Tuesday, October 25, 2011

Security Makes Things Hard

Consumerization of the enterprise is sweeping the technology world today. Just look at all the unsupported iPads, iPhones, and Macs around your office. Employees are more and more frequently discovering that the cool technology they use at home can be used quite effectively in the office - with or without IT support. Enterprise software is not an exception.

Content management often gets compared with the consumer experience. No, I am not talking about the design elements of the user interface. Those are usually based on highly personal and often hard to define user preferences. I guess, some folks might even like the ribbons in Office... I’m talking about the interaction, the process of creating, collaborating on, sharing, and using content.

Take search, for example. How many times have we heard that we would like to see enterprise search be just like Google web search. But trust me, you don’t want it the same. On the Web, Google has it easy. It’s finding content that wants to be found. In fact, the content often really, really wants to be found. Some content owners want their content to be found so much that they spend millions of dollars on search engine optimization (SEO) and on Google ads to make sure their content can be found on the World Wide Web.

In the enterprise, nobody is search-engine optimizing their documents to make sure they can be found. You can also not pay Google to make sure your document called “Corporate Strategy” will be found every time somebody tries to search for those words. The search engines are working much harder to find the relevant content. Only metadata and proper classification can help - and most organizations struggle to handle metadata consistently. But wait, there is another major challenge in the enterprise: security.

All my Facebook friends could see this post...
For security reasons, we often don’t want every user to find every relevant content. In the enterprise, some users are not privy to certain information and thus they should not be able to find the documents. In fact, they should not even be able to see the document titles in the search results as the document names alone could give away too much information. Just imagine your employees finding a document titled “Corporate Restructuring”. To prevent that, the result set has to be filtered by permissions before sending it back to the requesting application.

This post on our internal deployment of OpenText Pulse was only visible to a few.
Another example that shows how content in the enterprise is different is social software. When you upload a file or link on Facebook, Facebook announces it to all your friends or followers. In the enterprise, that is yet again not acceptable. When I upload a file called “Acquisition Proposal”, only those of my coworker-followers who have the permission to see such a document should be alerted about it by the social software. You must not have to select a predefined group or circle of friends; it has to happen automatically - the software has to validate the user permissions before showing the alert to anyone.

Enterprise software is different. Security makes it much more difficult to expose the right information to the right people which is critical in the enterprise. Actually, I’d argue that security is quite important in the consumer space too and I hope that the technologies related to security and privacy make the jump from the enterprise to the consumer world. Consumerization of the enterprise need a bit of ‘enterprization of the consumer world’.

