You are not logged in. Please log in or become a member to unlock your benefits.

Information Coalition Community Blog

Information Coalition: Resources For Your Enterprise Information Success.

Debate Over “Content Services vs. ECM” Misses the PointTemplate for Event

"ECM is dead." "Content Services are the next generation." "I've got a brand-new pair of roller skates."

If you think that last quote is a non sequitur, you're right! But so, I'd argue, are the other two, because neither speaks directly to what both really are all about:

Improving the "care and feeding" of your business-critical information.

You know what else? I bet a large majority of organizations wrestling with information management issues today haven't even heard of content services – and most of these probably aren't familiar with ECM either.

This is not a criticism; if anything, it's a compliment because they're probably wrapped up in their day-to-day and don't have time to be distracted by such things.

It is a caution of sorts, though, for some in the professional market-watching game – and their devoted followers – who think what things are called, and how things are grouped and counted, is more important than how to use those things to solve business problems.

To be fair, these items probably are more important to folks like that because categorizing and quantifying market segments is what they do for a living. But for customers, the point is and must be something quite different, namely to bring order and discipline to the way their information is protected and used.

This is why the debate over content services vs. ECM misses the point. Both should be part of the discussion since both can be significant pieces in the overall puzzle, the latter most properly as a business practice and the former as an enabling technology set. But neither is The Answer unto itself, so it's not an either/or proposition.

So sayeth me. What sayeth you?

______________
Steve Weissman,
The Info Gov Guy™| 617-383-4655 • steve@infogovguy.com
Principal Consultant, Holly Group • Co-Founder, Information Coalition
Member, AIIM Company of Fellows


Rate this blog entry:
0
0 Comments

Information Management: It’s Safe to Go in the Water

"Overwhelming"

"Complicated"

"Scary"

Quotes from a movie poster? A book jacket? A Congressional hearing? No, merely a summary of my latest People's Take* on the state of information management today.

From one: "All I want to do is scan stuff into my system, but they keep shoving content management at me. Except now it's not that, but 'content services.' What the heck is THAT?"

From another: "I'm just trying to shorten my billing cycle, but every conference I go to is full of sessions about the cloud and analytics. Do I need to care about these?"

From a third: "Information governance, big data, business intelligence … it all sounds so impressive. But I'm not sure how they relate to me. And what happens if I pick the wrong one?"

First of all, there isn't a "wrong one" per se since each of these disciplines involve essentially the same best-practices when it comes to the "care and feeding" of your business-critical information. There are differences in the details, but you'll be find if you do your homework properly.

Second, you need to care about them all, but the lens through which you view them has to be the business problem you're trying to solve. You'll find much of the confusion and obfuscation disappears when you ask your questions in the context of your specific need. So don't worry about what the technology is called; concentrate instead on what it can do.

Third, don't wait to figure it all out before taking steps to improve your situation. There's a cost to continuing to do things the way you do now, and there's always something new coming over the horizon. Delaying until you know everything about everything will only push your action off for months more.

  • You can begin categorizing your paper documents today to prepare to scan and store them.
  • You can map your billing process today to identify choke-points and quantify throughput goals.
  • You can start articulating your information-related pain-points today to identify which specific discipline(s) / technology(ies) you should investigate.

Dale Carnegie said, "If you want to conquer fear, don't sit home and think about it. Go out and get busy." I say, be like Dale, and dive right in!


*My "People's Take" is a regular bit of informal research conducted to gauge customers' thinking regarding the "latest and greatest" concepts and technologies. Turns out they're usually more in tune with their thoughts than anyone else!


_____
Steve Weissman, The Info Gov Guy™|617-383-4655steve@infogovguy.com|Principal Consultant, Holly Group•Co-Founder, Information Coalition|Member, AIIM Company of Fellows

Rate this blog entry:
0
0 Comments

Malware attacking your computer

If you input Startgo123.com in your browser, that may redirect you to a strange page. You will see something that looks like a Facebook page. It features a YouTube video and may display extra URL: denizpeldihaberi.com. The address varies from case to case.

Do not click the video. Clicking the link launches the installation of a critical virus. It may affect Facebook and overall computer settings.

If you still proceed with the above dialogue, the page will invite you to download some freeware. It may call it VideoCovertor. The naming does not correspond to the item actually available.If you go that far, do not download anything. The download contains a virus. Leave the tricky page and restart your browser. Apply free scan solution, preferably the one available herewith.

Startgo123 is a browser hijacker. It affects a range of browser adjustments. On the surface, you will experience redirects to annoying ads; your new tab, default search, and similar preferences willchange as ordered by the malicious invader.

IT security has notified the Internet community of this risk. However, it tends to ignore the viral background ofthe adware.Unlike most of the advertising apps, Startgo123 does not just generate web-traffic. The above facebook example indicates the rogue may drop a critical malware. Removal of Startgo123 hijacker is thus a matter of overall system security.

The infection harnesses a range of routines to get into target computers. The most common infection vector resorts to a bundled download scheme.The latter implies the victims download something attractive from the web. For instance, you may want to download a video converter. There are hundreds of options, most of them free. There's no such thing as a free lunch. As you grab warez or freeware or such like free unverified contents, beware of the concealed items attached to the target. That is to say, a free video converter installation includes the adware introduction without adequate notification of the user concerned.

The bundling infiltration prevails but does not exclude other options. In general, poor security performance, failure to update software enable alternate infecting scenarios.

Adware like the one described above is nasty but not as dangerous as the Crypt0L0cker virus. It is a file encrypting ransomware that locks all your data and demands ransomware payment to decrypt it. It uses very strong encryption techniques and cannot be decrypted. Only hackers who have the private decryption key may unlock your files. To stay safe and you should make regular backups of your files and system

Rate this blog entry:
1
0 Comments

Information Quality: One Goal, Two Meanings

England and America are two countries separated by the same language – George Bernard Shaw

In the same way, businesspeople and ITers often are separated by a single phrase: "information quality."

Both cite it as a prime information governance objective, but when you get right down to it, they don't always use it to mean the same thing.

For the business set, "quality" is typically defined in terms of accuracy – as in, is the data before me factually correct?

For the technology-minded, "quality" is generally defined in terms of integrity – as in, is the data I'm working with secure and unaltered?

The distinction here may seem subtle, but it's actually quite critical because it's entirely possible – and often extant – to have well-protected information that is just flat-out wrong.

Case in point: a machine shop fabricates 2-inch pipes per a carefully-managed internal work order, but the construction crew later discovers the original contractor-created design called for 2-inch tubes (the difference being inside vs. outside diameter). At that point, the difference between "accuracy" and "integrity" becomes stark indeed as the parts simply won't fit and the crew has to stand around, awaiting instructions.

So the question is: what does "information quality" mean to you, and does it mean the same thing to anyone else in your organization?

Rate this blog entry:
0
0 Comments

Fax & InfoGov: An Older Medium at Large

I went back to the Major National Bank yesterday to complete some parents'-estate-related account-opening tasks, and couldn't believe the gal helping me was told by some back-office document people to send a specifically-worded note to them – not by email but by fax.

The surprise wasn't that the bank still relies on this older medium from time to time – I've been writing about this for quite a long while (see this post from 2012, and this one from earlier this year). Rather, I was stunned to learn that the bank requires fax for some of its internal communications.

You would think that email would be the preferred medium to use in such a case given the end-to-end control the bank has over its infrastructure and the protection thereof. OK, maybe the faxing takes place over an internal VoIP connection and is similarly well secured. Why then give up the down-the-road process efficiencies associated with a "born digital" document?

I don't have a good answer for this, and the people yesterday were neither the right people to ask about it nor paying clients, so I simply went along. And in the end, the process worked, and I got done what I needed to do.

But I can't help but think this accomplishment was achieved in spite of some of the information governance decisions the bank made, not because of them.

What say you?

Rate this blog entry:
0
0 Comments

Rock, Paper, Scissors – IG Style

In the world of information governance:

  • People … defeat Policies
  • Policies … defeat Litigation
  • Litigation … defeats People

And you can quote me on that!

Rate this blog entry:
0
0 Comments

Understanding The Information Strategist

Understanding The Information Strategist
The world of associations and groups that serve the enterprise information sector currently looks something like this:

Each association and group has a body of knowledge and a specific profession, that leverages enterprise information, and focuses on that specific profession (e.g. Records Managers are served by ARMA, ECM is served by AIIM, Privacy Professionals by IAPP, etc.). The Information Coalition serves a gap in this structure that isn't quite visible in our typical understanding of associations and groups, let me show it to you...

You can find the gap with me by asking some very simple questions:

  • Which group sets organizational policy?
  • Which group is "in charge" of information?
  • Who coordinates between the various roles?


Who is it that does that cross functional work that aligns enterprise information policy and structure across disciplines? In some companies it's the CIO, in others it's the CTO, in many others (I daresay most), it's no one at all. There's the huge gap. We call the people that fill that gap, whatever their official title, an information strategist.

It's the information strategist, and the people that are de facto Information Strategists, that the Information Coalition serves, and we believe that the real picture of where things are going is something akin to this:

We believe that the information strategist's role is incredibly challenging and incredibly important, whatever their official title may be (CIO, CTO, CIGO, Information Manager, Records Manager, Privacy Director, etc.).

The deep knowledge of the associations and groups that cover our broad sector should be cherished and honored; but let's be clear - we aren't that. The information strategist needs to have knowledge across disciplines, a bit of everything. The information strategist needs to have knowledge about how to align the various disciplines. This is where we serve and it shows in how we operate.

What many don't know is that we invite as many of the groups you see above to speak, present, and display at The Information Governance Conference. A few have taken us up on that offer (ARMA has in the past, the ICRM board has joined us, and IAPP and the PDF Association will be joining us this year).

Unfortunately, some have decided to not take us up on our offer, viewing us instead as competition. We'd like to clear the air and help everyone better understand our positioning, so that we can all move forward, together, and help our various professions advance, together. Consider this an open and public call to any and all of the aforementioned groups (and any we might have missed) to come and join us this year. We are paying for the costs of their registration and their tables (which we are charged for by the convention center) ourselves, that's how deep our commitment to this cross-functional work is.

As for the Information Coalition, we're continuing to gain momentum and are growing at a breakneck pace, not because we are fighting against the disciplinary focused associations. We're growing because we are enhancing their offerings, providing guidance on how to move from the tactical roles of a specific discipline into the broad role of an information strategist. If you're seeing your role shift towards the role of an "information strategist", join us, our basic membership is free (and we're committed to your success) and ALSO join the association that serves your specific domain of knowledge, we all have a role to play in the future of our professions.

Rate this blog entry:
5
0 Comments

Cyber Crime: Investigating Bitcoin Transactions

First of all, this article assumes the reader has a basic understanding of the innovative technology called blockchain (​Editor's Note: If you do not, check out this article from O'Reilly, "Understanding the Blockchain"). You just need to realize the blockchain is a sequence of data records maintained as a distributed database. It is a peer-to-peer system. Nobody has exclusive permission to add or remove records thereto, yet anybody can do that. Any entries must satisfy strict rules. It is a public, open-access list of data blocks. However, it is not available for revision and tampering.

The technology is capable of accommodating a number of inventions. Bitcoin is but a first breakthrough. One can compare it to the beginning of the world wide web era. For the time being, any of the search providers, social networks, accommodation and travel websites had not yet developed a worldwide recognized business. Would anyone expect Google to become a global corporation with a budget exceeding that of many world's countries?

The blockchain today makes its first steps like the web 30 years ago. Public opinion tends to associate it with Bitcoin while sees the latter as a nursery for a black hat hacker's transactions. True, before we unleash the white power of the chain, its black power needs to be oppressed. Given the current development of cyber technology, the law enforcement and businesses enjoy a unique opportunity to explore the blockchain. It is a fast, safe and stable financial tool.

Meanwhile, the cryptocurrency poses a range of challenges to the public security, for example when dealing with ransomware. To start with, a Bitcoin wallet does not necessarily refer to a particular person. Any kinds of virtual money are hard to trace back to a specific person or company. International law enforcement agencies follow quite different regulations in tracking virtual currencies.

Again, these are the issues inherent in any online transactions. On the other hand, the blockchain features a number of exclusive benefits in terms of public disclosure, stability and traceability.

The first one is really stunning for a newbie. It may dramatically change public opinion regarding the subject matter.

Rumors have it the Bitcoin ensures complete anonymity of the parties. That is not quite true. Anybody using Bitcoin must have a unique address. In case it is possible to link that address to a specific person, you are able to track down and all the transactions in which that person has taken part utilizing that address.

A Bitcoin user may try all sorts of tricks to cheat the system and remain anonymous. For such cases, a number of counter-measures are available. But blockchain provides a more sophisticated option for the crime investigators. Investigating Bitcoin transactions differs greatly from the old-school online transactions.

The exchanged Bitcoin data remains intact as long the blockchain exists. In other words, the data logs are always available. It can be used at any time any case filed to the Court may reasonably need it. The design of the public ledger implies its data, once deposited, is to be retained forever.

Quite in contrary, using traditional bank accounts and switching providers from different countries the cyber criminals manage to bewilder the law enforcement. The investigators often apply enormous effort to find to the final mediator and eventually put their hands on the hacker's keyboard. When they are about to reach the target, it escapes as the finance institution just does not retain the records long enough.

Third party issues. In the case of online bank transactions, there is a concept of a Third Party Doctrine. It basically declares that, once you have exposed your data to your bank or similar entity, you are aware of the risk that other parties may reach it. It is the above doctrine that the authorities use to obtain logs relevant to the suspect's cell phone or account number without going through the complex system for obtaining relevant permits.

The doctrine still requires the law enforcement to get a subpoena. Besides, the court, governmental, public, and research bodies keep on discussing the viability of the doctrine.

If you need to trace a blockchain transaction, it remains forever and is available to anyone. Any search warrants or subpoena do not apply as such.

The bitcoin knows no borders. Indeed, cybercrimes committed overseas are harder to investigate. With traditional online currencies, one would need to go through a troublesome MLAT (Mutual Legal Assistance Treaty) routine to get the foreign authority to assist you in the investigation by disclosing the data available within their jurisdiction. Bitcoin is beyond any governmental system. You can get the data whenever you reside. All you need is an Internet connection.

Rate this blog entry:
7
0 Comments

Meet Zepto, a new ransom Trojan in the Locky family

Enter yourIt has been a month since a tangible decline in the spreading of the Locky ransomware occurred. Back then, experts discovered that a supporting botnet stopped functioning, which explains why the number of infection incidents dropped dramatically. The comeback of both the botnet and the crypto malware in question, therefore, isn't accidental. The new iteration reportedly uses the same data encryption technique but differs from the forerunner in several ways.

First off, the ransomware now appends the .zepto extension to files instead of the previous .locky one. Secondly, the names of files holding the ransom instructions have altered, with the _HELP_instructions.html and _HELP_instructions.bmp combo being dropped on victims' machines. The format of tweaked filenames proper underwent a modification as well. While the preceding variant replaced the names with uninterrupted strings consisting of victim ID and 16 hexadecimal characters, the new one uses five blocks of symbols separated by hyphens.

The distribution of the Zepto version rests upon large volumes of spam. By leveraging the automated botnet, the ransomware operators are able to generate thousands of contagious messages sent to potential victims around the globe. These are emails pretending to be tax reports, invoices or CVs. The attached ZIP or Microsoft Office files are programmed to execute Zepto as soon as the users open them.

The infection encourages victims to visit the Locky Decrypter Page, which contains tips on how to purchase Bitcoins and a Bitcoin address to send the ransom of 0.5 BTC. After the payment has been confirmed, the service will allegedly provide a link to download the decrypt solution. Just like in the average ransomware breach scenario, paying up is the last resort. Before doing so, users should try to recover their data using an alternative methodology based on forensic tools and the built-in Windows backup features.

Tags:
Rate this blog entry:
1
0 Comments

For ECM Solutions it’s Configuration versus Customization

For years I've been in discussions where the conversation bounced between "build" versus "buy: decisions for a ECM (Enterprise Content Management). Before 2000, managing any large collection of documents, either to a specific business case or all documents, meant building your own document management system or buying an existing document management system. Over the years, the conversation has moved away from the generic managing a large collection of documents to managing specific types of document collections; accounting, compliance, legal, personnel, etc. Some vendors still want to talk about build versus buy.

I think we can all agree that building an ECM platform from scratch, with all the proprietary and open-source solutions out there, is a wasted effort. Solving content problems has become about the "last mile." It's not "Build versus Buy" but "Configuration versus Customization."

ECM Is a Platform

So let's start by looking at two definitions from Gartner:

A solution is an implementation of people, processes, information and technologies in a distinct system to support a set of business or technical capabilities that solve one or more business problems.Enterprise content management (ECM) is used to create, store, distribute, discover, archive and manage unstructured content (such as scanned documents, email, reports, medical images and office documents), and ultimately analyze usage to enable organizations to deliver relevant content to users where and when they need it.

For years, I have seen end customers looking to manage specific business documents. It was IT that recognized they needed to solve these separate business problems with a single platform. This created the IT goal for a single ECM a platform. Without visibility of existing business solutions, IT usually won the decision. Today, business solutions and their capabilities are becoming more visible.

Now let's look at how far we get after spending $100,000 on an ECM platform or a business solution to solve a specific business problem.

Customization (The ECM Platform Story)

Suppose you've spent your $100k on an ECM platform. Now it's time to get started building your solution. The versatility of most platforms means that the options are endless. You can manage large complex problems like managing new drug submissions to managing employees' personnel documents.

Without a preconfigured solution, the discovery is up to the deployment team. The solution needs to have roles created, document type defined, document keyword identified, and workflows need to be created. Ahead are weeks to months of discovery to define your solution.

The Software to Services ratio or Services vs. Solutions ratio comes to play. This ratio states that for every $1 a customer spends on software they will spend an exponential value of dollars to get the solution they need. In the early days of ECM/ EDMS, this ratio was roughly $6 to $8 in services for every $1. Today, vendors are trying to get to $1 to $1. In reality, most deployments are between $4 and $2 in services for every $1 in software.

Even this number gets skewed if the focus is on rate cards rather than skill sets. Cheaper rates aren't always better. The service dollars used in the comparison needs to look at the team's experience in both the platform being used and the solution being developed. Finding someone that understands both the technology and the business problem is worth the potentially higher hourly rates.

Configuration (The Business Solution Story)

Now suppose you've spent your $100k on a business solution. Now it's time to configure your solution. The solution is already focused on the specific business platforms. The most common roles, document type, keyword, and workflows have already been identified and created based on best practices from several other customers. Your specific deployment may need some configuration but most of these solutions are ready for this.

These configurable or low-code solutions get much closer to a $1 to $1 services vs. solutions ratio. The services team already understands not only the technology but the business problem as well. The consultant joins your configuration workshops not only understanding what the different configurations are but often what those changes will mean to the business.

The real challenge here is making sure that the configurable solution is really configurable. That a solution already exists and that's it's not just a collection of "best practices from prior engagements." An early stage strawman proof of concept should be an easy effort with a configurable solution.

The New Content Solution Reality

With a little digging, customers looking to manage business problems can find solutions that are already to meet those business challenges. A few of these options come from ECM platform vendors themselves. Some others come from the ECM vendor's partners. Many more solutions come from the business user ecosystems. For instance, here's what I found in Legal Contract Management. The decisions to solving content challenges can include less custom code and more configuration.

In the long run, I believe that the business solutions vendors and ECM platforms will come together through partnerships and mergers. Just look at Records Management and Imaging Solutions which were once separate solutions and are now part of the ECM platform. Or look at Oracle, which offers both a relational database to solve any data problem and specific business solutions like E Business Suite or PeopleSoft.

----------------------

Marko Sillanpaa
www.BigMenOnContent.com

Rate this blog entry:
0
0 Comments

3 Truths to Work With (or Against) When You Have to Change Minds

If you've been paying any attention to my posts, columns, and presentations, then you know just how important I believe – nay, I know – managing change is to the success of any information venture. So it won't surprise you to learn that I resonated like a tuning fork to a few of the concepts published yesterday in Fast Company that had nothing overtly to do with information governance.

1. "Many people form their opinions, at least in part, based on whether they think others share those opinions."

The need to "fit in" is hardwired into the human psyche, no doubt because, millennia ago, being outcast from your tribe likely meant your early demise. Today, the risks usually are much less dire, but the instinct to conform persists nonetheless. (Watch this social experiment for a light-hearted look.)

This reflex reaction can be harnessed to your advantage by gathering together like-minded individuals and utilizing that old sales technique in which you ask questions to which you know the answer will be "yes": "Don't you want to be able to find information faster than you do now? Don't you want access to the information you need regardless of which system it lives in? Don't you want to use a technology that lets you work the way you always have?" Properly orchestrated, people's opinions will become self-reinforcing in the direction you desire, and the first part of the battle will be won.

2. "The more frequently you encounter a piece of information, the more favorably disposed you are toward it."

Long substantiated by professional political panderers, this particular principle maps precisely to my time-honored catchphrase "change management = marketing" because it's all about repeating your message, to all of your intended audiences, as often as you can get away with. (This is the underpinning of the marketing Rule of 7, which posits that people need to see a message at least seven times before they will consider taking action.)

In enterprise information terms, this means constantly and creatively promoting the tangible business benefits of the work you are doing (or wanting to do). It means repeatedly distilling those benefits into definitive answers to users' critical question, "what's in it for me?!" It means not talking about "SharePoint" even if that's what you're using, but referring to something more generic so as not to worry the technophobes in the crowd. And it means staying away from uneducated guesstimates like the one made famous in the 1983 movie Mr. Mom: "Yeah, 220, 221. Whatever it takes."

3. "Thanks to handy 'unfollow' and 'mute' buttons, we get to choose what bits of information to attend to."

This may be the toughest nut to crack because we can't control what information people choose to actively filter out. Someone who really doesn't want to accept your new way of organizing information, engaging in a business process, or participating in some other data-based activity will simply delete your emails, block your social media memos, or ignore you at the water cooler.

The trick is to couch your message of change in terms of some other communication that he or she may very well want to hear. Just as we wrap doggie medicine inside a yummy treat, so we need to embed our new best-practices in something alluring – perhaps an invitation to a company-sponsored special event (a ballgame, a show, a trip) that is open only to those who, say, tag/move/manage some significant percentage of their emails by a certain date.

At the end of the day, what you're after is an organization full of people who are receptive – or at least not openly hostile – to the changes you are trying to make. The good news is that human psychology in this regard is fairly well understood. The bad news is that it can be quite challenging to work with and work around. Hopefully the 3 Truths adapted here will help ease your way.

What other techniques have you used to change minds and behaviors in your organization? What worked? What didn't? Let's talk about it.

==========================
Steve Weissman | 617-383-4655
- The Info Gov Guy™
- Member, AIIM Company of Fellows
- Co-Founder,
Information Coalition
- Follow me on Twitter! @steveweissman

Rate this blog entry:
2
Recent Comments
Julie Hudak
Real change happens most effectively when people see the WIFM benefits and go through the change with someone holding their hands ... Read More
Thursday, 09 June 2016 20:19
Steve Weissman
You are so right, Julie! I'd even go as far as to suggest that focusing on the people aspect of change is not just a huge benefit ... Read More
Friday, 10 June 2016 13:52
2 Comments

Amazon Users Hit with Fake Emails Distributing Ransomware

Yet another ransomware strike focusing on Amazon customers was discovered last week utilizing a fake sender address. Funny enough, the attack has started just when the new study indicates that the majority of computer users are unaware of ransomware threats and how to handle them.

Security researches inform of phishing email messages which have been delivered to customers presumably originating from Amazon official website and the sender email looking like auto-shipping@amazon.com.

Supposedly, you will not find any single word in the body of the message, just the subject line which reads: "Your Amazon.com order has dispatched." The elements that cuase the problems are the actually the attachments, that look like MS Word files.

At the time the files were examined, it was discovered there was no content inside, just macros. Email recipients are triggered to allow the the material inside the attachment and so the macro codes are executed.

In particular, the malicious payload happens to be the Locky ransomware, which targets and locks all types of user documents. The original data files are wiped and swapped over by the encrypted documents renamed and the .locky extension added. New encrypted files are all stored in the same folders just like the original documents. Needless to say, people are later requested to pay out the ransom to obtain their files back and recovered.

The new report from Kaspersky Lab, shows that 43% of computer users have no idea what ransomware is, in spite of its present-day excessive distribution. A comparable group of users (44%) stated they didn't realize what information or data may be damaged during a ransomware assault.

Furthermore, it's not a strong concern for tech-savvy population born after 2000. Only 13% of Millennials stated they were concerned about ransomware plague on the whole.

Additionally, a lot of respondents do not understand how to act during a ransom attack. The study discovered that 16% of North Americans believe unplugging the PC or turning off the smart phone might put an end to ransomware. And a tiny quantity actually hoping negotiating with the hacker is a good approach to eliminate the problem.

Rate this blog entry:
4
0 Comments

The Human Face of InfoGov

Solution marketeers and alarmist analysts love to flash the red lights of litigation support and audit compliance when making the case for information governance. But the problem with this is that neither of these reasons speak to the one Really Important Motive that lies at the end of the infogov path:

To better serve/enable/empower people, be they customers, prospects, employees, or other interested parties.

Cases in Point

This point was sadly and forcibly driven home to me in recent months as I cared for two terminally-ill family members. I've already touched on a couple of examples (see When Paper Is The Best Technology and Just the Fax, Ma'am), and here a couple more:

  • The funeral home that couldn't find the pre-paid paperwork and, after being provided with my carbon copy, defended itself by saying, "oh, that was done under the old owners." As if that justified the days-long halt they called to making the final arrangements.
  • The same funeral home that couldn't find another client's file folder and sent two staffers on an obvious office search, during which they loudly asked within earshot of everybody present, "has anyone seen the [family name] file?" Privacy? We don't need no stinking privacy.
  • The hospital ICU nurse who missed a critical bit of medical information because it was recorded on a piece of paper "that is a different size and color than I've ever seen before." Apparently reading is not fundamental.
  • The rehab facility whose blood-testing machine returned a result so far from normal that the technician thought the patient must be dying or dead – only to discover that he was exhibiting no symptoms at all. Couldn't be that there was something wrong with the machine, could it? Nah – better to rush the tube-fed, dialysis patient to the emergency room instead.

I could go on, but I won't for fear of offending more sensibilities than just my own. Suffice to say that these infogov-related incidents were painful for the family and disruptive to the institutions involved, which then had to spend time and effort addressing what went wrong.

Oh the Humanity!

I'd like to say that this story has a happy ending, that the funeral home, the hospital, the rehab facility learned their lesson, but they didn't. It's clear to me that the powers-that-be in each of these places – as is the case in so many – are more concerned with being right than with doing the right thing. The shame of it is that they could make some relatively small changes in their information-handling and make life better for both themselves and their constituents. But I'm sure they won't.

And that's a shame, because, to me, THAT is what infogov is really all about.

==========================
Steve Weissman | 617-383-4655
- The Info Gov Guy™
- Member, AIIM Company of Fellows
- Co-Founder,
Information Coalition
- Follow me on Twitter! @steveweissman

Rate this blog entry:
0
0 Comments

Locky Ransomware Virus Is on the Rise

Locky does not hesitate encrypting files on any PC it has managed to compromise. In the case of landing into a network computer, the virus tries to reach every drive available in that network. The aim is obvious: the rogue tries to prevent access to as many items as possible. That makes it especially dangerous for corporate networks. 

The infection has been propagating in the wild at varying intensity. Quiet conditions could last for long. They are always replaced with periods of increased activities. 

The virus hits users worldwide. Observations reveal it may abstain from encrypting files for the computers registered in certain regions. 

As the Locky virus is available as a service, its distributors may adjust malware behavior. The developers of this ransomware sell it to their affiliates. The infection is available at a number of darknet forums. Access to those forums is restricted, but basically, even kids manage to get there. It is but a matter of some simple tricks and persistence. 

The forums offer the infection on pre-paid and affiliate conditions. There is also an option to adjust a range of presets determining the malware behavior. For instance, the virus anyway detects IP of the affected machine. A distributor of the infection may disable its installation for IP's corresponding to certain locations. 

Distributors of Locky are also free to set the ransom amount, payment deadline, encryption details etc. 

The ransom virus applies a complex scrambling algorithm. That involves generating a key. The key gets destroyed after having being used to encode data on the affected machine. Its only copy is available on the remote server. 

Besides, the key applied to encrypt data may differ from that required to decrypt it. If that is the case, we deal with asymmetric encryption. The encryption key becomes useless in terms of decrypting the data. 

Once Locky completes its encoding campaign, it issues a file with instructions for the victims. The users are prompted to purchase the decryption key. The key is to be purchased with Bitcoins. The transaction shall complete in TOR browser. 

There is no guarantee the crooks are to provide the victims with the key. Too many intermediaries are involved, scrupulosity of each being very poor. Needless to say, transferring the ransom provides further incentives for the scam development. 

Locky removal is recommended. However, it shall follow only after proper recovery campaign has completed. The suggestion is to stick to ransom-free methods.

Rate this blog entry:
1
0 Comments

When Paper is the Best Technology

Picking up where we last left off

You know that I'm a huge proponent of using electronic technology instead of paper to improve process efficiency and collaboration. But recent experiences with various eldercare institutions have again reminded me that sometimes the best technologies are no technologies at all.

Physician, Heal Thyself

The particular use cases I am talking about involve getting particular pieces of contact and care information to stick in my father's medical chart. Procedures are scheduled but I am not notified; doctors' orders are written but nurses don't know about them. And each time I call to rectify the situation, I am told "I will put it in his chart so this doesn't happen again."

Well, guess what I learned the other day? His chart is electronic. You would think this would make everybody's job easier, but it doesn't. What they really need is a simple yellow sticky note that they can scribble on and tape to the inside of the case folder. But what they have is fancy new technology that makes it well-nigh impossible to add or access such a thing on the screen.

The result is a constant revisiting of the same issues, with different people all promising the same (ineffective) fix.

"Less Paper" Good, "Paperless" Maybe Not So Much

It's hard to tell whether the underlying cause is a lack of training, an absence of awareness, an underpowered system, or a simple dearth of creativity (how about we write things on the whiteboard in his room?). Whatever the case, it's another great reminder that there's plenty of room for paper in our future, and we shouldn't rush to eliminate it just because maybe we can.

==========================
Steve Weissman | 617-383-4655
- The Info Gov Guy™
- Member, AIIM Company of Fellows
- Co-Founder, Information Coalition
- Follow me on Twitter! @steveweissman

 

Rate this blog entry:
0
0 Comments

Supporting Organizations

  • Adlib
  • Box
  • GlassIG
  • IBM
  • iManage
  • Optismo
  • Seclore
  • Valora Technologies
  • William B. Meyer
  • Zia
×
Get The Latest, Delivered To Your Inbox
×

Get Our Email

×
Follow Us On Twitter