Modern Security Awareness

A national newscaster revealed something this past Sunday that is quite extraordinary, given the times we live in. He said, approximately*, the following on a news broadcast: (* details have been disguised)

“I’d just like to say that tomorrow is my brother’s birthday. Lieutenant Colonel John Smith, of Oshkosh, Maryland is 50 years old.”

It’s interesting to note that we have a fair amount of info for piecing together… identity theft:

Name
Rank
Date of Birth
City and State

If you think this is being a little paranoid, remember this saying: Just because you’re paranoid, it doesn’t mean no one is out to get you. The real trouble here is the efficiency involved. It’s one thing to mention this information to a small group of people – perhaps some of whom you don’t know well. It’s quite another to divulge this information nationally, to millions of people (and that is this particular show’s audience numbers).

With a little diligence, an identity thief can cruise past this person’s mailbox, and steal even more critical identifying information. As a start, the info above is enough of a foundation to make that cruise a good investment in time. Also, “spoofing” then becomes more easily leveraged; the contact of this person, either via e-mail, USPS mail, or even in person.  One example is a spoof whereby someone poses as the representative of a veteran’s organization, and asks to “verify” information:

“Hello Colonel Smith, we have your city and state as Oshkosh, Maryland – is that correct?  Thank you.  We also have your date of birth as 12/16/62 – is that correct?  Would you please provide your Social Security Number for verification?  Thank you Sir.”  You get the idea.  It happens quite frequently.

The newscaster could have said, merely, “I’d like to wish my brother a Happy Birthday… tomorrow is his birthday” – and left it at that. However, if it were me, I would say nothing. In the first place, a national news audience doesn’t particularly care, and while the mention “on air” might please his brother, it’s really not worth it. It’s not that big a deal in personal terms – being that it’s likely that a phone call will be made (or can be made, in lieu of the on air greeting) later.

It’s time to think very carefully about what you do: What you reveal; to whom; where; and when (are others nearby who can overhear? Online – are systems truly secure?).

In divulging personal information, regardless of the reason, always ask yourself:  Is this something that I have to provide? If it is truly necessary, is this the superior way to do it?

What this newscaster did is fine… for the ‘50s, ‘60s, ‘70s… etc. – maybe. But in today’s times?

NO. WAY.  Be careful out there.

CrowdFunding: Conceive it… Fund it… LAUNCH IT

Ever had a great idea, but thought:  Ah, I don’t have the capital to get this off the ground… and probably never will…  and who’s going to want to invest with an unknown like me, anyway?

Or perhaps you’ve wanted to be an investor yourself:  Getting in early, when the gettin’s good.  A relatively small investment, with big payouts to come once a company or idea really takes off.

But again, perhaps you’ve lacked what you considered to be the necessary capital.

Well, the opportunities for everyday people, investors large and small, are changing due to the phenomenon of crowdfunding.

Crowdfunding of sorts has been around forever.  Whenever groups of people contribute to a common cause – whether a business startup, political campaign, building fund, or a healthcare endeavor for a sick friend or acquaintance, for example – we’re leveraging the strength of numbers (the crowd), in garnering small, but powerful, accumulations of resources.  In many cases, we not only “fund” with money, but also with other resources:  Time; attention; focus; and work.

However, with today’s buzzword branding of “crowdfunding,” we’re speaking of equity-based funding:  contributing to a company’s start, with you the funder, subsequently owning a small piece of that company.

“Funding Portals” provide a rich dynamic whereby potential investors can find and begin partnerships with entrepreneurs – websites and related entities already exist, and more are coming.  However, recognize that the Securities and Exchange Commission (SEC) will be regulating these portals, as well as activity within crowdfunding – in protection to both investor and startups.  Much of the legislation is contained in the JOBS Act (Jumpstart Our Business Startups Act), of April 2012.  However, also recognize that the area of crowdfunding is in a relative flux, and due diligence in this area will remain challenging as further legislation and changes manifest themselves.

When considering crowdfunding, whether as pitchman/woman or potential investor, recognize that crowdfunding is undertaken for more than equity.  You may see a startup idea that is poised to deliver something to market that you’ve been waiting for, or just have a vested interest in, by virtue of the fact that you’ll use it to good advantage:  “Why hasn’t someone invented a way to _______?”  “Why can’t someone invent something that _________?”  Now you can help bring a certain something to market, and capture its best use to your own advantage – whether for personal pursuits or as a business lever.

Crowdfunding is a great way to uncover ideas that, ‘till now, may have been hidden.  Consider:  The Wright Brothers invented the airplane by virtue of their knowledge, intelligence, and perseverance – same for Edison and his light bulb and myriad other inventions; but they also had the means, and the time.  How many people, 50 years prior, 100 years prior, had valid ideas, of all sorts, but lacked the resources to develop them?  How many sparks of ideas self-extinguished because the intelligent people behind them spent their days tied to more mundane work – perhaps plowing a field all day in bringing food to their family’s table – unable to climb into a position to devote time to development… and delivery?

Given the leverage of today’s social media, and funding portals, we can say:

Get ready for a big change…

The Death of Empiricism?

I’ve been known to say that we’re in real trouble as a society when banks start failing the routine task of maintaining simple balances.  Simple balances such as those associated with Checking and Savings accounts.  It will be a sign.  (Maybe some of you will report that we’re already there – I’d be interested in any stories).

Recent events, such as this one *, leave me wondering if we’re not very close to a failure of banks to do simple accounting – an accounting for whether an account is open or not; whether it is active or not.  And now, another recent event does not lend confidence – rather, I see the value of empirical measures, and associated discipline, being discounted…

This most recent event certainly touches on both business and IT, and I’d like to relay it here.  

Back in July, my area suffered a very severe storm.  It was nothing on the scale of Sandy, but my neighbors and I were without power for 7 days – many other folks went without for 10 days or more.  I live near a state park, and was able to use the facilities there for showers.  Toward the end of the week, I realized I’d need to wash clothes very soon.  I surveyed the park’s Laundromat, and saw that I’d need quarters for the washers and dryers.

I procured a $10 roll of quarters from my bank.  However, that very day, my power was restored.  The roll remained unopened in the console of my car for these past months.  A couple weeks ago, I opened the roll… and to my surprise, found a nickel in the middle!  My $10 bill had been turned into $9.80.

Not a big deal to some, and the missing 20 cents was nary a concern to me.  But consider what this means…   A major bank dispensed $9.80 for $10 in what was supposed to be a transaction of equal values on each side.  If a bank cannot execute its primary duty, in safeguarding and accounting for money, then is it a “bank” at all?  In other words, if anyone banks $10, and desires to withdraw $10… then $10 is due; no other amount represents true banking.

But the really interesting part involves my conversation with one of the managers there.  I told her about finding the nickel in the roll.  We laughed over it, and she offered to reimburse me the 20 cents.  I say “no,” she only had my word for it – but asked how the error could have happened.  She replied that the bank only examines rolls at each end, for the appropriate coin (in view).  I asked how they knew whether there wasn’t a bar of lead in there, or something else lending weight, with coins on each end.  She said that there are rolls the bank packs themselves, but additinoally, the bank takes rolls of coins from customers – but they must be customers who have accounts at that branch, and they must initial the rolls they tender for paper money.  The bank also gets rolls of coins from other banks – in these cases, she said, those rolls are stamped – essentially branded to indicate the bank from which the roll came. 

I asked her if she wanted the initials/or bank stamp that was on my roll – it was intact in the car.  She said “no.”

When I returned to my car, I examined the torn roll – all of the paper is there (as pictured), but I found no initials, nor did I find a stamp.  My bank was either being disingenuous with me, or worse, their standards have slipped… or no longer exist.

Again, on the surface this appears to be a small thing.  But, the more you think about it… 

Any thoughts?

____________

*  I am still receiving statements from Capital One – after a three year absence – but now indicating a balance of negative $6.99.  In other words; they owe me money.  Think I’ll collect the same exhorbitant interest they charge us?  It’s the Zombie account that won’t die.

Internet Reviews: Beware of providing negative reviews

A woman recently lambasted a contractor with a review on Yelp – She gave him a one star review, and commented that he did not do the work she hired him for.  She further accused him of damaging her house and stealing some jewelry.  Ouch.  That could hurt business. 

Caution is indicated here:  Impugning someone, such as accusing them of committing a crime, causing damage, etc., is very harming to one’s reputation and business prospects.  The receiving party, if claiming damages from erroneous or exaggerated reviews, can seek relief in the courts and you may be liable for those damages.

The woman in this case is being sued for approximately $750,000. 

Lawyer Steven Sack, appearing on Fox & Friends, Fox News, says:  “The internet is a wonderful tool, but it’s a legal trap.  The minute you put something in writing, the genie’s out of the bottle, and your words have meanings, and depending on what the reasonable person interprets those words to be, they can be actionable as defamation, or they can be an opinion… so that’s where it begins.”

When posting online, be certain of the difference between opinion vs. statement of fact – beware of providing defamation; harm to anyone’s reputation.

Be wary of certain words and phrases.  Avoid stating that someone’s a criminal; that they’re going bankrupt; they’re financially unstable; they may not be operating in business long, etc.

Be aware of free speech vs. slander.  You can Google these concepts and legalities, and I suggest you do, particularly if you post a lot.  Other readers, business people themselves, likely have ready access to legal counsel.  Adhere to that advice, but as importantly, be certain all staff are trained; be certain there are refreshers; remind staff of their obligations to be careful, to remain informed, and to exercise great caution online – both when “wearing the company hat” – but also when operating as a private citizen.

In another case, a woman pretended to be a customer, not a competitor (as she was), and she wrote an opinion online, posing herself as a consumer who purchased a product that was “shoddy”.   She is being sued for $200,000.  The person bringing suit was offered $5,000 and they just laughed, according to Mr. Sack.  The case is now in litigation.

Again, be careful out there.

Content: The Life of a Managed Document

Essentially, the life of a document and its associated control would go something like this:

Creation:  Staff creates new content, perhaps a new word-processing document.  This new content may be generated as entirely new material, or it could be content that is being repurposed and built upon (edited and added to) from existing content.

Filing (Storing):  The new content is filed, as a file’s creator would normally generate and store documents (File, Save, or Save As…, etc.).  The Repository will take action based on the file’s destination folder; based on the creator’s choice of  folder  according to subject matter, and the content’s relation to other like-content. 

Categorizing (Taxonomy):  Storage is also the means by which content is categorized; by virtue of the folder in which content is stored by the creator.  Folders within the Repository will be dedicated to specific categories of content.  Depending on your desire, the content management system can also suggest storage and categorization based on its inspection of the document’s contents at the time of its creation, and subsequent comparison of key content to an organizational taxonomy table. 

Metadata (Tagging):  The content’s location and categorization also lead to the assignment of key metadata.  The document’s metadata is assigned by virtue of a metadata template that is associated to each content area (folder).  This way, each template’s information is leveraged for the tagging of all like-content in a specific folder.  The system can also extract keywords from documents for inclusion to the metadata, and can generate an abstract or summary.

Delivering/Sharing:  Content is now delivered when users query for various categories of content, on keywords, and concepts.  Collection and reference of data is now as comprehensive as possible.  You can even have your content/records manager query on content that has specific areas of metadata that are unpopulated (unfilled) – for purpose of generating a report concerning these documents.  The report(s) can then be delivered to various content authorities for completing the assignment of metadata to this content.

Re-using and Repurposing:  Now that content is locatable, identifiable, accessible and readily understood, it is easily employed for reuse.  With proper authority and access, departments can glean knowledge, formatting, and process from other department’s content.  Further, content can be repurposed:  it can be modified and incorporated to new content.  

Review and Reporting:  Content now is available for review by any appropriate authority.  Reports can be run to review all documentation generated in a given day for a specific client, for example.  You can view who produced the most effort – who is doing the bulk of the real work? 

This is also where you take action on content in accordance with a retention plan.  Disposition dates of documents provide the yield for a monthly report.  The report can indicate all documents subject to archive, and subject to destruction (pending review by the appropriate authority, of course).  This report can also expose those documents that must have their disposition date adjusted – this can be due to reasons of regenerated business, inquiry, subpoena, discovery, etc. 

Action:  Once content ages to the point where it is no longer being accessed (easily determined by reports), and is unlikely to provide further, or timely, business value, it can be archived or destroyed.

     – Archiving:  Archiving the information means that you remove it from your active business environment, and store it somewhere else – perhaps with a vendor who maintains your offsite backups, or in an offsite warehouse where your organization makes other storage of items.  Archived material can be compressed and stored on high-density (high capacity) storage media, such as DVDs and CD-ROMs. 

This material is cataloged, and can always be referenced if the organization needs to go back to it.  It can even be reintroduced to your active business environment if the need arises – nothing is “lost.”  The purpose in archiving is to prevent the active business environment from becoming overrun with useless data.  Taken to its logical extreme, if you don’t manage the removal of relatively useless data, it will eventually outweigh your useful data. 

     – Destruction:  Business material that becomes completely obsolete, as determined by Business, and technical documentation as determined by IT, should be destroyed.  Anything that serves no further purpose to the organization should be destroyed.

A Practical Example:  Let’s provide a quick practical example in the life of a document: let’s say that the organization has a current project; Project LMN, and associated content.  The project’s scope or domain could be anything: a marketing initiative, it could be legal representation of a client, it could be a new software solution and its implementation. 

Project LMN documents reside in a specific Project LMN Folder – that folder would have an associated metadata-template for the management of this project’s content.  Also, the main folder would have attendant subfolders, such as an LMN Budget folder for specific budget info and docs regarding the project.  Of course, specific subfolders to the main project folder would have their own metadata templates too.  Subfolder-templates can inherit the main folders metadata if you like.  However, many subfolders will require at least some unique metadata information.  For example, it’s likely that budget material associated with the project has a specific authority for access and edit; so, a budget subfolder within the main project folder would have a metadata template that differs, and it will tag budget information with different metadata.  Of course, authorized content creators and users within any folder can edit and tweak metadata to reflect the desire for control and disposition of that particular content.

Creation of new LMN content, such as a document, would bring up a dialog box requiring a destination folder – once identified, that folder’s default metadata would fill this new document’s specific metadata template.  This would tag the document based on its content, and its match to taxonomies used in the organization.  Thus, when we create and file content in a specific folder, it gets tagged with appropriate metadata based on the folder’s template.  In this manner, controlling elements that are common to all Project LMN material are applied to content: Such things as the document’s title, its category (Project LMN), its life, its disposition instructions at the end of that life, its securities and permissions, among other things. 

In addition, other specific tags relevant to the document itself are made.  The contents can be surveyed by the system in order to automatically generate very specific metadata that is relevant only to that individual document – extracting keywords such as author, names, places, dates and other key information.  The system extracts these things based on built-in pattern recognition.  These keywords can be gleaned based on a predetermined list provided by the vendor’s application, and by your own internal table of keywords – you can build your own custom pattern recognitions. 

This document could also inhabit multiple categories:  for example, its metadata could indicate that it is a general budget document, and contains specific Project LMN budget components.  The document would have a disposition date for archive or destruction, in accordance with the project’s standing in your retention plan, and as necessary, within compliance for any of the other categories. 

The creating user would either accept the metadata, or edit it – as authorized.  All new content that is generated and saved within the Project LMN area of the Repository will automatically assume the appropriate metadata for the management of that content.  Now the document is enriched according to attributes and keywords associated with that document – things your users can identify and use when searching for LMN content.  This way, authorized users can search, browse, and aggregate critical content regardless where the content is stored. 

Let’s say a creator generates a document regarding the project, but chooses to store that document in their User folder.  This is ok, since the document’s overall subject matter (Project LMN) will still allow appropriate categorization, and subsequent associated default metadata.  The system will still review the document’s content in order to generate the other specific metadata.  In fact, a likely scenario would be one whereby an authority would arrange for a Project LMN subfolder within all User folders for those staff associated with the project – using the same default metadata template for the main Project LMN Folder. Therefore as you go along, all Project LMN documents will be traceable, retrievable, and actionable no matter where they reside – in user folders, central project folders, or even e-mail, if desired, and no matter what the form of the document: wordprocessing, spreadsheet, presentation, or e-mail.   

We’ve now enabled a powerful way to identify the Project LMN files, and anyone associated with the project can search for them, and if authorized, access and use them.  When we capture content, we can: develop; manage; review; approve; archive; check-in/check-out; maintain version control; perform full-text and metadata search; optimize team communication; automate routing requirements; and deliver notification of status changes and new documents.  We can provide specific information and the surrounding context needed to optimize work within the project team.  We add value by exposing such related material as additional documents, tasks, calendar items, and team e-mail.  Our intellectual capital is in a secure, centralized repository.  All project matter is centralized and accessible.

This material can also be copied and repurposed within other projects and initiatives when it has relevant content.  Too, when Project LMN is long completed and done, and its material no longer of any practical use in the active environment, this content can be fully identified and acted upon for ultimate disposition.

CMS: Getting to the “System” of Content Management

[Note:  You may wish to visit the beginning of this series by scrolling down several articles.  If landing here brought you to a solo-article, Google "The Business-Technology Weave" and scroll]

The Content Manager

We’ve established background regarding content management.  Let’s introduce one more important thing:  a content manager in the form of a qualified person.  Increasingly, Content Managers (or if you prefer, Records Managers) are operating within a certified discipline.  Most if not all of the standards regarding the general duties of a content/records manager are detailed on the web.  Organizations that are about to embark on a full-scale content management solution and system should hire or delegate a content/records manager at the outset of the project.  This person also is a logical choice for this project’s selection as project manager.  As with all projects, make this selection carefully: It is this person who will drive the organization’s qualification for selection, implementation, and use of a system.

 The “System” of Content Management

Instituting management of content where there has been no real management is a daunting challenge to most.  There are so many forms of content, in so many differing structures, in so many different places, within the authority of so many different individuals and departments: Yet, if we can understand one area, we can understand them all.  The principles are the same. 

Let’s gain an understanding for the management of unstructured electronic document content first (your word-processing documents, spreadsheets, presentations, and any other unmanaged electronic, unstructured, data).  This is an area that most organizations tackle first – and, an area that is frequently most in need of control.  We can say that unstructured electronic documents take this priority because, conversely, structured (database related) content is at least managed to the degree of their native applications. 

We can also afford to prioritize electronic documents over hardcopy assets in most cases.  This is because there is a comparative advantage regarding hardcopy content:  ordinarily, it at least exists where you can see it.  Because hardcopy content is physical, you have a better chance of at least sensing where common subject matter exists.  We can point to a file cabinet and declare:  “Those are accounting records.”  And, “There are more accounting records over there in those cabinets.”  It is more difficult to do the equivalent with electronic data. 

Our understanding of the methods employed for unstructured electronic documents – and lessons learned – then position the organization to effectively take on other areas of content, in-turn.

Electronic Document Management – A System of Control:  Think of content management as an establishment of control over data by enriching it.  We enrich data by assigning information “tags” to individual electronic content – to individual files.  These tags mark the file according to what it contains – that is, according to its content.  Once tagged and so marked, an associated application system can grab and assemble that data with other data.  This enables and simplifies our research of data; and enables our ability to report on data for administrative purposes.  This tagging (enriching) of data is effected through the assignment of metadata to the individual document files.

Metadata has been described simply as data about data.  This is a great definition for our purposes.  Metadata tags are based on the subject matter and other general attributes of the specific document’s content, and can include such information as:

      – Document Title

      – Category (or Categories; based on Taxonomy)

      – Author

      – Abstract or summary info

      – Access (permissions)

      – Usage history

      – Keywords (dates, places, individuals, etc.)

      – High-value concepts

      – Disposition date (archive and/or destruct triggers)

The real power comes when metadata is automatically applied to documents, records, web content, and other digital assets according to a schema, or template.  Various templates contain prepared metadata for each condition of content in your organization, according to policy.  These prepared templates are then assigned to electronic workspace folders – much like those already in your network environment. 

When you create content, and file it in a relevant folder based on content’s subject matter, the metadata is automatically applied to that document.  A dialog box with default descriptive (enriching) information tags pops up.  The document’s creator accepts the metadata as is, or can manually edit specific fields of metadata.  Once accepted, the metadata is tagged to that document, and it becomes managed content.  When we query data based on content-criteria that is available through this metadata, we receive all relevant documents which satisfy our query – in a fast and comprehensive way.  The structure that supports the linkage of metadata templates to folders, and which supports all other action and reporting utilities within the managing of content, is a data Repository. 

The Repository:  The Repository is a component part of the vendor-delivered, overall content management solution.  User action is taken on data through their normal native applications – a word-processing application in the case of a word-processing document, for example – but with the added benefit of the Repository’s control and enhancements to data (such as the metadata tagging).  Further, an allied Content Management software application accesses the Repository to perform content management and administrative functions – such as finding, reporting on, and taking disposition on content.   

Various vendors may have differing names for it, but essentially a Repository is a vessel for data.  As desired, it can mimic your current network structure of folders and permissions.  This way, it will present a familiarity to users as they negotiate for files, and save new files.  In this regard, the Repository is relatively transparent – but it brings with it several very important utilities.  The Repository represents the achievement of a specialized, central, storehouse of data.  It not only will have a similar structure of filing as a network hierarchy, the Repository will facilitate proper filing and control of new content as it gets created, according to subject matter.  It manages data’s security.  It maintains and facilitates reportage and action on data so as to enable oversight.  It does this in a very efficient way, removing this burden from the content’s creator and the organization at large.  The Repository is the key by which content can be found, accessed, used, repurposed, reported on, and actioned for administrative oversight.

Content: Getting to CMS – Qualifying to identify a solutions partner

Delivering content management to the organization requires an outside ‘solutions partner’ – a vendor.  The vendor will supply and help to fit their content management product – a system – to the organization’s needs.  It is important, therefore, that your organization understands the nature of your content, the business processes that rely on this content, and the products, services, and positions that your content supports.  Come to agreements regarding content in your BIT (Business Implementation Team) meetings, select a content/project manager, and project management team.

Have the project manager research content management in order to qualify their understanding of it.  The PM should task other project members for the gain of necessary knowledge too.  Here, Business leaders should avail themselves of all material at their disposal – content management is detailed very nicely on the web.  Outside training classes are available too.  Thus qualify the organization to solicit vendor presentations as potential fits to your content management needs. 

Just as there is no “magic ignorance,” there are no “magic vendors.”  Don’t expect to have vendors come in to educate you from a cold-start regarding content management.  Do some research, understand your needs thoroughly, review this chapter as necessary, and be an informed player.  It is ok and necessary to query vendors and to learn from them – but you must be able to judge any vendor’s veracity, capacity, and true value.  To do that, you need some solid base knowledge – and you need to fully understand what you expect from the vendor in vetting them against, and in fulfilling, your needs.

Content: Absent CMS, structured data is “Unstructured” relative to the enterprise

Within the emerging necessities for leverage of content, and management of liability, we have to recognize something else.  Absent a comprehensive Content Management System (CMS), not only is unstructured data outside of a central control; even structured data, such as records in databases, and e-mail within systems, is not within a central control.  The records are not leveraged across and with the full enterprise of information.  This is because structured data is only actionable within its own native application; database records within the database application, and e-mail records within the e-mail system, as but two examples. 

Any of your other disparate systems of “managed” data, such as the accounting system, core-business management systems, claims systems, HR systems, and so on, suffer the segregation from other systems’ data and content.  This segregation of data is normally an asset: it is necessary for data and system integrity.  But from the content management perspective, it’s a liability.  Therefore, absent a true CMS, structured data has no “central” control when viewed in the totality of the organization’s enterprise-wide content – much of which is ancillary and extremely important in the context of certain necessary views.  This ancillary content can be other structured content, silo’d in its own application’s control, or it can be relevant unstructured data.

For example, records within core business applications, such as customer or member records, are only searchable, retrievable and reportable through those native applications.  That is, each customer record exists within the control of an application system, and can contribute to report information when combined with data from other customer records, from within that same application. 

Suppose you wanted all the information, as of a certain date, that your organization harbors for a client – EFG Corporation.  Perhaps upcoming litigation is driving your concern.  You want all statuses regarding EFG from your main client business application; all relevant e-mails from respective employees and client contacts; all policies referencing EFG; all letters and correspondence; and location of all hardcopy reports and products regarding EFG.   Without an independent system that manages your content – all content – you cannot automate a comprehensive, enterprise-wide search of electronic content by criteria.  Too, without the electronic cataloging of hardcopy, you cannot query content’s physical location in support of the current need.

Assembling a comprehensive report in this regard would involve searching for data within many controlling systems, manual assembly of some data, and some kind of tedious collation from the many disassociated parts.  Here, your best option is to produce reports from the disparate systems, and then tediously assemble and format information.

And – you’d have no real way of knowing if you had captured all relevant content.  So, in the context of “full asset leverage and liability management”, even structured data is “unstructured”.  If you are interested in, and need, true content management, then you must structure all of your data for dictate by an overarching system in order to achieve ready action and oversight. 

Business users today need a means by which they can approve and review content during its creation and use, regardless of format, regardless of its location.  They must be able to search for and quickly find content.  They must access the most current versions of various content.  They need to be able to repurpose and share content (as opposed to “reinventing the wheel”).  They must have confidence that when seeking content, they are finding all relevant, authorized content.  And, they must identify and dispose of content at the end of its useful life.

Content: The proliferation of unstructured data

We know that business success will increasingly depend on the most efficient use of its information assets.  These assets must be centrally managed for security purposes, and for quick dissemination to where they’re needed.  To do this, we need a special structure around data – all data – to manage it.  But in the vast majority of organizations, information is scattered throughout a variety of resources and vessels.  There is no cohesive, managed plan of access according to actual work, leverage, or liability to be had by the content of the individual information asset.  The data is “unstructured” – that is, there is no ready “handle” by which to identify data according to its relevancy, its level of importance, or its possible liability.

We have things locked up on servers, workstations, filed in various cabinets, and piled on desks.  Content is parsed, fragmented, dispersed, etc., between electronic documents, e-mail, images, and hardcopy – all being managed, if at all, within discreet “silos” of various “systems.”  Under these circumstances, the content is not only difficult to leverage – it is difficult to ensure that the most current version of information is shared across the organization.  It is even difficult to guarantee that the organization’s various disciplines are presenting compatible information to the outside.  Yet, The Gartner Group reports that 80% of all information generated by business today consists of unstructured data.  Compounding this situation is the estimate that the average employee spends 50% of his or her time looking for things. 

What exactly is unstructured data?  Unstructured data is anything that lies outside of a centrally managed, and accessible, “repository.”  (A repository can have special meaning, and we’ll revisit it shortly).  Unstructured data is generally in the form of documents, spreadsheets, presentations, e-mails, and any other electronic form for which no automated central control can be exercised. 

A piece of unstructured electronic content (such as a document) does not represent a “record.”  It does not belong to a community of other records, sharing similar structure and collective maintenance, through a common base of data:  a database.  Therefore, it’s not that we’re refusing to leverage these unstructured items (through the lever of common, related, or timely content) it’s that we’ve never had that lever with this unstructured material. 

Unstructured data also exists in the form of hardcopy data.  When hardcopy has no centrally managed measures for leveraging content, we know that reinforcing subject matter can be scattered throughout all manner of departments and disciplines; residing in filing cabinets, on shelves, on desktops and in desk drawers.  Frequently it’s stacked on the floor, or hidden away in boxes.  Industry analysts estimate that Fortune 500 companies lose $12 billion each year because they cannot manage and take full advantage of unstructured content. 

Regardless of your size – if you don’t know something exists, you can’t use it; if you can’t find it, you can’t use it; if you’ve lost it, you must recreate it; and if it takes time to find it, you’ve lessened your efficiency in using it.  This kind of inefficiency and duplicated effort is plain unaffordable. 

Unstructured Data’s Other Liability:  Consider too that it is impossible for a central authority to state with ringing certainty that your organization is not harboring inappropriate content.  Are you certain that employees aren’t downloading obscene or illegal material?  Can you certify that people aren’t passing around defamatory information through e-mail?  Can you be certain that employees are not using company e-mail accounts to post to Internet sites and blogs (web logs, message boards) that support positions or advocacy that is contrary to your organization’s positions?  Can you be certain that employees aren’t using these same company accounts as reference when ordering products and services of questionable repute?  All of these things leave an audit trail, outside the scope of your control in the absence of content management.  These things can impact your organization’s good name and can bring harm to your business. 

What about hardcopy?  How can you know that laxity and carelessness aren’t contributing to loss of this material?  Anyone can print out sensitive information, take it to an offsite meeting, and leave it behind.  How do you know whether staff is complying with your Acceptable Use Policy for this content and associated resources?  Without some kind of structure for review and report on data, you can be certain of nothing.  This is the gross inefficiency and liability that springs from unstructured data, the associated lack of control, and the uncertainties it brings.  Uncertainties will be increasingly unaffordable to business, as we shall see…

Content: Business enlightenment, and knowing where we are

We must realize that managing your organization’s content requires a strong, steady commitment on Business’ part, and it must in fact be Business’ lead in getting this off the ground.  There must be understanding and sanction from the top.  There must be enterprise-wide sponsorship.  There must be a strong business presence in the BIT meetings.  In specific project management meetings, there must be a solid, knowledgeable business representative for each phase of the project’s implementation.  In this regard, and most others, IT will help design and will deliver the crank that turns and satisfies the process – but Business must define the business requirements and expectations of the crank.  The business process that the crank will turn must first be identified. 

These needs of the business are based on its size, nature, number of locations, volume of content, regulatory requirements, risk management, protection against liabilities, employee oversight, and anything else the business requires of content management.  Don’t make the mistake that so many other organizations make, on so many other initiatives: do not try to make this an IT-driven initiative: Business cannot drop content management on IT and say “take care of us.”  This must be Business-driven.  It is, after all, business-content that will be managed according to internal and external requirements and standards best known by Business. 

Remember that IT can, and should, do research and make suggestions.  But remember too that IT’s primary purpose is to align a right-sized solution to the policy and process defined by, and required by, Business.  When we make projects such as Content Management, and the creation of associated policies, Business-driven, we guarantee Business sanction, Business sponsorship, and full Business participation and commitment.  IT’s participation in these regards is already guaranteed by its report to, and subordinate status to, Business.  For Business and IT:  Make sure that these understandings are “Where You Are.”