On-Premise is an architectural deployment decision (On-premise vs. Cloud). It defines where your software would physically be deployed, and the access and connectivity options available to you. It’s a decision that has to be taken in context of the rest of your enterprise architecture landscape and your long-term design strategies.
Software-as-a-Service (SaaS) is a licensing model and, if you are comparing it with anything, it would be with Perpetual Licensing which has been the traditional IT licensing model for many years. This relates to how you are going to pay for using the solution: Pay a large sum (usually) up front as capital expense (Cap-Ex), and you own a perpetual license to access the solution forever. It is then your choice if you also pay and an annual support fee as an Operational Expense(Op-Ex). But the license to use the software is yours forever. Alternatively, in SaaS, you pay a much smaller amount per user/per month (all Op-Ex), which is flexible as your requirements change. In the SaaS model, you don’t actually own any licenses you are effectively “paying rent” only for as long as you are using the solution. This has nothing to do with where the solution is physically deployed.
And just to confuse the definitions even further, SaaS is also sometimes used to refer to the responsibility for administering the systems and supporting the solution. Typically, in a perpetually licensed environment, the license owner is responsible for the administration of the solution (or a third-party, if Application Management has been outsourced). In the SaaS model, the administration burden typically lies with the solution provider, not the organisation paying for the services.
The confusion has come about by the fact that, most commonly, perpetually licensed software tends to be deployed on-premise and managed by the license owner, whereas SaaS software tends to be deployed on cloud and administered by the service provider. But it does not have to be that way: Theoretically at least, there is nothing stopping you from deploying your perpetually licensed software on a private cloud, instead of on-premise. There is also nothing stopping you from negotiating a SaaS payment model with your software vendor, even if the software is deployed on-premise.
So the question of “On-Premise vs SaaS” usually implies: “On-Premise, perpetually licensed, self administered VS Cloud hosted, Pay-as-you-use, provider managed”.
And I’m not even going to start talking about what this implies for private vs public vs hybrid clouds and Single instance vs Multi-tenant architectures, which are also often lumped under the “SaaS” moniker, even though they have nothing to do with SaaS.
I know the differences are semantic but, as Information Management professionals, we have a duty to be clear about the terminology we use. Our clients have more than enough to be confused about, we don’t need to make it any worse.
P.S. As my good friend and fellow pedant, Chris Walker reminded me, the correct term is “On-Premises” not “On-Premise”. He is right of course. There is no excuse for bad English either! :-)
Two days ago, IBM and Box announced their new partnership. It’s big news in the ECM and EFSS space, but not earth-shattering in the grand scheme of things. However, looking at the twittersphere and blogs, it seems to have created more buzz than other similar partnerships in this space. There are good reasons why: The partnership seems to bleed into other technology spaces – Collaboration and Analytics being the most obvious ones – and everyone is trying to read between the lines of the announcement, to understand the motivations, benefits, impacts and strategies underlying the move.
The announcement was not altogether a surprise. Maybe the specific tying of IBM to Box was unexpected, but a major move of this type in the EFSS market was very much predicted by pundits, including Chris Walker, Apoorv Durga and by yours truly. Following the original partnership announcement however, and Box’s own blog, I have read many comments on the impact of the announcement including Cheryl McKinnon, Jake O’Donnell, Alan Lepofsky, Michal Lev-Ram, Steve Lohr etc. Many others will surely follow in the next few days.
I want to share some additional thoughts on what this announcement means and its potential impact.
Not an acquisition – yet
Let’s start with the elephant in the room: Three years ago, this announcement would have read very different. IBM’s acquisition spree was in full swing, and acquiring someone like Box would have been an obvious and easy target. IBM’s cash wallet however has since zipped up and, with few exceptions, partnerships are the flavour of the day. I can’t help thinking however that, unlike the Apple and Facebook partnerships announced previously, this is more of a “try before you buy” type of partnership. Also, Box’s market penetration and revenue is very much dependent on their other partnerships, competitive to IBM, so an out and out acquisition would have crippled that revenue. This is a very modern, poly-amorous affair…
Impact on Enterprise Content Management
The announcement focuses on three distinct IBM software areas: Content Management (IBM ECM,) Analytics (IBM Watson) and Collaboration (IBM Connections). I don’t have insight as to which of the three groups led the discussions, but I can certainly see the most direct impact being in the ECM portfolio, so I suspect it started there.
IBM’s Content Navigator on Cloud, which includes IBM ECM’s existing EFSS functionality, was developed directly on SoftLayer. Its market share however, compared to the on-premise version, has been minimal. Rather than trying to compete with Box, this partnership brings a dominant cloud market footprint, which gives IBM a shortcut into extending the rest of its ECM portfolio to a cloud audience.
The jewel in that portfolio’s crown would be IBM Case Management, allowing Box customers to easily layer line-of-business functionality on top of their existing content footprint. IBM recently announced availability of IBM Case Management on their development cloud and, presumably, that will soon be followed by a true instance of cloud-based Case Management. Bringing Box, and their market footprint, to the same infrastructure platform provides an excellent jumpstart for true SaaS process management for IBM.
Capture and Imaging are an obvious feed mechanism for ingesting Box content, but I don’t see that being a dominant business driver here.
Information Governance on the other hand, in the form of StoredIQ, creates a much more exciting proposition: Just like SharePoint in the past, Box “estates” have had little or no visibility of what corporate content is actually being stored in the cloud, what risks it exposes, what disposition schedules it is supposed to follow, who it is being shared with, or how it is preserved. StoredIQ can help address all of these issues for existing Box users by analysing and cataloguing existing content (using both metadata and Content Analytics) and then forcing governance actions to regain control over that content. Huge opportunity for IBM sales, and a great boost in Box’s credibility in the Enterprise world. It would be very interesting to follow how the messaging develops alongside Box’s own Governance announcement just a day before the partnership, especially as it overlaps with IBM’s own Records Management and eDiscovery functionality.
Impact on Collaboration, Analytics and Enterprise cloud
Alan Lepofsky has already covered the Collaboration angle in detail. The key here is to notice that Box may be directly clashing with the IBM Connection Files EFSS offering, but less so on the true collaboration functionality of the IBM Connections platform and its Social Business messaging. To all intents and purposes, it’s another content repository to store content in and, just like for ECM, provides a good footprint for IBM in the cloud market space to use as an upsale opportunity.
IBM Content Analytics (previously part of the ECM portfolio, now part of Watson) offers an interesting twist: Frank Gens (IDC) said that “This deal is largely about using IBM’s artificial intelligence on the corporate content in the Box service […]”. I am not sure it’s largely about that, but it certainly has a role to play: I have no doubt that Box sees this as a huge marketing attraction in its efforts to woo Corporate markets, but I don’t see as much of a benefit for IBM. It’s another content repository to farm, and a very messy one at that. The value of this exercise is predicated on governance being applied to the content first to minimise ROT, and on finding real life use-cases where this “artificial intelligence” (or, more accurately, natural language processing analytics) will provide true insight. It remains to be seen if the huge volumes of content currently held in the Box cloud, have much more insight to offer than just duplication of content that is available on file systems and other on-premise repositories.
The final little gem in the announcement is “Enterprise Cloud”. This has potentially huge implications for both parties: By moving their content to IBM’s SoftLayer Cloud infrastructure, Box are gaining a great, geographically distributed, cloud footprint that is underwritten by one of the biggest names in the industry. Not only it offers a great credibility boost for the Enterprise market, but it also allows Box to concentrate on the product functionality leaving IBM to manage the back-end infrastructure. IBM on the other hand, gets a sudden and immense content load transferred to its Cloud platform, significantly increasing its market share (in both volume and users) over its cloud platform competitors. Win-Win for both!
It will be very interesting to see how much the Box partnership penetrates the rest of IBM’s software group. Besides ECM, Connections and Watson, there are several other parts of IBM’s software portfolio that could potentially take advantage of this deal. IBM Process Management is currently integrating to content repositories mainly through CMIS. Will they target the Box user base for line-of-business solutions? Asset Management, Risk Management, Digital Marketing, Customer Experience, eCommerce, all have a need to store and share content, and it’s almost guaranteed that a lot of that content currently sits in Box. Will they also try to connect?
Speculating, just two days after an announcement, is a dangerous thing. We will know in the next six months how realistic any of these ideas will be. But I can see why this partnership made sense, on paper at least, for both parties and for our market.
Some of my old FileNet friends reading this article will smile… I realised today to my surprise, that it’s over 11 years ago that this simple concept was first articulated, and went on to form the basis of our compliance messaging, transitioned into IBM after the acquisition, and was presented in many conferences and briefings. The result of a quick brainstorm before a breakfast briefing for Bearingpoint, at an off-site annual kick-off session, the picture on the left is a scan from my original notebook where it first appeared, in January 2004. I have evidence of this still being included in presentations as late as 2011. In the world of PowerPoint slides, does that make it a classic?
Now, it may be an old message, but it is as valid today as it ever was. And since I’ve never written about it in this blog I thought it was worth re-introducing it to a whole new audience.
What does a company need to do, to be compliant?
There are three very fundamental and very explicit stages for an organisation to achieve a “compliant” status. These apply equally to every vertical industry, be it Banking, Insurance, Telco, Retail, Pharmaceutical, etc. And they also apply equally, if “compliance” refers to regulatory compliance in a Nuclear plant, financial compliance, or Health & Safety at a local school.
Step 1 – The Present: Become compliant
What do you need to do today, to comply with the rules and meet the regulations? What changes in procedure, what risk controls, what equipment checks, what training? This stage includes designing and implementing everything that a company needs to put in place, to be able to certify that today, it is compliant with each regulation the law currently subjects it to. Implementing this stage requires the company to (a) identify and understand which regulations are relevant and what they are expecting (b) identify possible areas and processes where the company is at a risk of not compliant with the regulations, and (c) implementing any changes necessary to remove those compliance risks.
Step 2 – The Future: Remain compliant
This is the part that is often forgotten, and ends up costing organisations millions in fines: Looking at the future. Becoming compliant is not enough, it’s just the first step. As an organisation, you need to ensure that compliance is sustained consistently in the future. That every system, every procedure and every employee remains within the controls and guidelines specified by the legal regulations or the company policies. At a manual level, this involves regular training for employees and regular testing of all the various controls and devices implemented in Step 2. The best way to implement Step 2 however, is automation. Putting in place systems and processes that not only monitor the company’s compliance, but that enforce it. The less a company relies on individual employees to maintain compliance the less likely it is to fall foul of compliance breaches through human error. Automation reduces training requirements, reduces management overheads, and it reduces wasting operational cycles for testing and reporting.
Step 3 – The Past: Demonstrate compliance
The final part of the process is looking at compliance retrospectively: Are you able to go back to a specific point in time, and demonstrate to a regulator, and auditor, or even a customer, that you operated compliantly. Are you able to shoe what decisions were made, what policies were in force, who made the decisions and what information they had available to them to support that decision? This is all about Records Management and audit trails. It’s about maintaining evidence of your compliance that is complete, accurate and irrefutable. Preparing for that retrospective compliance review in the future, should be a core part of the design of any compliance system implemented today.
So the meme Become – Remain – Demonstrate (or even “Achieve – Sustain – Prove”, as the alternative version that our U.S. marketing folk seemed to favour) summarises the three key steps that you need to remember about structuring a compliance programme. If you are faced with a new regulation, new management, or even a new mandate to create or replace IT systems for compliance, use these three steps to validate if your compliance strategy is complete or not.
What makes a true leader?
I read a lot of articles on leadership and I find the use of the word “Leader” to be so vague and inconsistent that it often loses its meaning altogether. It’s most often used interchangeably with the word “manager”, when a manger leads a team of people.
I believe that Leadership is a special quality, rather than a skill. It can be nourished and honed, but I am not sure if it can be taught. Most people would instinctively recognise a true leader, so what are the key characteristics that distinguish them from an otherwise excellent manager?
- Vision – A true leader is able to look beyond the current obstacles and issues and understand the longer term objectives. Create a strategy that works to achieve long-term goals and harnessing creativity and innovation to succeed.
- Courage – A leader is prepared to take risks. Decisions that challenge the status-quo and can often be controversial. A true leader knows that failure, is a key part of the learning process and not only tolerates it, but actively embraces it.
- Communication – A leader listens and shares. True leaders are compulsive communicators and educators. They bring people on board by being open and communicating effectively and continuously. The only way to effectively lead change is to make people buy into the same vision that you are working towards. And the only way to achieve this is if you are prepared to actively listen and consider your team’s views and honestly share your thinking.
- Empathy – True leaders lead from within not from the front. One of the most fundamental differences between a typical manager and a true leader is that a leader considers himself, or herself, to be part of the team not managing a And more importantly, the team have to see them that way too. A true leader invests time in understanding the individuals in the team and has a personal relationship with them. A leader sees the team as a collection of skilled individuals, where everyone contributes their own unique qualities and skills. The better the leader understands the strengths and issues of each team member, the more valuable that member becomes to the team.
- Inspiration – True leaders inspire the people that work for them. A true leader enjoys respect and trust from his team. Nothing brings more cohesion in a team than having a common vision that everyone believes in and a leader who they trust and look up to.
- Passion – A true leader is never on a two-year career rotation plan. A true leader has passion for the goals they try to achieve, the product they are launching or the project they are driving. They build a loyalty and a commitment to that end-goal, defend it passionately from any detractors and consider it their own personal target. A leader is not able to walk away from a job until the goal is achieved.
I have met many managers in my life, but very few true leaders. I have even been on “Leadership” courses where the emphasis was on reporting structures, defining metrics, resolving conflict and performing peer assessments, but nothing on how to be an effective leader.
Organisations – particularly large complex organisations – need to take a hard look at their management structures and executive careers: Do they have mechanisms for identifying, encouraging and rewarding true leaders? Do they promote young people with leadership qualities or are they left festering in minor projects? Do they appoint pivotal positions based on leadership skills or just seniority?
And let’s all start using the term “Leadership” more accurately, not as a euphemism for management.
I haven’t written much about cloud because, frankly, I don’t think its as revolutionary as people think and because the demand for it has been largely vendor induced. Whatever you think about cloud however, it is here, it is a driving force, and it will continue to be a conversation topic for a while.
I wrote on a previous article (Cloud and SaaS for dummies), that cloud is like a train: Someone else has to maintain it and make sure it it there on time, all you have to do is buy a single ticket and hop on it when you need it. At least that’s the oversimplified theory… For Content Management however, the reality is a bit different: When you get on the train, you don’t carry your bookcase, your briefcase and your children’s photo albums with you, and you certainly don’t leave them there expecting them to be available and in tact next time you hop on the train. You take the train to go from A to B, and you keep your personal belongings with you.
The train analogy works well for Software as a Service (SaaS) cloud models, but not for Content.
The financial argument of SaaS is compelling: Buying software capabilities on demand moves the financial needle from CapEx to OpEx; the total cost of ownership reduces, as support costs & administration skills burden the provider; technology refresh secures ubiquitous access; and economies of scale dramatically reduce infrastructure costs.
Microsoft, Google, Apple, Box, Dropbox and every other ECM and Collaboration vendor, are offering content storage in the cloud – often free – to entice you to move your content off your premises, or off your personal laptop, to a happier, more abundant and more resilient place, which is all good and worthwhile. What isn’t good, is the assumption that providing storage in the cloud (or as I’ve seen it incorrectly mentioned recently “CaaS – Content as a Service”), is the same as providing Content Management in the cloud. It is not!
We (the ECM industry) have fought for years to establish the idea that managing content goes a lot further than just storing documents in a file system. It requires control: Security, versions, asynchronous editing, metadata, taxonomies, retention, integration, immutable flags, workflow, etc. etc. Unfortunately the new fad of EFSS (Enterprise File Synching and Sharing) systems, is turning the clock back: Standalone EFSS environments, are just another way for users to bypass IT and Security controls (Chris Walker articulates this very well in his article You’re out of your mind).
Now, before you jump on my throat and tell me that EFSS came about exactly because of the straitjacket that compliance, governance and ECM have put organisations in, let me say, “I know!”. I’ve lived and breathed this industry since it was born, so I understand the issues. However, we (ECM and IG practitioners) risk throwing out the baby with the bathwater: Ignoring EFSS and all other file external sharing mechanisms is dangerous, at best. Blocking them is impractical and unenforceable. Institutionalizing them (as Chris suggests) adds a layer of governance over them, but it does not solve the conflict with the need for secure internal repositories and regulatory control.
So, what if you could have your cake and eat it too? Instead of accepting EFSS as an externally imposed inevitability, why not embrace EFSS within the ECM environment? Here’s a revolutionary idea: Why not have an ECM environment that incorporates EFSS capabilities, instead of fighting against them? An ECM repository that provides the full ECM control environment we know and love, as well as keeping content synchronised across all your mobile and desktop devices, so that you can work
I try to stay impartial on my blog and refrain from plugging IBM products, but in this case I cannot avoid the inevitable: IBM Content Navigator offers this today (I don’t doubt that other ECM vendors are or will be offering it soon).
What we are starting to see, is the evolution of proper “Content Management as a Service – CMaaS”: Not only storing content in a cloud and retrieving it or sharing it, but offering the complete ECM capability, including sync & share, offered as a cloud-based, on-demand, scalable and secure service.
Why should organisations settle for either an on-premise heavy-weight ECM platform, or a light-weight low-compliance cloud-based sharing platform, when they can combine both?