Tuesday, June 17, 2008

Two Articles in Enterprise Search Sourcebook

I’ve got two articles in the Enterprise Search Sourcebook. One is a profile of the A.T. Kearney implementation of Oracle Secure Enterprise Search. This implementation was done by Echelon Consulting, who have done a number of SES implementations and have very happy clients. Amin Negandhi, the CEO of Echelon, really knows his stuff. He will be speaking at the Gilbane Conference in SF this week.

The other article is about Delivering on the Promise of Enterprise Search. There was a limited amount of space or I would have gone off much further about what the Oracle Secure Enterprise Search team has done regarding security, comprehensive connectors, and the new user interface that includes faceted navigation. If you haven’t seen that, you’re in for a treat. The dev team showed the sales team and they said “we don’t want to use Google anymore!”

Wednesday, June 11, 2008

Federal Rules of Civil Procedure Article in Information Management Journal

Raghu and I wrote an article for the Information Management Journal - the ARMA magazine. You can read it here. Most curious that a few of the responses have been more about information security – how can I delete remote documents, how can I track usage. Somewhat tangential but coincidental, since Oracle offers Information Rights Management which does exactly that.

Monday, June 9, 2008

Inside Counsel Webinar

I did a web seminar a week ago to the audience of Inside Counsel magazine. The focus was Information Rights Management, and how you can share your documents with customers and partners and retract those rights later. Rather than focusing on the IT aspects of this, I focused on the legal issues and use cases.

Accompanying me on the webinar was Rebecca Perry of Jordan Lawrence. Rebecca talked about how organizations can find and identify the most crucial information that they need to secure. The main types of information she identified were customer information (credit card numbers, for instance), employee information, intellectual property, medical information such as drug screening, and personal data such as SSN. Most companies are surprised to find that they have tens to hundreds of violations daily as this type of information leaves on laptops, emails, thumb drives, or through other means.

We did four surveys during the session, the most interesting one to me was what kind of information was most critical to protect. Overwhelmingly our audience said customer information. This is the information that causes the most exposure, and costs the most money when it is leaked or lost. Rebecca had some great figures – the typical data breach costs a company $4.8 million, and companies see stocks fall and average of 1% to 4% the day after a breach is reported.

The Information Rights Management use cases I covered were:
  • Control who can view, print or copy information out of a document

  • Effectively delete a remote document by deleting the encryption key on your server. This also has document retention/e-discovery benefits.

  • Ensure employees, customer and partners are using up-to-date information by forcing updated content when their rights are checked

  • Audit usage of content, such as when an partner viewed or printed a document

  • Perform clawback of content that has been conveyed to opposing counsel improperly.

The other interesting survey result was the distribution of responsibility for creating security policies – IT 33% Legal 30% but company executives surprised me at 19%. It’s interesting to see this problem getting visibility across organizations.

You can hear the event