I read with great interest a recent CMSWire blog posting from Joe Shepley of Doculabs entitled, “I’ve seen the future of ECM, and It’s Not ECM.” In it, he argues that, “the balance of power in ECM is shifting away from IT and records management and towards information security,” or more specifically, the Chief Information Security Officer (CISO).
In one sense, I agree with Joe. Traditionally, ECM has been about managing information that exists within the four walls of an organization. This was of lesser importance to a CISO as the majority of content was locked away behind the corporate firewall — no more or less secure than the rest of the enterprise’s data and information. However, more recently, enterprises have begun to realize the very real benefits of leveraging content outside the corporate firewall, to enable improved customer experiences, increased collaboration with business partners and greater transparency with regulators and other third parties.
Additionally, with the increase in mobile devices and the growing need for mobile access to information, particularly amongst knowledge workers, content (and data) is increasingly being exposed to users outside the enterprise. This is the reason why ECM has now become a priority for information security. Quite simply, information – and content – drives the business and organizations need to find simple and secure ways to share this information with external users, be they customers, constituents or an increasingly mobile and distributed workforce.
However, Joe makes the argument that the CISO should “own” ECM. And, clearly, the CISO is a key stakeholder; but, I would argue that, while CISO is becoming increasingly aware of and engaged with ECM technologies, it is only because ECM – and particularly next-gen ECM – is being increasingly used to help organizations transform digitally, extending the use of content well beyond the traditional boundaries of the enterprise.
And, whether this is about empowering knowledge workers, content-enabling the customer experience or driving collaboration across the enterprise, I believe this is the domain of the business. In this circumstance, the CISO must partner with the business to enable these new, content-centric use cases while ensuring that vital information, like patient medical records, remains absolutely secure. Ultimately, the need for electronic patient records isn’t about security, it’s about providing clinicians with the information they need to deliver exceptional care.
As I noted, the title of Joe’s piece is, “I’ve seen the future, and it’s not ECM.” Next-gen ECM has to stop being about “managing” content. It has to stop simply being about restricting access to information, or ensuring effective retention, records management and compliance. Next-gen ECM ultimately isn’t about the repository, it isn’t even about security, it is about enabling access to information – content – whenever, wherever and how it’s needed to move the business forward.
Joe states that ECM is perennially one of the top enterprise priorities, but it isn’t ever the top enterprise priority. I would argue that it should be – not because of the increased risk to security – but because it is simply invaluable to needs of the business.