C3 Associates Inc.

It’s a debate that is as old as the information management industry itself (which isn’t really that old, but bear with me). Users want to collaborate freely and access the internal information they need while your IT security team wants to information shared only on a “need to know” basis.
I side with the users on this one, but not because I think IT security types are wrong or misguided. I think that information wants to be free and that by adopting an “open by design, closed by exception” security model, you can keep everyone happy.

Here are a few common objections I have heard from IT security teams and my responses to each:

1. You’re telling me that everyone gets access to everything? What about HR information or trade secrets or other sensitive information?

   Open by design most definitely does NOT mean that everyone should have access to everything. It’s easy to get stuck on the “open by design” part and forget “closed by exception”. There are most definitely categories of information that will be tightly controlled. Most organizations will have rules about who can access contractual information and most are governed by privacy and information disclosure rules. The benefit of Enterprise Content Management (ECM) systems is that you have the option of managing access to this information in a more granular way than you can on a shared drive. If the system is used properly, links to content distributed within the organization will only allow privileged users to access information. Your ECM rollout must abide by the rules but these rules are not an excuse to lock down all information.

2. The “need to know” principle means that if someone needs information to do their job, they will have access to it.

   The best thing about an information management system is the power of ad hoc information discovery.

   If you don’t know what you don’t know, how do you know you need access to it? If valuable information doesn’t come up in a search result, how do you avoid re-creating it or making decisions without the benefit of this information?

   It’s a case of risk vs. reward. Your organization needs to decide if you are more worried about the risks that come from people finding information they shouldn’t (a risk which is still mitigated by the “closed by exception” part, as noted above) or if you are more interested in promoting knowledge sharing, collaboration and information discovery. I will always take the side of more information sharing over less; the “weak ties” we develop through finding information created by others help us expand our knowledge exponentially. Sociologist Mark Granovetter first came up with the concept of “the strength of weak ties” and Andrew McAfee and others have applied it to information management. Basically, this principle says that we learn more from those we know peripherally than from our immediate colleagues; we already know what they know and we tend to become insulated and single-minded in our decision making. By expanding your network to people you only know somewhat, or people you don’t yet know at all but have read a document authored by them, you will gain new perspectives and are much more likely to come up with creative solutions.

3. If everyone has access to information they will misuse it.

   I fundamentally trust people. Maybe that’s a shortcoming of mine but in a corporate context, I trust that the vast (vast) majority of people are trying to do the right thing for the organization. If not, you’ve got far bigger problems than information security. The “open by design” principle does not mean that just anyone can edit all information; most information will be read-only and some will be less than that (i.e. see that the content exists but not the content itself). ECM repositories also have versioning and audit capabilities, so it is easy to see who accessed or changed a document and to roll back a version if necessary. This is difficult in an ordinary shared drive scenario and impossible if you can’t find the information in the first place!

   To address the concern that people will share information inappropriately outside of the organization I suggest making sure everyone understands your appropriate use policy. No, I am not so naive that I believe everyone will follow the rules just because they are the rules, but that’s why ECM systems have security policies. If information is truly sensitive it should be secured. If not, is should be open to all users within your organization. Simple as that.

Most conversations about enterprise information or records management  these days seem to involve SharePoint in one way or another.  Many organizations are finding that information management is not meeting their expectations and some are wondering if SharePoint 2010 as the answer to all of their problems.  Whether this push is coming from IT hoping to reduce costs, your portal team hoping for a new intranet or your user community hoping that that SharePoint will be easier to  use (or all of the above), there can be no doubt that many organizations are considering a move to SharePoint.

Microsoft has done a great job of driving this conversation through the functional improvements in SharePoint 2010 and also through some aggressive and effective marketing, but is SharePoint the answer for all of your content management needs? 

Here are eight things to think about if you are thinking about migrating your records and information management platform to SharePoint.

1. Customizations, system integrations and modules.  Most implementations involve at least some customization, and most include a variety of vendor or third party modules.  Because of this, considering a move to SharePoint is not a simply a matter of copying over your content.  You will need to think about whether SharePoint has equivalent or "good enough" functionality to replace these customizations, integrations or modules without breaking your business processes.  If not, you will need to think about the costs to rebuild an integration, re-buy a particular module (if it is even available for SharePoint) or change your business process. None of these things should be taken lightly and there can be a significant effort associated with each. 
2. How important is records management and compliance?  Yes, SharePoint 2010 has records management capabilities but this is relatively new within the application and there is a great deal of debate about whether SharePoint RM will truly meet your needs (James Lappin feels there are significant shortcomings in SharePoint records management, Mike Alsup disagrees).   This is a decision you will need to make in consultation with your content owners, legal team and regulatory compliance group.
3. Business drivers. It is important to consider why  you want to move to SharePoint. Cost savings? Usability? Spite? Okay, scratch that last one. As with any decision you need to think through your business case ahead of time. What is the value proposition for moving so SharePoint vs.  the cost of continuing to use your other system?  Is it feasible to integrate the two systems?  It is important to consider all of the potential benefits and pitfalls, efficiencies and costs for swapping out your system.  Try to be as realistic as possible and quantify both the costs and benefits; I find a good place to start is a simple SWOT analysis.  Once you have an understanding of what you hope to achieve, build measurable objectives and create key performance indicators (KPIs) to track your progress.  This is a standard process for the analysis and execution of any business decision but it never ceases to amaze me how often emotion comes into the picture when considering SharePoint.
4. Does your platform speak the same language as SharePoint?  SharePoint works in a certain way; sites are contained within site collections and everything can be tied together with custom metadata columns and content types. There is a large and growing list of add-on modules available.  SharePoint is considered by many to be a development platform and SharePoint also has some intriguing social, portal and business intelligence capabilities.   You need to consider the use cases and information architecture of your current system and determine how closely you want to replicate that system. More importantly, you need to decide whether SharePoint will let you or whether you will be under-utilizing the functionality of the tool if you try to copy your existing system too closely.
5. Content migration is no fun.  Once you've figured out how you will map your existing system to SharePoint you will need to plan the migration itself.  You will need to make decisions about which groups go first (it is unlikely that you will be able to do a "big-bang" migration) and about whether you bring across all document versions or just the latest ones (this will likely vary by group). How will you handle content from departed users?  What about URLs linked between documents and to other places? How about your security model? Who will update your information governance policies and practices? (You dohave information governance policies and practices in place, right?  If not, see here for a primer on the importance and challenges of implementing information governance).
6. Pick the right project team.  This is not, Irepeat notan IT project.  Managing user impact and business process change will be the biggest job for your project team.  Finding a team with strong information management skills is critical as they will understand the specifics of how information needs to be mapped between the two systems. At the same time, you will nee strong business sponsorship to provide guidance, set priorities and give you an escalation point when the going gets tough.
7. Are you ready to get social?   If information wants to be free (and it does), information really wants to be free in SharePoint.  SharePoint started life as a collaboration tool and although it now has a powerful security model, the system works best when most information is available to most people. You need to consider what capabilities the average end user will have; what will people be able to do with their My Sites? Can everyone blog? Who can create a new list, library or team site?  These are fundamental questions of SharePoint governance but be careful not to lock the system down too much. And these considerations are much more than just technical; there are cultural questions that need to be considered as well. This is true of any information management system but is especially important when working with SharePoint.  
8. Infrastructure. Are you a Microsoft shop? How up to date is your SQL Server environment? Do you have some 64 bit servers kicking around? What about Active Directory? Which version of MS Office are you running? The specific requirements for SharePoint 2010 can be found here: http://technet.microsoft.com/en-us/library/cc262485.aspx.  Although these are fairly high-end specs it really isn't out of the ordinary by today's standards. At the same time most organizations will likely need to upgrade at least some components. You will also need to consider how you will do the content migrations themselves. You will need a test environment to bring across the data and may need a tool to extract, transform and load the documents and metadata from your legacy system as well. 

The bottom line is that the benefits of moving to SharePoint are not automatic and may not be there at all.  Many of my clients are taking a hybrid approach; adding SharePoint on top of their existing information management platform.  Management of this hybrid solution begs many more questions, but may be a part-way solution if your organization is considering a move away from your current platform to SharePoint.  If you do decide to migrate, it is important to recognize that it will very likely be a long and complicated process.  Before you commit, it is critical to understand why, when and how you will complete the migration.

This is the second of a two-part series that summarizes the main points in the ongoing debate about the impact of Microsoft SharePoint on the ECM community.  Last week I reviewed several reasons why traditional Enterprise Content Management vendors will continue to thrive despite Microsoft's push into the ECM space.  This week, it's Microsoft's turn.  As before, my goal is to summarize the key points in the discussion about the impact of SharePoint and allow you to draw your own conclusions.

Please leave your feedback or comments below, drop me a note on Twitter or feel free to contact me directly at greg.clark@c3associates.com.

Here are a few reasons SharePoint may become the dominant force in the Enterprise Content Management space. 

1. SharePoint 2010 is more than just basic ECM.  Where SharePoint 2007 could still be considered "basic content services", SharePoint 2010 has addressed most of the shortcomings that prevented this platform from competing head-to-head with traditional ECM tools.  A couple of months ago I summarized the eight reasons SharePoint 2010 is a true ECM system and based on the feedback I have heard from several of my clients, most feel that SharePoint has reached the tipping point where they will start to seriously consider shifting their ECM platforms over to SharePoint.  For most organizations considering a net-new ECM implementation, SharePoint is often the only candidate, especially where the organization is already committed to the Microsoft stack.  Microsoft has invested heavily in building out key ECM functionality like records management and has significantly improved SharePoint's ability to handle metadata and very large lists, among many other improvements.  The list of functional differences between SharePoint and traditional ECM systems has become so small that traditional ECM vendors will have an increasingly difficult time differentiating their products from SharePoint.  
2. SharePoint is the silver bullet of user adoption.  User adoption is a challenge that has dogged the ECM industry from the very beginning.  Many organizations feel the only thing preventing ECM from becoming truly successful is a poor user interface that limited user uptake (for an excellent summary of this question, read the wisdom shared by experienced ECM practitioner Mike Alsup, who reminds us that user adoption is about far more than a slick user interface), it seems that everyone wants to believe that SharePoint 2010 is the answer to all of their prayers.  Whether it is or not seems almost beside the point; perception is reality and that poses a big problem for traditional ECM vendors.  The fact remains that SharePoint offers an excellent user experience. To Microsoft's credit, SharePoint has been designed with the information worker in mind.  The tool "thinks the way the worker thinks" and user uptake of SharePoint tends to be quick and requires minimal training. This can pose a problem where the implementation is unplanned, leading to a rapid  proliferation of SharePoint sites and some would argue simply replicating the shared drive mess in SharePoint. However, as integrators and Microsoft partners learn how to plan and govern SharePoint deployments, the intuitive user interface will help SharePoint dominate the ECM space in the same way that MS Office has dominated the desktop.  
3. Size matters. The sheer scale of Microsoft poses a big problem for traditional ECM vendors.  They clearly can't outspend Microsoft on marketing and Microsoft's partner ecosystem is unmatched anywhere.  In the first part of this two-part series I said that one key advantage for traditional ECM platforms is their strong vertical story. This could be quickly eroded by many of the partners who have built and continue to build tightly integrated solutions suited to nearly any industry you can think of.  Yes, traditional ECM vendors have a head start in this area but Microsoft and their partner are hot on their heels.  Further, there is a wealth of SharePoint information freely available from MSDN, Codeplex and the many thousands of SharePoint MVP and partner blogs and websites.  It seems that if it can be known about SharePoint, it will be available somewhere for free and this will lead to rapid innovation and an improved product.  
4. SharePoint has a strong social story.  SharePoint started life as a collaboration platform and has evolved from this into a social computing platform. As the demands grow to provide Facebook-like tools in an enterprise context, SharePoint is very well positioned to meet this need. SharePoint may not be best of breed but many enterprises seem comfortable collaborating using a platform from a know n quantity such as Microsoft. To date, the efforts of traditional ECM vendors to "socialize" their platforms have not received widespread adoption and there are questions about their continued desire to play in this space in light of stiff competition from Microsoft.  
5. SharePoint is much more than just ECM.  SharePoint is a portal, a document management system, a business intelligence tool, a records management system, a social networking platform, a web content management system, development platform and an enterprise search tool.  Many established ECM vendors can say many of these same things, but the Microsoft story is especially compelling for organizations already committed to the Microsoft stack.
6. Microsoft will win because they're Microsoft.  The intangible advantage that Microsoft has is based on their history. Whenever Microsoft sets their mind to do something, very little will get in their way.  Remember the early days of the relational database wars?  Ask yourself when the last time was that you came across a Sybase database and you have some idea what that might mean for some traditional ECM vendors.   And if you don't think Microsoft is targeting traditional ECM vendors with SharePoint 2010, think again.  With SharePoint 2007, Microsoft started the process of embedding SharePoint into their core Office suite but was clear that most organizations still needed a traditional ECM system for the higher ECM functions. For more on this, see my blog post outlining some of the functional gaps between SharePoint and traditional ECM. With SharePoint 2010, Microsoft has changed their focus from partnering with traditional ECM to trying to out-compete them (of course they won't say this officially but their all-out marketing push at the 2010 AIIM show is a clear indicator).

I hope this short series has been useful. I'm sure there are other reasons why SharePoint may or may not dominate the ECM space and I am keen to hear your perspective. 

Please leave your comments below and I will reply as best I can.

…because my wife and I are celebrating the arrival of our second little girl. Miranda Joan Clark joined our family on Wednesday May 9^th at 6:42 PM weighing 7lbs 4oz (or exactly 3300 grams for those of you who prefer the metric system). Mom and baby are doing well dad is extremely proud of both of them. I expect to be back at it sometime mid-May.

…because my wife and I are celebrating the arrival of our second little girl. Miranda Joan Clark joined our family on Wednesday May 9^th at 6:42 PM weighing 7lbs 4oz (or exactly 3300 grams for those of you who prefer the metric system). Mom and baby are doing well dad is extremely proud of both of them. I expect to be back at it sometime mid-May.