chris - Fotolia


ECM market trends to watch in 2015

The need for more granular content management rights and the lower cost of storage are just two trends likely to dominate the ECM market in 2015.

The pace of technology far exceeds anyone's ability to accurately predict specific outcomes. Still, a yearly effort to look deeply into the "crystal ball" often provides helpful insight into what the market might experience. In 2013, we divined what might transpire in ECM market trends in 2014. Let's do the same for enterprise content management (ECM) trends in 2015.

Focus on information rights management

Employees have been cited as the primary cause of data breaches. From the high-profile and intentional leaks of Edward Snowden to employees who lose equipment or have it stolen, workers pose a serious risk to enterprise information. Combine employee actions with public file-sharing technologies and email, as well as "whistle-blowing" sites like WikiLeaks, and corporate content can quickly and broadly be made public.

The vast majority of security surrounding content tends to be of the access control list (ACL) variety. Affinity groups, composed of user identities, are granted varying access rights to content. Through these access rights, users either have access or are prevented from having access to content. But what happens when an employee or contract worker who has legitimate access to content downloads a file or saves content to a portable format? ACLs don't help in this context. No longer protected by the ACL, content is fodder for any action the possessor chooses. It is in this situation that information rights management takes over.

We may finally see additional emphasis placed on combining information rights management with traditional ACL-based security.

IRM technologies place specific activity constraints on content. These rights are packaged with the content and follow it around, regardless of storage location. In this way, regardless of whether an employee has access to a file, he may be restricted from forwarding that content, printing it, saving it to a local PC or emailing it to others. Assuming a user emails it to another person, that user would also need rights to perform any action, including viewing the contents.

IRM is not new. The technology and various supplying vendors have been around for some time. However, security-related incidents continue to rise, as do the costs and downstream consequences. Finally, 2015 may be the year in which additional emphasis is placed on combining broad IRM capabilities with more traditional ACL-based security.

Consolidation of file storage in the cloud

Every major cloud provider has a bulk file storage option. From Microsoft's Azure Blob storage to Amazon Web Services' Simple Storage Service and Glacier to Google Drive. As each vendor's technology matures, the cost of storage has decreased significantly. At present, Microsoft charges 4 cents a gigabyte per month for the first terabyte, Amazon charges 3 cents a gigabyte per month for the first terabyte and Google charges a flat 2.6 cents a gigabyte per month. In all cases, the ultimate pricing depends on a few additional dimensions, such as network traffic to transport the data and transactions performed with the storage.

By contrast, enterprises that continue to invest in local storage, often via storage area networks, will spend orders-of-magnitude more for similar capacities. Firms are also then responsible for all local support and administration costs. Finally, if they need additional capacity, they have to go through another acquisition process. All combined, the low-cost and highly elastic cloud storage approach becomes attractive.

In 2015, we should see significant and directed adoption of either a pure cloud storage model or, at least, "hybrid" storage support for ECM systems. While there will likely be cases where cloud storage isn't practical or permitted, there are far too many where it's the best bet.

Commoditization of capabilities

By their very nature, ECM systems address a range of functional needs for enterprises. The combination of the needs addressed, in addition to the way each need is satisfied, often define a product. For example, EMC's Documentum provides an array of capabilities, including managing digital assets, information rights management, and complex content construction. The combination of features makes suites like Documentum an enterprise technology. But this combination also represents a great deal of work to write, maintain and support a diverse set of disconnected functions. Further, when customers purchase the entire suite, they have to accept the limitations of any given feature.

In 2015, we should start to see customers exploit external, commoditized services. Both Microsoft and Amazon represent major cloud players that have created ECM-independent content features. Whether for file storage, media services or IRM, customers will begin to look outside their core ECM to handle these kinds of commodity, transactional needs. In addition, ECM vendors will seek out strategic integrations with these atomic services. The approach makes sense because they can reduce their own support and maintenance costs while focusing on core features not so easily commoditized by third parties.

Unified identity

One of the persistent challenges for enterprise content is identifying who created it. While most organizations have a unified directory, just as many have begun to use external technologies. The easiest examples include Box, Dropbox, Facebook, Twitter and even Microsoft's own Yammer. The identity used in each of these services is not tied to the enterprise directly, and most employees will use a solution-specific identity for content contribution and management. However, each contains enterprise content that needs to be managed.

Shouldn't a single sign-on (SSO) solution fix this problem? It is true that SSO options could be a partial fix. Unfortunately, they don't tend to address all the issues with identity. SSO tools, for example, eliminate the need for an employee to remember separate credentials; employees log on once and the SSO tool handles authenticating to other systems. Therein lies the problem: Even though SSO eliminates the need to type in credentials, the separate identities still exist and the SSO is merely a "proxy" for these other credentials. If you need to stitch together a profile of content management-related activity by one individual, it would be virtually impossible -- each system still uses a unique identity for the same individual.

In 2015, we'll see more vendors and companies concentrating on a unified identify. This means that organizations will look for ways to create a composite view of any individual's contributions and/or activities among a range of content repositories; a unified identity is the foundation. Google, Yahoo, Facebook and others have developed a consumer-oriented approach. Microsoft (with its Azure Identity) and Open ID have focused on frameworks and an enterprise-centered approach.

Device security

Just five years ago, one could argue that PCs still ruled. Laptops and desktop computers were the primary way to accomplish digital work. But that's clearly no longer the case. Mobile devices, in all shapes and sizes, dominate the digital landscape. Work gets done across both PCs and mobile devices, with mobile often serving as the primary consumption point.

Unfortunately, mobile devices, especially those owned by individuals, represent a security challenge. Major mobile device vendors building primarily for the consumer market, combined with most enterprises resisting the mobile device movement, gave rise to slow security control adoption.

By now most enterprises have figured out that more rigid mobile security policies are required. Whether or not the firm purchases the mobile device or an employee integrates their personal device into the corporate network, security needs to be well considered and controlled. There's no more obvious example than with content. Especially in the context of a personal device, mixing company content and a personal device, even if it's just email, could be a recipe for data breaches.

To that end, 2015 will be the year that enterprises and vendors embrace appropriate, consistent and comparatively rigid mobile device controls. For its part, Microsoft has released a broad suite of mobile device management tools, as has IBM through its Tivoli brand.

While no year in technology is one without change, 2015 promises to be busy. Often technology needs to mature before mass adoption can occur. In 2013 and 2014, technologies were developing and maturing. In 2015, we should expect a period of integration and a shift toward capabilities that have now reached a tipping point.

Next Steps

Connecting silos with ECM software

ECM software in 2015

File sharing vs. traditional ECM software

Get more out of EMC Documentum

Dig Deeper on Enterprise content management software platforms