John Mancini Should Thank NSA

By Daniel Antion posted 10-08-2013 13:15



I’m sure that I’m not the only one who has heard AIIM President and CEO John Mancini give a presentation in which he has predicted the decline and eventual demise of email as a business communication tool. I’m equally sure that I’m not the only one who snickered and wondered if John was willing to put some money on the line. Suddenly, I think John may be onto something.


Two weeks ago, the company I work for held our Annual Policyholders Meeting. On the last day, as some of my colleagues were sweating under the Florida sun, I was meeting with several of our customers who use or want to make better use of our Internet-facing SharePoint server. My sessions covered a lot of ground: available features, how-to and a tour of the libraries we’ve built were staple topics. These were generally well received, but when I received questions, they tended to focus on security and the hot-topic of the day, supply-chain security. “How are you protecting my information?


Of course I talked about the credentials we provide, the typical access patterns we recommend, the SSL certificates and the other elements of security we’ve long had in place. That was all acknowledged but it wasn’t enough. “What about inside your shop, who has access to my information?


I explained the types of processes we have in place for granting and reviewing access. Again, acknowledgement, but some wanted more. Three very interesting questions came up that might have surprised me 6 months ago, but which now are becoming more and more common:


“What can you do to restrict what authorized people can do with this information?” The prime suspect activity they hope to prevent is email. The concept that:

we are sharing a document in a managed and secure collaborative repository but we don’t want it moving beyond that repository

is emerging as a key element of supply-chain management of information assets.

What type of retention policy is enforced against the information we share with you? This was interesting because they understood that they can delete this information any time they like, but they wanted to know what we could do to automate the destruction of information that should have limited transactional lifespan.

What are you doing to keep this information out of a bunch of inboxes? This wasn’t actually aimed at SharePoint, or our web-based portal. This was aimed at our employees and the employees of our customers. One customer went so far as to say that they would prefer that we did not make our secure email option available to their employees – “we would prefer that you encourage them to use the SharePoint solution.” The “after you make those enhancements” was implied.

I’ll admit, I didn’t speak to a lot of our customers but this was the first time I have heard these requests at our policyholders meeting. I have heard speakers at events advising me and others to ask these questions and to take precautions to secure our information supply chain, but I’ve never received the request.

Ironically, nobody was upset about the things I told them we weren’t doing. They agreed that this is a new twist, the next step perhaps, and they were willing to accept that I was willing to consider the requests and implement where possible, the controls they were asking for.

As we consider these requests within our organization, I think email will find itself moving closer to the bottom of the list of options for business communication.

#SharePoint #Security #privacy #confidnetial #E-mail