The Business-Technology Weave

December 1, 2010  2:03 PM

Content Management and Acceptable Use Policies

Posted by: David Scott
acceptable use, business exposure, business liability, content, content control, content liability, content management, content management system, data access, data breach, data control, data exposure, data management, data recovery, data security, data theft, information dump, information leak, information theft, project control, project management, WikiLeaks


I feel compelled to continue the discussion of content and its management in view of the WikiLeaks dump.  A real concern of mine – and this is totally from a business-IT management/content point-of-view, it is not meant as a political statement –  is a high-profile government spokesman’s comments today in a very high-profile news venue.  He stated that the United States did not have to fear a guy who plunked down $35 for a web presence, with a laptop.  You can Google to identify the spokesman and his exact comments if you wish – for our discussion here, it is merely a springboard… a recognition of a lagging appreciation for the accelerating environment and any content’s vulnerability within.


On the contrary, a web presence (actually, mere internet connectivity) a laptop, and a modicum of ability, are all that it takes today to create real damage.  At some point, absent imaginative protections, someone is going to take an entire power plant offline – or worse – with a laptop and internet connectivity.  As stated in I.T. WARS:  Greater power is coming to smaller and smaller groups; even to the individual.  As the size of any group is reduced –  with attendant increase of power – counter-protections, debated actions, and measures of control diminish, and potentials for harm increase. 


A BTW tenet:  In the realm of risk, unmanaged possibilities become probabilities.


As to content and control, I believe that small and medium business must have well-articulated and documented content management (CM) policies in place, with defined measures of protection.  Large business will be amending and constantly evolving their policies.  In fact, a triumvirate of policies should serve the organization, all organizations, well:


Content Management – Acceptable Use – Security


Let’s save the overall Security Policy ‘till later – it’s an overarching umbrella that includes physical assets as well.  All of these policies and plans can refer to one another, particularly to specific reinforcing parts.  For now, let’s briefly discuss Content Management vs. Acceptable Use:  Sooner or later, every organization is going to have some measure of policy for content’s management, and that measure will likely increase as time goes by.  It is important to note here what a CM policy is, and what it is not – or at least in my view, what it should be, and should not be. 


It is for leveraging content, exposing and reducing specific liabilities, and for taking action on content in an administrative sense:  enabling access, use and leverage; reporting on; archiving; and destroying.  It is not the central policy regarding definitions and expectations of appropriate use, and regarding actions taken in circumstances of willful abuse of content.  Content management measures certainly do help to identify and expose abuse (as well as limit it); however, the definitions of acceptable use, abuse, and measures regarding them, will be contained in the organization’s Acceptable Use Policy. 


Jumping ahead slightly, this Acceptable Use Policy details appropriate use of all business resources, tools, and assets – including information (content).  Your CM policy can point to the Acceptable Use Policy (or contain extracts from it) regarding things such as the improper access, accumulation, dissemination, removal, and destruction of information.  But again, content management helps us to identify and leverage content toward a positive purpose; helps to limit liability and exposure; and to take administrative action on content. 


In the next days, we’ll continue the discussion, and articulate the “mechanical” components of a CM system, in order to set policy.


NP:  Spencer Davis Group, Gimme Some Lovin’ (LP), original vinyl, Odeon.

November 30, 2010  11:14 AM

Content Continued: Minimizing exposure and liability

Posted by: David Scott
business exposure, business liability, content, content control, content liability, content management, content management system, data access, data breach, data control, data exposure, data management, data recovery, data security, data theft, project control, project management, WikiLeaks


[Note:  If you haven’t yet, you may wish to start with “WikiLeaks:  Lessons of content and its management for the organization” – then click View All Posts and scroll down to the article  following; then read up for the discussion of content in its chronology ].


Reducing Exposure – Minimizing Liability:  When managing content, we’re also talking about a comprehensive process that can give a central authority a ready report, at any time, on all content in your organization, according to any criteria by which they query:  What is its subject matter?  Who created it; who has it; who’s been using it?  What is its useful life?  How does it relate to and support other content?  Which members, customers, staff, projects, products, services, regulations, agencies, etc. does this content pertains to?  Where are versions of similar content residing?  Which version is current? 


Accumulation of content contributes to inefficiency:  and liability for exposure:  Multiple versions and drafts of documents can exist in all sorts of locations.  Absent an overarching system of control, things get passed around within the organization, and saved in various user and departmental folders.  You build all sorts of redundant, near-redundant, and ultimately erroneous data.  Near-redundant data comprises records and documents that have various locations of storage (whether electronic or paper), with various dates of update and various inputs at various times – the resultant scatter of storage is always for some individual’s or group’s “convenience.”  However, it is distinctly inconvenient… its dangerous… for the organization.


Further, there often exists content that was created by persons who have left the organization – there may be no one who can readily answer whether the content is correct.  Outdated content, or content whose value is murky, should be weighed against some standard in order to determine its disposability.  At the very least, it should be evaluated for archiving and removed from the active environment, in thwarting a glut of suspect information.


So, content management goes beyond eliminating “glut,” and yields the possible exposures (liabilities) that certain content may represent.  For example, your organization may have all manner of outdated business policies, stored in various departments, which may be based on expired outside law and regulation.  You wouldn’t want anyone taking action within such policy that no longer applies.  How can you be sure that everyone is operating on the most recent issue of organizational policies?  Another example may be emerging client relationships:  relationships to you, and their relationships to other agencies.  How do you best disseminate breaking information throughout the organization?  How do you ensure it’s received?  How do you ensure it supplants the old?  How do you remove the old? 


We’re driving toward a CMS:  a Content Management System (whether supported by a formal applications solution – with attendant policy, training, and use – or, where budget constrictions exist, a simple reliance solely on policy and its influence on content, again leveraged through training and expectations for the handling of content.  That too represents a “system”). 


But before we get to that, let’s examine an area that often presents some confusion for Business, as well as IT… in particular, the small and medium business arenas – where a CMS is becoming a crucial component.  That confusion involves two key, related, policies:  Content Management vs. Acceptable Use.

November 30th:  On this day in 1866, work begins on the 1st U.S. underwater highway tunnel, in Chicago.

November 30, 2010  10:16 AM

Content, Use and Control

Posted by: David Scott
business exposure, business liability, content, content control, content liability, content management, content management system, data access, data breach, data control, data exposure, data management, data recovery, data security, data theft, project control, project management, WikiLeaks


In view of the recent WikiLeaks leak (WikiLeaks:  Lessons of Content and Its Management for the Organization), we recognize that content is a protected resource – just as any resource deserves – demands – protection.  Content is a crucial business support and enablement – that’s an understatement.


We spoke yesterday of a scrambled jigsaw puzzle – whereby the pieces reside in various departments, in various physical locations – perhaps all around the world.  We spoke of pulling a master, interwoven, thread – an authority pulls that master thread, and all the pieces come together to form as complete a picture as the moment allows:  a 100% collection of parts with corresponding context and fit to the other parts. 


That is a large part of what content management delivers to business.    It can be the assembly of information regarding something in process, such as status that reflects a true moment of progress.  How many projects go off track not because of lack of resources, planning, or effort – but rather, teams and individuals who suffer a certain silo’ing –  awaiting crucial information regarding installation, the “go-ahead,” of their respective pieces of the puzzle?  When can certain elements be implemented and enabled?  It’s often the most minor efforts, the easy things – holding a couple lines of code in abeyance in the absence of project information and control – that have a ripple effect downstream.  This compounds and cripples efficiency.


Naturally, it can be something totally mundane.  It can be a search for relevant supporting content when mounting a new initiative.  It can just be general research within your assets. 


What’s important to recognize is that you need, deserve, the complete, best, picture of the situation according to all assets, according to the moment.  When we achieve this system of confidence, we gain enormous efficiency and leverage by using, sharing, reusing, re-purposing, and assembling content by optimizing its formerly hidden business value.


But… what about control?  Protection?  Content, as we’ve just observed on a National stage of maximum drama, also represents enormous liability…


NP:  Norah Jones, Sinkin’ Soon  [  I’m busted… it’s online; it’s digital - but it's good.  I’ll cleanse my palate later with vinyl, rest assured.   :^ )    Maybe it'll hafta be Kind of Blue - Miles.  Original Columbia.  Yeah. ]


November 29, 2010  10:13 AM

Content: Getting it; Using it; Re-using it; and Getting Rid of It (Protection, too!)

Posted by: David Scott
business agility, business and IT policy, business and IT change, business and IT planning, business practice, business systems, content, content management, content management system, data management, data protection, leveraging data, WikiLeaks


I’ve struck a nerve in this discussion of content, (WikiLeaks:  Lessons of Content and Its Management for the Organization) judging by some e-mails I’ve received.  I know there are a number of IT leaders who struggle with their organization’s lax attitude regarding content control.  Let’s keep this discussion rolling…


Beyond mere accountability, however, the modern and evolving discipline of managed content is more sophisticated and powerful than anything previously established.  Beyond “Wiki-proof,” we make content searchable and relevant to people in powerful new ways, in support of projects and disciplines within the organization. 


We find supporting and illuminating relationships between existing content that were previously hidden because there was no way to find or readily expose these relationships.  We see new clues regarding markets, customers, products, services, trends, activities, and risks.  As importantly, when new content is developed, we want to automate the assignment of key information fields to it so as to make this new content a part of our leveraged information assets. 


Instead of being buried under an explosion of content, we explode content to splay its purpose, relevancy and value.  We then snap content together with other content to form a completed picture.


Imagine this: a scrambled jigsaw puzzle where the pieces reside in various departments, in various physical locations – perhaps all around the world – with individuals and groups working the various pieces in some measure of ignorance for the efforts and work of others.  We now connect all the pieces with an interwoven thread.  The thread guards against loss, and identifies puzzle pieces as relating to each other, among other things.  On demand, an authority pulls a master thread, and all the pieces come together to form as complete a picture as the moment allows: not part of a picture, not a picture with missing pieces, not a picture that requires recreation of missing parts that had already been created – but a 100% collection of parts with corresponding context and fit to the other parts. 


Exciting?  Yes – and the smart organization understands the value in this; implements, supports, protects, and rides the heck out of it.


Tomorrow:  We continue.


NP:  Brubeck.  Time Out.  Vinyl.  Thorens TD-125.




November 29, 2010  9:44 AM

WikiLeaks: Lessons of Content and Its Management for the Organization

Posted by: David Scott
content, content management, data, data access, data backup, data breach, data theft, national security, state department cables, U.S. security, WikiLeaks


Security and data breaches are overwhelmingly due to human factors:  mistakes, rants, retaliation for perceived slights… and so on.  In the case of the latest WikiLeaks situation, a leak of more than 250,000 State Department cables, it’s interesting to note that this isn’t a hacking situation – it’s a leak by someone from the “inside.” 

I once worked at a secured information center, while a member of the U.S. Army, and my position necessitated my possession of a Top Secret security clearance.  While this is not a political column, aside from occasional discussion of organizational politics, I find it almost unimaginable that someone possessing training and trust would do something like this.

But, what lessons does the latest WikiLeaks dump hold for the local organization?-  that is, yours?

First and foremost, recognize that content is a resource – further, it’s a protected resource.  Just as you secure computers, laptops, printers, paper, furniture, and anything else, you must secure content.  It’s a bit more nebulous than the strict securing of physical objects, but nonetheless you must do it.  Further, you must do it in an evolving world of threat and breach.

In I.T. WARS, I discuss Content Management in very straightforward terms:  For content –  information, data – you must be able to:  Get it; use it; re-use it; and get rid of it – within a secured system of access and control, and with a properly trained and performing staff.

In other words:

Getting It:  Having appropriate access to data, and the ability to find what you need;

Using it:   Conducting business with best information; also includes creation of data;

Re-using it:  Repurposing information; creating new reports from data; satisfying new requirements, departments, people…;

Getting rid of it:  Archiving or destructing information upon end of its active and/or useful life.  Avoiding a “glut” of information and subsequent processing burden (both systems and people).

Protecting it:  And to reinforce:  Ensure that your entire organization’s staff, from titular head to temp, understands your Content Management, Acceptable Use, and all security/info-related policies.  It should go without saying that appropriate passwords, protected system areas, physical content containers, etc., should be enacted and maintained…

Be careful out there.

November 29th:  On this day in 1877 Thomas Edison demonstrates the hand-cranked phonograph.

November 28, 2010  11:00 AM

‘Tis the Season… to be… Careful

Posted by: David Scott
black friday, Christmas, Christmas shopping, cyber monday, cyber shopping, etailing, online retail, online retailing


What comes after Black Friday? 


Cyber Monday.  That’s the online equivalent of Black Friday, with deals galore for the online shopper.  This year, it’s expected to generate more sales than Black Friday for the first time. 


I can tell you that I do almost no Holiday shopping at brick-and-mortar stores any longer; everything is done online, and it all shows up at my door.  I can even avoid gift wrapping if I prefer to pay them to do it.  Of course, no online retailer can match my taste and care when selecting wrappings, ribbons, and…  ahh, who am I kidding?


According to the National Retail Federation, 88% of retailers will have special Cyber Monday promotions this year.  This is up from 72% in 2007. 


They also report that online sales for the 2010 Holiday Season are expected to reach $32.4 billion, and that is an 11% increase over last year.  Further, 70.1 million people are estimated to be shopping online from the office this season for Holiday gifts.


In view of all of this, a Careerbuilder online survey reports that 21% of employers have fired someone for non-work related internet activities.  5% have fired someone for holiday shopping at work. 


I got to thinkin.’  If over 70 million folks are shopping online at work this holiday season, and 5% of employers have fired someone for doing this (and we’ll assume one “fire” per employer), then 3.5 million people have been fired for doing this!  Of course, we don’t know over what period of time.  For the fun of it, let’s just say that it’s been over the course of… oh… a decade.  That would mean that 350,000 people might lose their job this year for this!  Fired – for thinking of their friends; their spouses, their lovers, their kids, their co-workers…..


As I’ve said many times:  Be careful out there.  If I can save just one person’s job this Holiday season… 


:^ )


By the way, the same Careerbuilder survey says that 50% of employers block employees from using certain websites at work.  I am frankly surprised that this figure is not higher.


Novermber 28th:  On this day in 1895, America’s 1st auto race starts, with 6 cars, over the course of 55 miles:  The winner averaged 7 MPH.

November 27, 2010  10:50 AM

Continuing the Online Challenge

Posted by: David Scott
cloud applications, cloud apps, internet applications, internet apps, ISP, the cloud, the internet, the online challenge


A couple posts ago, we spoke of the importance of defining what users, what business, is allowed to do on the internet (Don’t be a blockhead:  Block… or Define…).  The challenge of “friending” and “businessing” on all sorts of unsupported apps and enablements is a real temptation.  But what of The Cloud, and fully sanctioned solutions that are “borderless” and outside the organization’s virtual “four walls” of control? 

Controlling these new circumstances may feel like you’re squeezing a wet bar of soap:  The harder you squeeze, the slipperier the conditions.  How the heck do you monitor cloud applications for real-time performance metrics?  In shifting apps that serve business to The Cloud, you have to ensure business makes real use of, and in-turn can pivot and make real deliveries as a result of, these new ways of supporting business and what it does.

When shifting elements to The Cloud, it is presumably to save money, for one thing, and to make things shareable and easier, for another.  Take some of the anticipated cost benefits and spend a little to monitor your performance in this sphere.  Justify what you’re doing.

At the same time, look to capture entirely new solutions in this realm.  While you do, look for solid solutions partners who can help you to mount the tools, processes and measures that track what you’re doing, why, and what the ultimate payout is to the organization.  You can’t afford to fly blind in this realm. 

If you’re just entering The Cloud, and most organizations are in a fairly novel realm here yet, your tools and measures are likely poorly equipped to deliver real-time data that tracks in an agile fashion what your apps and supports are doing at any given moment. 

Here, as anywhere, it’s essential that you chart your course with empirical measures.

NP:  Black Cat Moan – Clara Smith and Her Five Black Kittens on original Columbia 78 rpm disc, played on a modern, Esoteric Sound, 78 rpm turntable.

November 23, 2010  11:29 AM

Don’t Be a Blockhead: Block… or Define…

Posted by: David Scott
applications, blocking applications, blocking apps, business policy, facebook, IT policy, third-party apps, unauthorized applications, unauthorized apps


What’s a poor IT leader to do?  Whether you’re CIO/CTO, IT Director, IT Manager, Network Manager, Programmer, Business Analyst… or the real glue of the IT department – HelpDesk – you’re coming across more and more people doing more and more of their own thing.

You know, blending “friending” and “businessing” in the course of their day… and perhaps worse, doing it on and through apps that are… um… forbidden at worst and simply unapproved at best.

How about Business’ take on all of this?  Half the time senior execs and mid-level business managers are either clueless, uncaring, or even supportive.  Frequently, their shrug of “whatever gets business done,” is simple ignorance for all of the security holes and lack of accountability for content, as shared via apps that are outside the control of the organization.  What of a recent, critical, online business conversation – supposedly documenting agreements and forward progressions – that went down a rabbit hole and simply disappeared?  Hey, no problem, we’ve got the content right here on this backuuuuuu   uhhh…….. oops, no we don’t.

Consider the plethora (ah, finally – a chance to use “plethora”) of apps for communication and share:  blogger; AIM; YouTube; Skype; Twitter; MegaUpload; NewsGator, Facebook… we could go on and on.

In the case of Facebook, things are becoming a bit complicated:  Facebook started as a basic “wall” that allowed posts and communication on that wall.  However, it now has a chat mechanism, and an e-mail system.  Further, Facebook has morphed into an applications platform, with innumerable apps – and more being developed all the time. 

IT leaders, in concert with savvy Business counterparts, must identify what’s “out there”, and do one of two things:

1)     Block unwanted, unauthorized, outside apps.


- or –


2)     Define allowed use of specific apps and systems – by virtue of your policies and user education.

Actually, there’s a third thing you must do:  Make certain that all in the organization understand that they are not to start making de facto use of apps and tools that are outside the organization’s virtual four walls simply because an individual stumbles on something, decides it looks good, and thus begins conducting official  business on it or through it.

Tackle this now, before it tackles you.

November 23rd:  On this day in 1848 the Female Medical Educational Society was founded in Boston

November 22, 2010  11:42 AM

Watch that content, Bub…

Posted by: David Scott
blog, blogging, COICA, Combating Online Infringement and Counterfeits Act, content, copyright, copyright infringement, web content


Hmmm… word comes that the Senate Judiciary Committee approved a bill that should be of concern to any website, and any content provider:  It would grant the Attorney General the right to shut down offending websites with a court order if copyright infringement is judged to be “central to the activity” of that site.

Of particular concern to me is that the Combating Online Infringement and Counterfeits Act (COICA) seems to be overly broad.  A site need not contain illegal content:  apparently links alone can qualify a site for “shut off.”  I don’t know about you, but I sometimes embed links in some of my articles, as referencing other documents and policies – most if not all protected by copyrights.  It helps to reinforce my content – that is, what I’m saying – and with proper acknowledgment, that should be ok.  Ok?  I think it still is… but every bill generally has unintended consequences…

It’s a scary thing in creating a hammer with a very broad head – it just might start smacking the wrong things.  Web censorship is anathema to probably any reader here.  Certainly offended parties can go after entities that are violating copyright… right?  Do we need a huge government bill, granting the AG the power to snap off websites with a simple court order to the ISP?  (Which is how this will be achieved).

I don’t support piracy and illegal activity.  However, I’m not alone in my concerns:  this bill is garnering concern from a number of people and agencies.  You can Google to find more info and what the specific concerns are, but a primary one is that parties that are supposedly in offense of this act have no real  opportunity to contest the AG’s allegations for unlawful content.

In effect, we’re censoring the web without something extraordinarily important, necessary, and… American:  Due process.

I’d like to link to a couple articles regarding this, but I dunno…  I’m not sure the present Attorney General is tech-savvy…  maybe I’ll send him a copy of “I.T. WARS”…  that should help.   :^ )    I think it’s safe to link to my own copyrights…

NP:  Hampton – Tatum – Rich, on vinyl, Pablo label; this jazz gem is from an August 1st, 1955 session.  Catch it if you possibly can.

November 17, 2010  8:54 AM

Half of All Organizations Ban Access to Social Networking Sites

Posted by: David Scott
AOL, business policy, business practice, facebook, facebook e-mail, facebook email, IT policy, IT practice, myspace, social networking

Interesting news comes to us that half, or slightly more depending on the survey, of all organizations are banning access to social networking sites.  (You may wish to see my earlier guest-post at the Enterprise IT Watch Blog, Social Networking and the Blended Environment).

This is a sea-change from a few years ago, when organization’s had sort of a Wild West situation going on.  The “Business” half of the organization was mired in business – the doing of doing what ya do – and “IT” was lagging a bit:  particularly in small and medium business environments. 

Acceptable Use policies made little if any mention of social networking.  Many policies were even thin on e-mail etiquette.  Remember “netiquette?”  How quaint that seems.

Even today, as I review policies, many are remiss in their treatment of social networking.  As I remarked in an earlier article, I think a Permitted Use section of an AU policy is a good thing, spelling out the when of what you can do on social networking.  It’s a blended environment, and people are going to use company assets such as e-mail, to apprise spouses and other significant others of their schedule:  My arrival time home, who’s picking up the kids, etc.  To say nothing of “Friending”…

Now consider that Facebook is adding e-mail to its services:  Employees have another tempting avenue of communication via work-related assets for purpose of handling personal affairs.

Some companies allow social networking on lunches and breaks.  Some ban it altogether.  However, what is important is that you size the employee expectations and associated use- and establish protections for your organization.  The general caveats that have stood in time apply:  No bad-mouthing the company, its personnel, its practices… Do not divulge corporate secrets… most of it dumps straight out of HR, and gets quickly tuned and rewritten as IT policy, and as a section of IT orientation for each new hire.  Be sure that employees aren’t conducting official business through social networking, as that doesn’t come under the umbrella of your content management policies, your backups, your oversight.

Periodic refreshers for appropriate use of social  networking, or no use at all, for all staff are in order, too. 

Nov. 17th:  On this day in 1853, street signs are authorized at San Francisco intersections.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: