Tuesday, September 26, 2006

Consulting 101

Well I have been doing this for long enough that you would think I would know better, but of course I don't.....recently I have had a kick in the pants due to ignoring the basics of consulting, so here is some motherhood and apple pie advice from a chastened Alan..

  • Be clear from the get go (in writing!) who the client contact is, and if there is at anytime somebody (on the client side) suggesting that they instead 'own' the project, stop in your tracks and get written clarification...
  • If the client changes the scope midway - document in writing that this has changed (whether this involves extra costs or not)..
  • If the deliverable that you agreed in the Statement of Work is no longer desired or required, ensure you have in writing a change notice, if not the original deliverable stands...
  • Be very careful when you give 'free consulting' - it is seldom appreciated in good spirit, and quickly becomes expected..
  • Always remember that your job is to call the baby ugly if that's what it is, but even if you have been brought in to do just that......don't expect a pat on the back when you do the deed..
  • Discovery sessions and workshops are always confidential - whether stated or not. Otherwise there is little incentive for anyone to give you the hard facts.
  • Never ever share your notes from discovery sessions with your client...
Need I go on? Consulting isn't for everyone, but there are methodologies and there are commonly followed practices that help. I personally love the discovery, analysis (and at times the confrontation and education) that consulting involves.....but when you don't follow your own advice, its painful - and the goodwill you have invested in personally and professionaly can go in an instant!

Tuesday, September 19, 2006

Some excellent discussions on BPM/ECM on this Blog!

Some great blog discussions here - links below (really!):



Open Source ECM

Phil Ayers, Apoorv, John Newton, George P, James McGovern, Walt, Kevin, Deshetc etc please accept my apologies, since putting in a monitoring function for comments its all gone pear shaped.....I didn't know you guys had been posting comments (I didn't see them) so just thought I was unloved :-)
I have tried to ensure all your comments are now published, along with my response if there was one........

There are a bunch of others worth reading around India and Rendering (not rendition to India!)
all frankly much more interesting than my original blog entries :-)

Monday, September 18, 2006

The 'E' in ECM & ERM does not stand for 'Everything'

The reason we instigate records management or enterprise content management projects is to take control of business critical information. So understandbly efforts are focused on identifying that information and building processes/lifecycles/rules around it so that we will be able to better manage and extract value in future....right?

Well only partially right...and I suspect that one of the reasons that RM/ERM projects fail so often is in part because of this approach. Think about it this way.....when you garden, you plant flowers/vegetables/trees whatever and tend them. Yet 80% plus of the work in a garden is to remove and control the plants, that you do not want - weeding them out, cutting them back whatever. Only a small percentage of time and effort is spent directly on the plants you do want.

Its the same with documents - most of your time, money and effort will be spent on ensuring that you remove unwanted content, and continue to build barriers to it coming back and growing and taking hold again.

When you install a new system for managing content, do you simply migrate everything you have to it? Surely not, for logically a great deal of work should have been undertaken to ensure that only pure, accurate and relevant business content moves. Otherwise you are in some senses almost literally sowing the seeds of a project disaster.

In practical terms it is worth considering that in a successful project fully half or more of your costs will go on business analysis/consulting activities that are not technology related. Activities such as identifying business critical info from the rest, purging stale and outdated content, defining and agreeing business rules and processes etc.

As I like to say - you cannot layer order on top of chaos (sorry but it just won't work) - and when it comes to the accuracy of the information we use in our business task, there should never be any ambiguity as to whether this is the right, most up to date and correct data available.

The E stands for Enterprise - and Enterprise Content is the stuff the Enterprise needs to do its business, and if definately does not need mountains of duplication, errors, junk and irrelevance.

Thursday, September 14, 2006

S1000D - approach with caution!

S1000D is apparantly going to rock the technical publications world, and according to one commentator "has gained noteriety in the USA.." not sure if this is what the commentator meant, or he was simply using a big word that he didn't fully understand.

But frankly it is gaining some noteriety in my home office - as I have had it up to here with S1000D, and what it does or does not mean.

I am assuming those of you who have no idea what S1000D is, will have left the page by now, but in the interests of courtesy let me quickly explain:

S1000D is a European technical specification that has been in development since the mid 80's. It is common in Europe particularly in Military and Aerospace, and is just now starting to catch on here in the US. Its a well meaning specification, that tries to give guidance as to how to modularize technical publications. How to construct and create large technical manuals, into small components that can be re-used. That at least is what it tries to do, but from my limited exposure is also capable of causing more trouble than its worth.

Take for example the concept around these data modules, that they should be 'self contained'. Its the sort of thing that appears on the surface to be logical and obvious, but fall's apart when viewed from different perspectives in the process. You can technically manage data in a database down to a period or colon, but can you manage the business processes that are by default attached to all these items? Oh yes, particularly in engineering circles, everything needs to have a process attached to it and to go through a proper comment and approval cycle.

S1000D appears to be written by well meaning data architects, who have never spent time to consider the differences between structured data and unstructured content. In supporting software products that are spinning off in support of S1000D is emerges as configuration management (ala Merant or Serena) for content. Yet the worlds of engineering and manufacturing should have learned painful lessons already about the limitations of PLM in process or detailed compound documents in Pharma for example - the lesson being it only works up to a point.

I am the first to declare that it's all data at the end of the day - but text needs to be in context, just as a diagram on an engineering drawing is meaningless if not seen in context with supporting data sheets.

Its probably too big a topic to rant about on a blog - but like many specifications before it, S1000D needs to be seen in context (just like the content it addresses) - it will allow you to fragment content items to a tiny degree, however it does not suggest that you actually do that. Simply, it suggests that content re-use is a good thing (agreed) modularization of content (to reduce duplication and redundancy) is a good thing (agreed). It also provides a structure for you to manage that resuable modular situation.

But to what level you section content is a decision you (or your industry) needs to make, its a decision that will take into account all the business processes and dynamics surrounding compliancy, authoring processes, usage models etc first.

S1000D in its drive to apply consistent metadata to content, to push for greater efficiency and the ability to share is a good thing. But like many good things, it needs to be taken in moderation.

As this is a bit of an obscure area I though the following might be of some use. A list of software firms with products supporting S1000D (just a list not a recommendation!)


Tuesday, September 12, 2006

Alfresco announces records Management.

Alfresco today announced the release of an open source records management module. Link

For sure Ian Howells and John Newton are starting to shake up the staid world of ECM, and frankly this is a lot more interesting than reflecting on who might buy who and when.

Records Management is close to my heart, I am a big believer that it is the basic housekeeping tasks of RM (and DM) that bring order to the chaos. Too many firms (as I often reflect) are fixated on finding quick fixes to massively complex issues, often in the guise of Search tools that promise the earth, when frankly its the basics that need to be addressed, like it or not.

(Though not strictly OpenSource, it should be noted that 80-20 Software in Australia already offer an excellent Compliancy solution as a free download for Sharepoint environments).

Alfresco as I say are shaking the ECM world up, it is a world that takes a lot to be shaken, last time it was the emergence of Interwoven and Vignette (along with Broadvision, ATG and ePrise etc) in the height of the dot.com boom as potential threats that last shook the industry up. And to coin a corny phrase, the ECM majors are currently being shaken, but not fully stirred yet by the waves that Alfresco are starting to make.

But all in all, Alfresco plus the low seat cost Oracle Content DB are the two biggest dynamics for us watchers to watch. Both of these challenge the status quo, and will elicit a response at some point. But its still early days, and we are yet to see what that response will be. Though the most likely in time is a drop in regular license prices, and maybe even changed business models to stay competitive, and hopefully much more open approaches to ECM.

What Alfresco needs most is a worthy direct competitor - and though Nuxeo is one to note in Europe - another needs to emerge to validate this approach. At the same time as Nuxeo and Alfresco posit OS versions of traditional approaches, differing methods to dealing with ECM needs are starting to evolve. Some (like Oracle and Microsoft) looking at the database, others such as Instasecure in India are proposing new ideas at the document level. All of these new approaches still need full validation, but as I have written many times, the goal of ECM is not to deploy a single product set across an entire enterprise, it is to bring order and efficiency to the management of information across an enterprise.

All of these approaches are probably valid, none is a silver bullet in its own right, but more creative solutions to the managing documents will I emerge, in fact I think they already are emerging.

Thursday, September 07, 2006

The futility of online security....

I got ripped off this week on eBay - as did a bunch of others (many of whom probably don't realise it yet). In short I collect fine art photography, and eBay can be a good source. What appeared to be proofs or press prints signed (autographed really) by Helmut Newton (not a photographer or style of photography I would normally collect ironically) were on sale at a low, but not ridiculously low rate. I bought six - to find out that they were cheap and nasty computer forgeries. I am down about $300 - and the scamsters are probably up many thousands by now...

This painful and annoying performance led me to reflect just how easy it is to commit crimes on the web. It's interesting (I think) to reflect that such a scam as this was near impossible to pull off (on this scale) prior to the Internet. For one thing the forgeries would have had to be a heck of a lot better than these. The scamsters used psychology, and imaging technology to make crude forgeries appear very convincing on the screen. They also used simple psychology and the skills of old fashioned con-artists to pull in the buyers. Most security issues relating to technology fall into this category, and yet we spend little time doing anything about this.

Whilst at Ovum I wrote a commentary on the futility of much computer and internet security technology. Its not that you shouldn't use security features, simply that in the main crimes are committed using good old fashioned con's and techniques. The 'crackers' that the IT community loves to obsese about, generally do little damage other than to expose security flaws in commercial software, that only other crackers and hackers would have the wherewithall to do anything with. Its a circular mini industry of software developers doing their level best to develop secure software, 'crackers' exposing their mistakes, developers developing patches, and security focused technology vendors making a buck on the side.

likewise the theft of credit card information generally falls into three categories:

  • It is copied/stolen from a secure location by somebody with secure access to it
  • It is inadvertantly lost by somebody leaving a laptop containing the data somewhere it should not be (like a bar for example)
  • It is a genuine transaction for a potentially embarrasing transaction (online porn for example). This small transaction provides details used for larger illegitimate transactions - though typically still small enough to ensure the owner of the credit card will not put up too much of a fuss (blackmail or sorts)

All of these rely on people screwing up, and technology can do little to prevent these things happening.

In fact technology at times, far from making life more secure, actually provides a highly efficient platform for crime. With ever more data stored little control or regulation, that platform can only become more efficient. In particular I think the likelihood of Internet blackmail will become more prevalent. The incidences of small credit card fraud above is a worrying new development in this direction. There will always be a thin line between freedom and security, but I for one think that there is too much data held on too many people, by organizations who have little moral or in some cases legal rights to have it. We freak out when credit card information is lost to criminals, but I really do think worse is looming.

What my eBay experience taught me is that if something looks too good to be true, it probably isn't true. And also to trust our instincts more - for you see what really caught me out here was that I trusted eBay (not the seller), despite nagging doubts that in a one to one situation would have led me to walk. Security is at the end of the day our business, its our job to ensure that we are secure - and it always has and sadly always will be the criminals job to catch you unawares. Likewise holding vast amounts of personal data on members of the public is huge responsibility, with potentially cataclysmic fallout if it ends up in the wrong hands. Yet anyone in this industry knows that few firms in possession of these vast data mountains truly appreaciate the burden of responsibility on their shoulders.

There appears nothing much that eBay can about my scam - I have been in touch with the Helmut Newton Foundation and am currently helping them track down these miscreants, but likely they will get away with it. As many more will in future....