Continuing to answer some of the questions left outstanding from our recent webinar on the Market IQ on Content Security ( freely downloadable at https://www.aiim.org/article-industrywatch.asp?ID=33810 ). View earlier Q&A postings via the tag aiimQ&A on my blog, as well as Carl's blog (TakingAIIM).
Any further questions or commentary to this, please feel free to comment here on the blog. If you have examples (good, bad, ugly) that apply to the topic, or contrary experiences/opinions, please share them - there is much to be discussed!
Q: Are you seeing that a governance model or conceptual security framework is not there for organizations but technologies are there?
A: Organizations tend to not lack for technology, but inevitably lack from frameworks, governance, and strategy to wield their technological investments in an orchestrated and coordinated manner.
In some industries, particularly those that are affected by governmental or industry-based compliance/regulation needs, frameworks and governance may indeed be in place, but overall these are still early days.
Our educated guess as to why this is the case? In some ways frameworks, standards and the like can be felt as stifling to an organization - whether that be to the IT group, or to business units. On the other hand, complete freedom can be immensely draining, as you have no pointer as to where to start or stop.
Perhaps the issue is that it can be seen as overwhelming to simply leap directly to the ultimate standard in content governance, just as it can be felt, when moving from a largely manual process, to a smoothly coordinate business process management (BPM) system.
For those who fear that the journey is long and the ultimate goal unattainable, it may be useful to take the CMMI maturity model, or for that matter Geoffrey Moore's technology lifecycle adoption lifecycle to heart. Simply put - you cannot expect to take your organization from birth to adulthood in the space of a day, perhaps a year, or even two, from a governance/risk perspective. The key is to build foundations, and to grow upon those foundations as you progress/mature in your collective understanding and ability to handle further change.
As expressed in the Market IQ on Content Security report itself ( freely downloadable at https://www.aiim.org/article-industrywatch.asp?ID=33810 ), if security solutions do not help to provide "guide rails" that facilitate security as a normal course of business, but rather require individual workers to apply security (such as encryption) manually, of their own volition, then that security solution is more likely to be avoided and/or hinder the business.
At this point in the evolution of business tools, we should all be insisting that our tools revolve us as users, and business processes, rather than around individual actions or systems. Security (especially) needs to be fully integrated and automatic, as security as an afterthought almost guarantees that security does not happen.