business insights
table of contents
1 11 19 26 34 37 8 smart ways to manage documents Work smart: managing documents in the cloud working smart in a mobile world 5 strategies to get buy-in for document management 8 steps to manage success get efficient with smart insights into documents 8 Ways to look at content management systems the cloud, not a crock security & Data protection for online document management software author bios
technical insights
43 51 57 68
This work is licensed under the Creative Commons Attribution-NoDerivs 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, CA 94105, USA
by: knowledgetree
smart ways
manage documents
to
How many documents, spreadsheets, and presentations do you handle in a day? Two? Five? A dozen? Now multiply that across your entire organization. Thousands of proposals, invoices, contracts, and other documents are created, edited, and shared by your teams every 24 hours. With so many documents generated each day, how can you effectively work with colleagues to co-author a document? How can you be sure that a proposal has been validated? And how can you store, locate, and share the right document with your team?
introduction
Document management solutions have arisen as a way to address the challenge. Typically these tools are used to overcome the document chaos that many legal, finance, HR, and operations professionals feel when confronted with tens of thousands of files. But how do you choose and implement the right document management solution for your organization? Lets walk through 8 steps that will help you select the tool that is right for you.
define objectives
Before managing documents, you should know what a success means. Some common goals for document management are: > Increasing productivity by streamlining document led business processes. > Increasing efficiency by helping users to quickly locate and share documents. > Reducing paper consumption by connecting document management tools with fax servers and scanners, keeping all documents electronic. > Promoting collaboration by allowing teams to work together to coauthor documents. This can radically increase quality as colleagues insights can be included and managed. > Ensuring compliance with regulatory regimes by securely storing and monitoring access to documents. Regardless of your goal, by beginning the process here you can better understand your criteria for selecting a tool.
Cloud-based software has the advantage of a predictable, generally lower cost. These tools tend to be easy to use, quick to deploy, accessible from any internet connection, and intuitive for users. And since cloud infrastructure is managed by a specialized team, there is a strong regimentation of security and up-time protocols. However, there may be a loss of customizability in some tools. And cloud-based tools that lack desktop synchronization or mobile tools will be inaccessible when there is no internet connection.
cloud-based software has the advantage of a predictable, generally lower, monthly cost.
identify requirements
Now, we can move into the evaluation of which document management solution makes sense for your organization. There are many functional attributes beyond deployment models that you should consider: > Your search capability should allow you to search within a document and within metadata to allow you to quickly find what you and your colleagues have stored. > Collaboration among team members has been identified as one of the most critical elements of a document management tool. With activity feeds and the ability to share ideas, your documents are enriched. > You want to ensure that you have access to your documents on a global basis, wherever you need them. Internet-powered tools allow you to easily access documents from any connected device. > Security is always important. Are there tools for ensuring user authentication? Are there offline backups and other disaster recovery protocols? With the right requirements identified you can better choose the right system.
> If your team is a heavy user of Microsoft Office, integration into that suite makes sense. This typically allows you to download the latest version of a document, edit or co-author it, and check it back in without version conflicts. > Documents that must be periodically reviewed can be better managed with alerts. Alerts can be set at specific times or for lengths of time to notify you or a team that a document must be reviewed. > Managing the lifecycle of a document so that the correct people review, contribute, and authorize a document before it is completed is a key attribute for many users. > Finding a document among tens of thousands is not easy. You need to be able to assign rich descriptions that help users locate what they need.
Because many users will access the document management tool via Microsoft Office, its important to integrate with the suite.
10
ensure adoption
The proof is in the execution. You need to make sure that your teams are effectively using your document management solution. Typically, a network effect occurs with document management: as more people use the technology, more people are attracted to it. To ensure adoption: > Make training available through online training and discussion boards. That lets people get comfortable with using a tool. Of course, the more intuitive a tool is, the simpler this step becomes. > Communicate policies to co-workers so they understand the taxonomy and policies for your document management tool. That will ensure that organization gets off to a good start. > Start collaborating and sharing. The network effect will get going when you start including colleagues in your process. So, share your documents. Include them in the editing and content creation process. Make sure that the right people are incorporated into document lifecycles.
8
When your organization depends on documents to be well-controlled, you need to implement a document management solution. Following these 8 steps and best practices, you can successfully choose and launch tooling and rein in document chaos.
by: knowledgetree
11
work
smart
12
13
cloud as an approach
Cloud-based solutions have emerged as alternatives in recent years. Their economies of scale and anywhere availability have made the cloud mainstream for business use. The scale of the cloud means that mid-sized companies and teams within larger organizations can get enterprise-class functions at a lower cost. And they can get started much faster, without the hurdle of hardware and other capital expenses. Document management as a process has also capitalized on this trend, with cloud-based technologies now available. As with any tool, it is important to evaluate how it fits into your organizations processes. This section steps through how a cloud-based approach can help you regain control over your document led business processes.
manage documents
14
creating documents
The lifecycle of a document often begins with a group effort. Teams may submit different threads of content, edit it, and add refinements and comments. These teams are often spread across multiple offices, and may even be in other geographies. As a result, the flexibility of cloud-deployed tools becomes a valuable asset for creating documents. Simply emailing copies of documents between parties leads only to version chaos. Similarly, relying on shared drives in the cloud or on your network is an unmanaged approach and only leads to more complexity. An alternative is to co-author documents online. Frequently used technology lets users access a browser-based document editing tool to add and modify content as they would in a standard word processor. This is especially useful for users that are highly mobile and when teams are widely spread, as cloud-enablement avoids VPN issues and makes distance irrelevant.
15
Similarly, some cloud-based document management tools offer integration into Microsoft Office. This permits users to create content and share it via the cloud without leaving the tools they are used to. Document management tools without this integration, cloud-based or otherwise, are less likely to be adopted by users. After all, changing processes is difficult and it is important that a good solution not get in the way of use. Many documents are created not by a single user or team of users, but en masse. For instance, you may have large volumes of invoices that are automatically generated. Or, you may need to scan and store paper-based files. Or, documents may arrive from a fax server. An effective cloud tool will integrate with fax and scanning servers to automate the import of files into the document management solution.
16
manage processes
Because documents are often generated by multiple people, it is important to control their lifecycle. That means establishing workflows that documents can follow from creation to completion. With some cloud-based document management tools you can establish workflows and automatically enter documents into a controlled approval process. The cloud assists this process by allowing even remote approvers to review and OK documents via the Internet. Documents are living entities that change over time. So, users need to stay on top of change. As new content is added to a proposal you need to know whats changed, and revert if necessary. You should be able to subscribe to documents of interest so you can stay on top of their evolution. Again, accessibility of your documents via the internet lets you quickly spot unwanted changes, or access the latest version as needed. Also, documents often have specific timeframes attached to them. For instance, a budget may need to be reviewed at a set date. Or, a contract may need to be renewed on a certain day. Document alerts should be available so you or your team can be prompted when a review is needed. Because documents evolve over time, you should look to share insights from team members in order to help enhance document quality. So, you should have commenting capabilities and usage tracking to monitor what colleagues think about a document and how it can be improved. The cloud again provides an ideal collaborative platform, as users can connect and comment from anywhere and ensures that you have analytics to spot new content and stalled processes.
17
organize documents
Documents are created to be used. That requires that they can be easily found by your colleagues. To do so, your documents should be well organized. Typically, this involves creating a structure based on folders. So, you may have a finance folder and accounting, audit, and so forth as sub-folders. The structure will of course depend on how your organization consumes information. But some documents apply to multiple folders, defying a strictly hierarchical approach. That is where web-like approaches to organizing documents can be valuable. For instance, tagging documents with descriptions allows documents to be grouped based on several topics. So, a new hire document could be grouped under HR, Company Policies, and Employee Tools, all at the same time. Tools should be smart so tags can be customized to your wn model. This approach to organizing documents lets users browse for what they are interested in, or using a search function to locate what they need. Good tools have advanced searching capabilities that search in document names, descriptions, or even in the document content itself. For instance, within the text of a PDF document.
18
access documents
The highest quality document is useless if it cant be easily accessed. Here, cloud-based tools are particularly useful. The global nature of the cloud means that authorized users can simply login to their vault and view, modify, or download documents. On-premise document management tools often suffer from an inability to access documents when on the road. This can be especially crippling for auditors, accountants, lawyers, and other business users that frequently travel or work offsite. Sharing documents with colleagues is an important element here. Tools that allow you to share links or send files as attachments are relatively standard. But it is important again that access is available. A link is irrelevant if the recipient is on the road and cant access it. Cloud-based tools offer that accessibility. At the same time, when dealing with sensitive documents it is important to monitor how a document is shared. Auditing the accessing and sharing of a document helps avoid compliance issues. Analytics can help here too by surfacing relevant content to the right users. Document management is a necessity for finance, accounting, HR, legal, and other document intensive professions. It helps users to efficiently organize and structure the knowledge within their organization. The cloud enhances this capability by boosting collaboration, sharing, and access to documents across even global teams.
by: knowledgetree
19
20
21
A good practice here is to use tools that plug-into Microsoft Office. Some document management tools provide you with the latest version of a document directly from your vault via Microsoft Excel, PowerPoint, Word, and Outlook. In advanced tools, users can even review prior document iterations and see user comments on those versions without leaving Microsoft Office. Critically, the tooling must control content as multiple people work on a document. It must detect version collisions and notify users when others have modified a document. This allows users to resolve and merge their contributions with ease. The globally distributed Project Galaxy team has now successfully created the draft proposal document. Its time to start sharing it with other colleagues. Some document management tools allow you to share files as attachments or links back to your vault. Business users should be careful to look for solutions that allow users to share with groups of co-workers, like all members of the Project Galaxy team and related executives.
integration into microsoft office tools simplifies the co-authoring of documents across global teams.
22
Once opened, Stephen reviews the document and decides he wants to take another look while on the plane. You should look at document management tools that permit use even when disconnected, for instance by saving your document to a secure vault locally on your device. Even while sitting in the lounge Stephen has some ideas about how to improve the presentation. He must be able to, for example, modify metadata that describes the document. He may want to re-categorize the document to make it more searchable. Stephen must also be able to easily share the presentation, even when on the road. So, once satisfied with his review, Stephen shares the file with the executive team with a few simple clicks on his mobile device.
smart tools like group sharing, workflow management, and alerts are critical to help keep remote teams informed.
23
24
25
users must be able to access, view, manage, and share their documents from wherever they are.
Todays highly mobile business world means that team members must have access to their documents at all times on the road or at the office. And just as important, they need to be able to work together to create and improve their documents from wherever they are.
by: knowledgetree
26
strategies
document management
Its no secret that todays businesses generate a massive amount of information in a variety of formats. Even small and medium sized businesses or corporate departments deal with an unprecedented quantity of documents that must be stored, managed, and shared across teams or across the enterprise.
buy-in
for
to get
27
introduction
Individual and team productivity are not the only things that suffer when documents cant be located, versioned and guided through a defined business process. Government regulations in many industries and privacy laws in many countries set strict mandates on the treatment of records. Companies risk fines and penalties if they are not in compliance with a wide range of laws and regulations surrounding document storage and retrieval.
Anyone who has ever worked in an office knows the frustration of sharing documents with colleagues. Without a centralized repository, documents are usually stored on individual computers and emailed around on request. When an individual leaves the company, his or her store of knowledge and documents often leaves too. Documents are also subject to loss from hard drive failure if regular backups are not performed. Approaching document management from a business context will ultimately yield the results that business managers and end users really want - improved access to information to support business activities and improved productivity.
document management software is one sure way to bring order to document-led business processes.
28
tangible benefits
> Improved productivity and more efficiant business process. > Reduced cost through adherence to optimized document workflow processes > Reduced risk of non-compliance to government regulations due to established document retention and management guidelines > Rapid return to productivity following a disaster or data loss due to centralized document storage > Reduction in costs associated with maintaining paper filing and storage systems > Elimination of the cost of re-creating lost documents > Secure, controlled, remote access to documents via the Internet no matter where an employee is located
intangible benefits
> Reuse of existing content saves time, promotes consistent branding and eliminates errors > Higher document quality and integrity result from improved review and sign-off processes, versioning and check-in / check-out > Improved employee satisfaction and morale through access to the right content at the right time > Lower email churn and bloat as employees stop using their inboxes as mini-document repositories > Retention of knowledge assets and overall improved access to corporate knowledge > Improved customer service through faster access to accurate information > Higher levels of security through password protection and document encryption
Now that you understand the benefits of document management software and what it can do for your organization, you will now need to persuade key decision makers to purchase a solution. These strategies will help you approach those decision makers in the right way and with the relevant information required to guide their decision in your favor.
1
ampion h utive c e exec urage th ld enco n and shou nicatio teams who commu among ideas. ening list ferent ave dif may h
29
2
Edit and co-author documents online or via Microsoft Office
30
31
#1
32
5
a careful study of best practices helps avoid known pitfalls. Take time to learn from the mistakes of others.
33
by: knowledgetree
34
analytics
35
36
implementation
by: knowledgetree
37
get efficient
into documents
with smart insights
Your business depends on documents to get work done. Sales builds proposals and contracts. Marketing creates new collateral and templates. Finance approves invoices and agreements. And each process depends on documents, spreadsheets, and presentations.
38
Some companies use a shared folder to address the issue. But as your organization grows, it become time-consuming to filter through hundreds of documents to locate what you need. Other organizations look to costly enterprise content management solutions to manage their documents. But the challenge of working with complex systems leads to frustrated users, and documents that still cant be found. Your documents shouldnt be stored only to be forgotten. They need to keep adding value.
39
40
41
42
8
by: lee dallas
43
dimension 1
dimension 2
componentization
For OTG solutions there is a school of thought that assumes a desire to scale horizontally, driving discreet capabilities to separate modules. Over-componetizing a product however increases complexity and implementation risk. There is a point of diminishing return when it comes to breaking a package into deployable units. Buyers are often unaware of how many pieces the puzzle is actually sliced into. The other side of the issue is just as problematic when one realizes that there is a choke point in a data flow long after the license agreement is signed. You have to understand the component architecture of the products and ensure that the level is appropriate to both the problem at hand and your ability to support it.
ITC content management tends to avoid component complexity for core services. Some address extensions by adopting the app store strategy pioneered in the consumer market. Leveraging third party application extensions to cloud services however introduces a different set of risks including but not limited to security and long-term provider viability.
2
44 v v
45
dimension 3
content storage
All content is not created equal. The same is true for requirements and the software you select to meet them. On premise content management systems offer a variety of techniques to store the actual files. But how a product reconciles content management to storage management has significant implications in performance, scalability, cost and data integrity. From BLOBS to optical to NAS to SAN, the options for combination and restrictions are endless but make sure that the mechanics for I/O are appropriate for your business problem. There are some products that simply can not handle extremely high volume ingestion and retrieval. Extremely large files and rich media types (video, audio, etc) also factor into making an appropriate selection. There are certainly products that attempt the one stop shop approach but there are installations and requirements that may lead you to conclude specialization for a given requirement is preferred. Beware of pseudo CMS systems that do not address this as a concern and dont distinguish between storage and content management. Simply writing to a file system may be appropriate but can quickly become compliance and performance nightmares if you dont understand the true nature of the content being stored. This is one category where the lines between ITC and OTG can begin to blur as on premise applications can leverage cloud services for the storage of the files themselves.
46
dimension 4
dimension 5
transport layer
HTTP is not particularly efficient when moving exceptionally large data files. Technologies to support streaming audio and video are everywhere but surprisingly few content management systems efficiently deal with large contiguous files efficiently. CMSs that grew up never having to deal with multi-gigabyte content transfer issues on a global scale will immediately dismiss this as not being an issue, hoping that everyones comfort with the internet will lull them into a false sense of security. You have to understand the dynamics and metrics around the content that you will be managing and understand how the infrastructure of the CMS will support it. There again, if all you are doing is posting tiny text based wiki entries then HTTP is all you will ever need. For cloud implementations this is an especially important topic. While you may save on internally managed systems, the complexity and expense of upgrading a network to accommodate routine movement of extreme data sets outside of your organization can be equally challenging.
5
47 v v
48
dimension 6
scalability
I recently evaluated a product and was surprised to discover it did not support horizontal scalability. They only supported an active/passive single instance model. What surprised me most was that it had not affected their sales. The product was for a very specific set of users and so long as the application server was properly configured performance was not an issue. Despite the scalability concerns I had to admit that it was a right-sized architecture for the problem at hand. Having worked for one of the largest retailers in the world I had experienced first hand how scale can crush an otherwise promising product. It is overly simpleminded and expensive to force galactic scalability requirements on every product and solution. Dont assume you need infinite scalability in both the horizontal and vertical dimensions, especially for on premise solutions. Understand the right-size for both your hardware and software architecture. ITC solutions might appear to be preferred in all large scale deployments but it is not that simple. Evaluation of scalability represents an intersection of requirements from other areas and it is useful to think of the needs of a project as a whole before considering how it is manifested in the underlying categories (database, transport, storage, etc.). In short, scalability should not be the only or even the primary driver for favoring an ITC product.
dimension 7
security
There is no way to avoid understanding at least the basics of application security when evaluating a software product. It is not enough that the product has a sophisticated security model with the ability to integrate with directory servers and create multi-dimensional optimistic and pessimistic access control. Two aspects to product security should be considered regardless of deployment model. Application implementation and coding practices. You must take responsibility for understanding the risks and the costs for securing the data that your system manages and how the product you select will mitigate those risks. Like the right-size argument noted above, pragmatism must be applied. Not all content is important. Be reasonable and beware the simpleminded approach of over-engineering that can often accompany large initiatives, especially when they suggest a rewrite of the core product.
7
49 v
50
dimension 8
user experience
Clearly this list is not in order of importance. Many of CMSs failures are blamed on this dimension not being sufficiently considered. User elation may help ROI but you will never cost justify a project based on it. Producing and managing the content in a compliant and efficient way has to be first. No user will be happy if the system does not work. It is undeniable that bad user experience will kill adoption. One could argue that is the same as not working but you must balance the politics and human inertia effectively. Implementation of a successful CMS will change the way people work. User satisfaction cannot be measured by how little a given users routine changes. Regardless of the approach, ITC or OTG, there is never change without resistance. The products you select should mitigate the resistance, accelerate adoption and serve the business needs that justified the project in the first place. Taking ownership and preparing for the technical evaluation as well as the business evaluation of a product will improve your odds at being successful.
51
cloud, crock
not a
It was just over a year ago when a younger, more naive Jon declared the The Cloud is a Crock. Well, Im a little wiser now and Im overjoyed to report that, in fact, it isnt. Cloud Computing is very real, and something you need to know about. I HEART clouds. In my defense, when I wrote my blog post a year ago, 98% of the time the phrase The Cloud was used it was by people that didnt have a clue what it meant. This has now dropped to 44% which means that, more often than not, you should listen to people that say it. Sadly, the number is still about 85% for people with the word Sales or Business on their business cards, so continue to ignore them. And the Wikipedia entry, while improved, is still is desperate need of an update.
the
52
public clouds
So what is Cloud Computing? There are lots of definitions out there. But lets distill the essence of Cloud Computing by listing things that Cloud Computing is that good old Hosted Services (*aas) and Grid/Utility Computing are NOT. They are:
infrastructure services-offers a wide variety of platform services multi-tenancyresources shared by a vast set of users usage based pricingvery fine grained scalability-ramped up (with no cap) or down in near real time programmabilityprovisioning can be accessed via software virtualisationmachines are virtual, not physical
cloud computing
grid/utility computing
hosted *aas
yes
no
no
yes
yes yes
sometimes sometimes
sometimes no
no no
yes
sometimes
no
no
yes
no
no
no
maybe
maybe
maybe
maybe
53
An App Server provides a Java Application ways to access resources like storage, memory, caching, queuing, messaging and more all with a standard API. A Cloud Computing API offers access to all of this, and more. Plus an API to allow the programmer to provision more resources. However, unlike the JEE example, the APIs to different cloud providers isnt yet standard. But this is what people like The Open Cloud Consortium and Unified Cloud Interface Project are working on. But I talked about this last time. Back then, however, I didnt have a clue what kind of APIs they were trying to standardize. Now Im no expert in this area, after all I was one of the Great Cloud Unwashed a meager year ago. So the next table that Ive thrown together to illustrate Cloud Capability no doubt has plenty of errors and omissions. So please correct me and Ill update it. If something like this already exists somewhere in the interwebitutes, I couldnt find it.
54
capability
infrastructure provisioning nosql database Relational database blob/doc storage caching queuing messaging/ notifications data processing payment cdn public datasets
Microsoft azure
Windows Azure
SQL Azure
n/a
App Engine Data Storage (Google File System) memcached Task Queues
n/a
Google MapReduce
n/a
n/a
55
v Very random aside if you dont know what memcached does, read the best ever overview of a technology ever written An Adventure In Learning memcached. Once you grok the Cloud Computing model, it becomes clear that this model introduces many questions around security and privacy. Im getting rather weary of people saying they dont like the idea of putting data on cloud services (and *aaS services like Google Docs and others). Theyre statistically far more secure than internal networks. There are also interesting commercial models and legal questions but, seeing my blog isnt Jon On Commerce or Jon On The Law, Ill leave those alone for now.
56
But enough of my blabbering. To keep abreast of all things cloud, follow these peeps on Twitter. They keep me in the know:
Christofer Hoff (@Beaker) James Urquhart (@jamesurquhart) steve clayton (@stevecla) Joe Drumgoole (@jdrumgoole)
by: knowledgetree
57
As organizations transition documents and company information to Software as a Service (SaaS) applications that are no longer inside their own firewalls, inevitable questions about security and data privacy arise. Every company that trusts a third-party with data storage should fully understand the security and data privacy measures in place to protect sensitive information.
58
introduction
Security refers to both physical infrastructure such as the data center where the documents are stored and the application features that provide passwords, encryption and secure data transfer. Security features ensure that the system is not compromised, either via direct physical tampering or via malicious external attacks. There are also security features that protect data within the organization by keeping it on a need-to-know basis only. Data privacy is the concept that the personal and sensitive information pertaining to an individual should be treated in a certain fashion to prevent its misuse. There are guiding principles as to how personal and sensitive data should be treated, and these principles are codified in the data protection and privacy laws of many countries. For example, the language of the European Commission (EC) Data Protection Directive (95/46/EC) has been incorporated into the laws of European countries.
59
physical security
Some vendors use infrastructure provided by Amazon Web Services (AWS) for application hosting and data storage. So, their online offering often uses the Amazon Elastic Compute Cloud (EC2) for application processing, and the Amazon Simple Storage Service (S3) for document storage. Amazon provides a regularly-updated paper on its security features that is available here: http://aws.amazon.com/security
60
data Centers
AWS has many years of experience in designing, constructing, and operating large-scale datacenters which are housed in nondescript, hardened facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access datacenter floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. All physical access to datacenters by AWS employees is logged and audited routinely. AWS requires that staff with potential access to customer data undergo an extensive background check (as permitted by law) commensurate with their position and level of access to data.
61
application security
Application security refers to the features and measures that are built into the cloud application to guard against threats, attacks and vulnerabilities. Many involve user name and password requirements, encryption, limitation on sign-in attempts and the use of roles and permissions to restrict access to certain data and documents.
1. passwords
Some tools allow full integration with Microsoft Active Directory (AD) via LDAP. This allows those organizations using AD to ensure that established password complexity and reset rules also apply to their document management tool. It also allows system administrators to manage authentication and authorization for both the tool and the rest of their enterprise network in one place. Even without Active Directory integration, some tools have the following measures in place for passwords: > Require users to possess a unique userID, company name, and password to ensure that those who access the system are authorized to do so. > Inform users of an error when they fail to enter valid credentials (company name, user name, or password); a generic message prevents an unauthorized user from gaining information from sign-in errors. > Show password characters as dots on the login screen so they cant be viewed by anyone nearby.
62
2. encryptions
An important attribute for a tool is to provide encryption of documents in transit via SSL. The protocol allows applications to communicate across a network in a way designed to prevent eavesdropping and tampering. It also provides endpoint authentication and communications confidentiality over the Internet, so that documents sent from a client workstation to the document management service are secure.
63
64
65
For example, the Data Protection Act of 1998 codifies the EU principles into law in the United Kingdom (UK). Although not a member of the EU, the Personal Information Protection and Electronic Documents Act (PIPEDA) brings Canada into compliance with the requirements of the European Commissions directive on data privacy. The United States sees privacy differently than the EU, and in fact, there is no single or overarching right to privacy in US law. Rather, different types of privacy rights have been established on a case-by-case basis by the US Supreme Court through interpretation of various constitutional amendments. Many individual states also protect privacy and data to varying degrees. Because of these differences, the US has not incorporated the EU principles into federal law, which initially put the US at a disadvantage when dealing with European nations and citizens. One particular provision of the EU regulations states that data may not leave the EU unless the receiving or hosting country ensures adequate protection for the data, equivalent to that of the EU. To help US entities ensure this adequate level of protection, the US Department of Commerce, in consultation with the EU, created what is known as the Safe Harbor framework.
66
Organizations have the ability to self-certify and publicly state that they comply with the Safe Harbor framework. Self-certification must be renewed annually, in writing, with the US Department of Commerce. All organizations that have completed self-certification are listed on a public website at https://www.export.gov/safeharbor. Amazon has already obtained a safe harbor certificate for their infrastructure and services. Because some vendors serve global customers, and their online document management system may contain personal and sensitive information, KnowledgeTree must, and does comply with the EU principles via the Safe Harbor provisions. Compliance is typically specified in privacy policy and supported by organizational practices. In addition to self-certification, some vendors have received thirdparty verification of privacy practices through TRUSTe, a leading Internet privacy services provider (www.truste.com). The TRUSTe badge on a website lends extra assurance that the vendor takes privacy issues seriously and has earned safe harbor status. It also provides customers with an unbiased mediator if there is a complaint regarding privacy practices.
67
conclusion
Moving data offsite to a third-party provider is not a trivial decision. Some vendors understand their customers security concerns and actively address them in the ways discussed in this paper: > Use of Amazon as a cloud service provider because of its commitment to maintaining military-grade security of its facilities > Integration with Active Directory to enable individual organizations to extend their own password and security structure to their implementation > Use of SSL for encrypted transmission of documents > Roles and permissions that provide granular access at the file and folder levels > Regular backups of customer data and the massive redundancy inherent in the Amazon cloud > Adherence to the principles of data protection via the Safe Harbor
68
KnowledgeTree authors:
author bios
69
jon marks
Jon has spent the last two years deeply involved with tablets. In 2010, he led all architecture and development work for NewsCorps multi-channel publishing initiative, Project Alesia. Jon has recently co-founded a new company, Kaldor Group, which specialises in tablet publishing and advertising. - twitter: @McBoof - blog: jonontech.com - skype: McBoof
Lee dallas
During his eighteen years in technology Lee has worked with a broad range of corporate business problems including technical publishing, product and records management. Currently a solution architect with EMCs Alliance Partner team, he was formerly an architect and for Imaging and Content services at Delta Air Lines, Senior Architect for Content Management and Collaboration at The Home Depot, and a principal consultant with Armedia,LLC. - twitter: @ldallasBMOC - blog: bigmenoncontent.com
what is knowledgetree?
KnowledgeTree makes documents matter. Orbitz, Miramax, Alcatel / Genesys, Fuji Chemical, and hundreds of other companies use KnowledgeTree to drive productivity by working smarter with documents. KnowledgeTree helps legal, finance, HR, and sales teams easily develop and execute business processes around documents, and drive productivity and actionable insight.
This work is licensed under the Creative Commons Attribution-NoDerivs 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, CA 94105, USA