Box.net or not to Box.net

The Scan Man has had difficulty making sense of the ECM marketplace, especially for small and medium sized businesses.  There are many terrific systems such as those listed below, and also Hyland On-Base, Laserfiche, etc.  But now there are several excellent systems available for free or extremely low cost (compared to the traditional ECM).  Pulling from AIIM President John Mancini’s blog, the following post describes the complicated choices for customers looking for new Electronic Content Management systems (ECM).  Read on…

Geoff Moore and the ECM coolness factor

I recently blogged on the theme The Cool is Back in ECM, reflecting on my attendance at two widely varying industry events, the Box.Net BoxWorks conference, and IBM’s Information on Demand.  My conclusion, based on my data point of whether my kids had heard of the entertainment (ECM passed the test this year!) is that the Cool is Back in ECM.

I did find myself after writing that post wondering, “How could both statements — ‘BoxWorks was Cool, IBM IOD was Cool’ — be true within the same content management space?”

I came across this diagram by Geoff Moore in his new book Escape Velocity that started me thinking, as Geoff’s stuff often does.  Good book; get it. (Some of you may remember that Geoff did some work for AIIM last year on Systems of Engagement and the Future of Enterprise IT.)

So per this diagram, there are two flavors of content solutions, one focused on a sweet spot that is rich in complexity and depth and focused on a finite customer set with enough scale to take advantage of information complexity and deep analytics (e.g., IBM, Oracle, Open Text, EMC).  The second is a set of solutions that have been built from the assumption of simplicity and scale and focus on a very broad customer set (e.g., Box, DropBox, SkyDox, Yammer, Google Docs).

And yet even within the dichotomy of this model, there seems to be some nuances and complexities to think about relative to our industry.

• The kind of scale represented by volume operations and often introduced via a freemium to premium deployment model offers all sorts of value to small and mid-sized organizations that used to be shut out of the content management solutions space.  SharePoint started here, working its way into the enterprise initially as a freebie through IT types.  Google Docs did as well, starting with individual consumers. Companies like Box and Yammer started here as well, often with customers in organizations frustrated by the limits of their own IT departments.
• But at the same time, the longer term dynamic has gotten progressively more complex. The volume game initially plays out through the prism of the number of customers, and that lends itself well to the freemium-premium model.  But the game in our industry ultimately plays out through the number of seats that someone is willing to actually pay for, and the place for that volume to ultimately be found is among the companies who are often customers on the complex systems side of the house.  Thus it creates a need for the volume players to connect themselves to the complex systems game.
• And if that wasn’t complicated enough, the expectations for simplicity and ease of use and ease of implemention in the volume game ultimately carry over into the complex systems game. Driving prices down for users and creating a demand for simplicity.

Gets me a bit dizzy.  I guess I should take some comfort in the F. Scott Fitzgerald quote, “The test of a first-rate intelligence is the ability to hold two opposing ideas in mind at the same time and still retain the ability to function.” [Note: My wife would likely question both the intelligence part and the ability to function part.]

How open-source can improve cloud security

The Scan Man is asked about document storage every day.  Should I buy more disks for the server?  Should I use a document management system?  Should I go to the cloud?  The big barrier for many in regulated industries, like health care and finance, is security.  The following article from Government Computer News discusses the benefits of going open-source to improve data security in the cloud.  At Modern Image, I recommend the open-source TrueCrypt to my clients for preserving the security of their important documents.

How open-source can improve cloud security. By Rutrell Yasin

Security is often cited as hindrance to adopting cloud computing, but a cloud environment that makes use of open-source software could actually improve security, according to a panel of experts.

Open-source software can give organizations a greater universe of expertise to draw on, which can come in particularly handy when they’ve been hit by a cyberattack, said Gary Galloway, deputy director of the State Department’s Office of Information Assurance.

Ninety-nine percent of organizations have been hacked or attacked, he said. When that happens, the security team has to bring in experts from the security providers whose products they are using to help solve the problem.

“If you have an open-source version of Linux, you don’t necessarily have to go to a proprietary vendor and find experts,” he said during a discussion on open-source and cloud computing at the Red Hat Government Symposium held by FedScoop at the Newseum in Washington, D.C., Nov. 16.

“You have a wide range of expertise” to come in to help fix the problem, Galloway said. One example: You might be able to use an intern who is a math or engineering major at the Massachusetts Institute of Technology.

Regardless of whether it is an intern or someone else, it should be someone with experience in solving security problems, said John Weiler, managing director of IT Acquisition Advisory Council, an association working to improve government procurement issues.

The point is that you have access to a wide range of expertise, Galloway said.

Open-source software has forged partnerships between industry and the public sector, said Chris Runge, senior director of solutions architects with Red Hat. He cited the work with the National Security Agency and other organizations 10 years ago to develop a secure version of the Linux operating system, now known as Security-Enhanced Linux, or SELinux.

Red Hat, for its part, has developed new technology that extends access control down into the hypervisor that manages virtual machines, Runge said, noting that hypervisors are becoming the attack vector people are going after.

Opponents of cloud computing use security as an reason to avoid moving to the on-demand computing model, but in many cases that is a cultural response not based on evidence or fact, Weiler said.

Security practitioners are measured based on how well they prevent occurrences of insecurity, he said. More real-world analysis should be done on the security posture of existing systems, which might be 10 times more insecure than moving to a new system that has 1 percent of security exposure, Weiler said.

There needs to be more real-world analysis where organizations are measuring if they can afford perfection at any point in time and analyzing how secure are the legacy systems and the cost of maintaining that security posture, he said.

VA’s massive 100K tablet buy geared heavily toward clinicians

The Scan Man sees this massive iPad purchase by the VA as a crucial step in implementing true EMR.  Read the article from Fierce Mobile Healthcare:

Less than a month after announcing a 1,000 iPad pilot test, the Department of Veterans Affairs is ready to go whole hog and purchase as many as 100,000 tablet computers, many of which will go to clinicians.

Even before the test results are in, VA CIO Roger Baker is projecting that tablets will transform the way medicine is practiced in the VA’s 152 facilities, according to Nextgov.

The VA’s new penchant for tablets may give Apple its first clear shot at the government IT market, where it has lagged behind Dell and RIM (Blackberry) for several years, reports Nextgov. Even with Apple clearly a leading contender, though, Baker and other VA officials insist they will not limit themselves to iPads, and will support Android and Windows OS tablets. The VA also will allow a mix of personal- and government-owned devices.

RIM’s PlayBook may have a jump on the competition, as it received a security certification from the National Institute of Standards and Technology in July. Apple has a certification request pending, NIST officials tell Bloomberg Businessweek.

But the VA isn’t waiting for vendors to create a totally secure device. Instead, officials have asked the mHealth industry for information on mobile management systems to secure email streams and control access to agency networks.

It’s a problematic approach, according to Rick Dakin, CEO of Louisville, Colo.-based IT risk assessment firm Coalfire Systems. His take: During data transmission, the key to decoding a message is embedded within it, offering a chance for hackers to gain access. Many mobile management systems do not protect the embedded keys, Dakin says.

Once they’ve sorted out the devices and security concerns, what kinds of apps will your VA colleagues be using? While the first project on the runway for the tablets likely could be based on computerized patient records, Baker revealed in a media briefing that apps for heart rate monitoring and on-the-spot blood analysis also will be top priorities. Baker also is eyeing remote patient monitoring and telehealth to provide care to veterans at home.