87
Posted by Stéphane Donzé ● 2/11/15 8:50 AM

Eliminating the Document Black Market

There is a document black market. Every enterprise has one, though they probably never thought of it this way. A real-world black market is an underground economy that exists outside of the legal domain. Similarly, within organizations unofficial content storage and exchange exists outside of the official processes and information systems.

A classic example: A sales person wants to share a document contained in a CRM system. He’s unable to get the system’s email forwarding system to work for him. So, he downloads to document and forwards it via his personal email. Another example: an employee makes a private copy of an official company presentation, and changes the messaging then forwards the “rogue” slide deck to recipients. And another very common example: Users downloading official document files to their laptops or tablets manually. But, they are then are unaware of new changes to the documents and so their documents are then outdated.

Why do document black markets exist? It’s the same reason that real-world black markets exist. In particular, they exist because processes and systems cannot accommodate specific issue urgency or uniqueness. More importantly, the official processes and systems are often just too painful to use.

The problem with document black markets is that they undermine overall business economies of scale because information cannot be shared as broadly as possible and they raise business risks over the longer term. For example: if there is turnover in a sales position and if a prior email thread with a customer isn’t in the official CRM system, it’s lost history for the new salesperson.

CTA Banner - ebook - 9 reasons for public cloud

So, what are some of the actions we can take to reduce the Black Market effect? First, we need to provide document processes and management systems that are:

  1. Adaptable to unexpected business events, yet efficient for every-day processes.
  2. Low effort, such that they are almost transparent. More importantly they must return value directly to their users (and not just indirectly to the greater good of the enterprise).
  3. Usable for complex, high volume processes and also for simple, infrequent, ad-hoc processes

Second, to implement these requirements we need to consider the following elements:

  1. Ownership. The first step in minimizing the impact of a document black market is to assure all important documents become the property of the enterprise early in their life. Of course, for reasons cited above, this is not easily done. The trick is to find a way to assert ownership transparently as the document is created and stored. Once documents is owned by the enterprise, it can assert who can see, edit, delete or copy or otherwise connect to them. Common problems such as accidental deletion or modification can be avoided. And if a document is accidentally deleted, it can be restored from a backup.
  2. Visibility. Often new, unofficial documents get created because the original official versions can’t be located. To avoid this problem, files must be completely visible to the community that uses them. There are two approaches, directories and search. Directories or folder structures organize documents so that users can have a single starting point for discovery but then traverse a tree of subfolders whose topics match their inquiry. Search can work too. But, the documents need to be tagged and/or categorized. Word count based search techniques are insufficient. So, the trick then is to find a way to curate and organize the files to shortcut the search process. Of course, the effort to properly locate and annotate files can be perceived as extra unnecessary effort. The trick then is to simplify categorization and tagging of files so that the extra effort to provide that search-enabling information is easy — almost transparent.
  3. Confidentiality. There are several factors that potentially disrupt confidentiality: (1) Missteps are often only one click away, (2) Document recipients often forward them to the wrong people unknowingly, (3) File server folder privileges can often be changed unknowingly if ownership is not appropriately assigned. Here the trick is to pre-plan document management rights for types of documents, then assign them transparently as part of the document creation process. This way document creators aren’t unknowingly exposing documents.
  4. Security. The most common security risk for a document is modification or loss of official documents, either unintentionally or purposefully. Even if its owned by the enterprise, users with modification rights to a document can still modify or delete of-record documents. So the trick here is to provide transparent assertion of enterprise-dictated access rights and also backup of the documents at the time of creation.
  5. Connectivity. I started this blog by saying that often an enterprise’s official processes and supporting systems are painful to use. Part of this challenge is because multiple systems or elements aren’t integrated well together, so the user has to cut-and-paste, download and upload and otherwise manually conduct the transfer documents between authoring tools, workflow processes and storage systems. Reducing the pain means eliminating the manual document transfer steps and do so without complex, unexplained, time consuming forms used to intake documents. Again, transparency is the goal.

CTA Banner - Cloud Security - Virtru Webinar 1

To summarize, the way to eliminate the document black market is to subvert it through transparency. Meaning, to augment the its tools and paths of communication so that the extra effort is minimal or even zero. The second way is to provide capabilities that directly benefit the user and not just the whole enterprise. This then promotes viral adoption. AODocs is dedicated to helping organizations support social innovation and execution by providing transparent connections between informal communications and formal document and information management. If you’d like to know more about AODocs' solutions, click here.

Tags: Document Management, Compliance