them debate the issue. I suspect it would get quite…energetic.

Of course, being on extremes, they both missed the mark.

Continue reading

Information Governance Repeating the Same Mistakes


One thing I’ve been doing a lot of recently is observing the rise of Information Governance. It is eating all the bandwidth that Enterprise Content Management (ECM), Information Management, and Records Management have historically consumed. All the same players are involved; each trying to make a name for themselves.

As I participated in today’s #InfoChat, I quickly realized that the exact same chat could have taken place 10 years ago. Just substitute #ECM for #InfoGov and it would fit. There were no “new” ideas presented, just slight twists on the same concepts that have been pushed for the last 20 years.

We get it. Success requires “People, Process, and Technology.” How about telling us how those factors should behave and work together? What new technology might help smooth processes to make people’s live easier?

TELL ME SOMETHING NEW!

Continue reading

Predicting 2014


I know I am a tad late on my prediction post for 2014, but I have had a hard time coming to terms with what will happen this year. At this point, it is easy to predict where things are going overall, but specific events over the next 12 months? Much more challenging.

I learned this by evaluating my 2013 predictions. The ones that didn’t come to fruition are still trending in the right direction. Those predictions just failed to hit that magic event before the end of 2013.

Well, I am going to try again this year. I am going to lean more towards trends and less on specific events. I could predict Open Text is going to make a large acquisition and that SharePoint will be declared dead by {insert large number here} prognosticators this year, but those things happen EVERY year which makes it feel like cheating.

What can we expect in 2013?

Continue reading

Checking the Industry Trends


I was playing with Google Trends the other day. I was curious what terms people were searching for on Google and how they related to the terms we seem to throw around the industry. This particular bout of curiosity stemmed from distinguishing between the technology and the business problems that people are trying to solve.

The first search was a set of standard terms we use when we talk about what we do on a regular basis.

  • Content Management, 1.00
  • Information Management, 1.52
  • Records Management, 0.32
  • ECM, 1.26 (Enterprise Content Management got 0.02)

It is a pretty consistent downward trend across the board. We can hypothesize as to why they are trending down, but I suspect it relates to the saturation of the term among those in the technology industry.

Continue reading