The Endless Security Cycle

4 Comments

I have been thinking about how to write this post for a while now. I have several approaches to choose from, but then I hit on the key concept. It doesn’t matter. Here is the general pattern of James’ approach to this topic.

  • James will criticize ECM security as a whole and then point to one or more issues.
  • I then attempt to explain why those key “issues” aren’t issues.
  • James will then elaborate or comment on my post in one or more follow-ups, usually explaining something that I didn’t put in my post for one or more reasons. In the case in point, I didn’t take it deep enough. While doing this, he ignores any defenses I may have made of the “issues”. He invariably bringing up other “issues” as well.

Rather than continue the cycle, and eat my time up, I’m going to post one more time on this topic and move on for now. Some disclaimers of my own:

Continue reading

Conversational Collaboration at EMC

1 Comment

Thought I would let me next post on security in ECM percolate for another day and share something that Jed found. He found a second blog by Chuck Hollis chronicling EMC’s adoption of Social Media as an Enterprise 2.0 effort. The blog started in August, so I started reading there as Jed recommended. I’m going to chronicle my adventure through his blog.

These are posts that I found particularly insightful or useful. If you don’t have time to read the whole sequence, you can jump around.

  • Why Me?: Chuck starts with a simple introduction to himself, explaining why he is leading the initiative and his initial strategy in getting started. My favorite line is, I had to informally recruit (hijack!) a few people who were as passionate on this topic as I was becoming, especially during the formative stages. Having recently started leading a few initiatives in my own company, I like the accurate portrayal. The key is to recruit those that will contribute, but may have been hesitant to volunteer due to various reasons. I’m trying to make sure that they get credit and rewarded for that work so they are still willing in the future.

Continue reading

Build that Taxonomy…Why? Because I Said So

5 Comments

So there were a couple of good posts the other day by Johnny and the BMOC. The best thing is that they were about the same thing, yet not. Johnny wrote about how it was important to create a taxonomy, however superficial, and not put everything into one folder. BMOC looked at the same situation and talked about how it is important as consultants to guide clients away from the dark path onto the bright, safe path.

Continue reading

Embracing SharePoint, Recipe for Death?

4 Comments

Wanted to take a quick break to comment on a post I read on Big Men On Content. This is a blog I have recently added to my regular read list, such as I read any blog “regularly” these days given my recent workload. It mentions into the perils of ECM vendors hitching their wagon to SharePoint with the observation that Microsoft doesn’t need them. They are right and they are wrong. Where they are wrong is slight and the whole concept is worth exploring.

Continue reading

DQL versus SQL

5 Comments

James has often compared DQL and SQL, assigning the security weaknesses of one to the other. While there may be valid concerns for some ECM query languages, DQL is actually fairly secure from this type of attack. Don’t get me wrong, it isn’t foolproof, but it isn’t an apples to apples comparison. Let’s compare and look. Be sure to add comments to question or add.

Continue reading

Secure ECM Systems

1 Comment

In my earlier post, I called James out on his post, which was a fairly biased statement about EMC’s testing for security, or lack thereof. In my post, I pointed out that the security warning did not warrant such an attack. I tried to point out that James wasn’t necessarily wrong in his statements, just that he didn’t provide any evidence that backed them up. He criticized their proactive efforts when the source material calls for a reactive effort.

Well, James replied to me in two subsequent posts. The first post endeavored to teach me about the importance of testing for security in systems proactively. It wasn’t a lesson that I needed, having heard of the SQL Injection attack back in the 90s as a weakness in ASP applications (or at least an attack that was fairly similar). Being aware of these issues, I’ve make a point of controlling what a user can do in interfaces.

His points are valid though, so I wanted to take time to talk about them. This is my first post in a series addressing the points he brings up. So if I don’t address something now, don’t worry it’ll come.

Continue reading

Regulating Fair Use

1 Comment

My original post on Fair Use and Original Thought had some interesting bits of things fall out of that. The first, and foremost, was the complete dissolution of the offending blog. The other is the appearance of a new graphic on my, and several other, blogs.

Regarding the Recently Departed

The blog that I referred to is now gone. I can find a small cached version through Google, but it is no more. The writer claimed to be an employee of EMC, but some EMC people I know failed to find them in their Global Address List. Who knows at this point? I did determine that every single post, except the first A Message to All Viewers was copied from another blog.

Continue reading

Inciting Insight or Panic?

4 Comments

Normally when I read a post by James McGovern, I understand that he is trying to get under people’s skins in order to provoke a response. Some people respond to this by attempting to give the type of information that James is looking for in a post of their own. Others view it as a form of harassment and try their best to ignore it, though James just looks on that as a form of encouragement. Both reactions are perfectly fine.

I, and pretty much every blogger, are not compensated for writing our blogs, much less for responding to James. It is optional. When I blog, I do so as me, myself, and I. Not as an employee of any company or organization.

Continue reading

SharePoint and ECM Working Together

4 Comments

Andrew Chapman got a new gig. He is now in charge of SharePoint solutions for EMC. I am assuming that this includes Content Services for SharePoint (notice the old site link still works) as well as any other current and future products. I couldn’t be happier. Andrew knows how to listen and evolve his thoughts based upon new information and experiences.

In many ways, this is an out-growth of his work in the world of compliance and records. He had seen how organizations were having trouble managing their growing SharePoint environments and they were asking him how to get Documentum and SharePoint to work together. Organizations like SharePoint’s user-interface and Documentum’s ability to enforce business rules and manage the large amounts of information being stored. Andrew voiced his opinion one too many times and his new job was born.

Continue reading

Fair Use and Original Thought

7 Comments

The other day I was surfing some blog and found a few new Documentum blogs. Several of them had good posts that I will be commenting upon in the future. One had several good posts, and some others that sounded familiar. Then I realized, I was reading my own posts!

Continue reading