Tuesday, May 26, 2009

AIIM Garden State Chapter Meeting - Software as a Service

I am a member of AIIM, which is a trade association and professional organization focused on the Enterprise Content Management market. The Garden State Chapter of AIIM is holding its next meeting on June 18, 2009 at the Woodbridge Hilton. The meeting starts at 5:00 p.m. and goes until 8:00 p.m.

There is a Panel Discussion: With panelists from Adobe, SpringCM and IPS covering "Software as a Service (SaaS) - a Better Solution?"

  • Does SaaS deliver on its promise to lower ECM costs?
  • Where does it fit in the market vs. hosted and in-house models?
  • Learn how companies are leveraging SaaS technologies Hear what the "hot skills" are in SaaS
Go to the Garden State Chapter web site to register.

There are plenty of networking opportunities as well.

Hope to see you there.

Tuesday, May 19, 2009

Adobe Acrobat Requires Critical Security Update

It is astonishing that software that was created to present documents in a "neutral format", Adobe Acrobat, can be hacked. Another case of taking a great product and adding features that eventually take the software far beyond the original architecture and creating security vulnerabilities.

Why is JavaScript even an option in PDF files? PDF files were suppossed to be the safe alternative to documents that you might receive in formats such as Word. I guess that has gone by the wayside.

Here is the link to Adobe's update site.

US-CERT has more detail about the vulnerabilities and other workarounds and protection methods on their web site.

Friday, May 15, 2009

AIIM New York Metro Chapter Presentation - May 15, 2009

I gave a presentation today to the New York Metro Chapter of AIIM on

"Is SharePoint the future of Enterprise Content Management?"

I described how SharePoint fits into the traditional ECM Marketplace, where it succeeds, where it falls short, and where it ventures far beyond ECM. Audience participation was great. We discussed where SharePoint is an appropriate solution for organizations and some of the challenges in implementing SharePoint to solve business problems.

Here is a copy of the presentation.

Monday, May 4, 2009

TechRepublic Reviews Varonis Suite

The TechRepublic blogger Mark Kaelin has a review of the Varonis Data Governance suite.

Here is a link to the review.

Nice to see the product get some coverage, since it is the greatest thing since sliced bread (actually since VMware). The review mentioned three things that are wrong with the product, I take issue with two of them.

Issue 1 that I disagree with:

"Culture shock: The general principle of placing decision making concerning data governance in the hands of employees deep in the organization may be a significant change of policy for many established organizations, especially those with established hierarchical structures and controlling IT departments. "

One of the advantages of the Varonis solution is that you can start small, with one directory if you want, so that there is no need for any culture shock. Security provisioning by the user community can be rolled out as slowly or as quickly as the organization can handle.

Issue 2 that I disagree with:

"Cost and scope: The scope of the Varonis Data Governance Suite 4.0 does not come cheap. Not only will the entire organization have to buy-in to the concept, the initial software installation and training cost will be significant. This suite of software is most likely to be used in larger organizations with very specific and vital data governance needs. "

The cost of the solution relative to the value of the data is not significant and in terms of improved efficiency of IT administration the product more than justifies the cost. We have a number of customers that are small (250 users) and see significant benefit from the DatAdvantage product. Again the "enterprise" buy in is not a necessity for implementing the solution. Behind the scenes the DatAdvantage solution monitors and reports and access without disturbing anyone and the Data Privilege component can be rolled out directory by directory if you so desire.

Sunday, May 3, 2009

How to we keep users aware of security concerns?

An organization can only be successful in securing its data and assests if it is a company-wide effort. Most security failures involve a technical failure(s) as well as a human failure, through social engineering as an example. One of the challenges that we face in dealing with the user community is that we need them to be vigiliant all the time even though the threats that we face come very rarely (or hopefully not at all). I have several thoughts:
  1. Design systems to take the rarity of threats into account and design better "detection" systems in addition to better "prevention" systems.
  2. Vary the reminders that people get about security so they don't become oblivious to them.
  3. Make sure that we design systems so they fail safely.