I’ve been fortunate in my career to see a drastic change in how Enterprise content management systems have evolved from the early, siloed document and web content management systems to the mission critical application platforms of today that distribute content across social media channels, web sites, email and mobile.
With this progress and increased role of Enterprise CMSs come new challenges -- especially as mission critical content becomes decentralized and social. An often neglected area of CMS discussion and importance is the enterprise, where the challenges are less straightforward than what is found in pure public distribution.
Challenges of the Modern Enterprise CMS
In Gartner’s October 2011 Magic Quadrant for Horizontal Portals, Gartner summed up the challenges companies face as their CMS systems adapt from an IT-centric, well-controlled environment to the people-centric world that comes with social media:
Until recently, most portal providers appealed to enterprise IT leaders first, often emphasizing the security and compliance counterpoints to this new, flexible, yet seemingly risky, user-centricity … (Portal vendors) must offer social experiences and mechanisms that enhance usability and ensure end-user adoption of their products. Meanwhile, enterprise portal vendors must bring the appropriate level of user appeal into a productive, reliable, extensible and secure portal environment.”
For me, this doesn't just boil down to social vs. security. In fact, Gartner's report uses the terms "user appeal," "user-centric," "usability" and "productivity," all of which imply the importance of making security work so that users become happier, stronger workers (I'm told happiness increases productivity). Companies need to take some time to analyze the key component that drives Enterprise CMS usability and is the primary avenue for user-centric quality: search.
Within many companies you have a spectrum of CMS systems that exist. Some are heavily public and some are heavily enterprise, having various degrees of security between them. Take, for example, web-based documentation as content that needs to be public and searchable via the public CMS. Some organizations claim 60+ percent of their web site traffic comes from web-optimized documentation.
These usually social, collaborative documentation systems work well for public consumption and typically do not require complex security systems to be in place. On the other hand, for Enterprise CMSs, security often becomes the greatest priority. Enterprises may even be forced to create silos of information through physical separation. In some cases this is mandated by law, but in many cases it's due to limitations of the Enterprise CMS.
The result is a myriad of internal systems that ultimately need to be integrated through some breed of SSO and in the name of "usability," integration may go as far as portal based integration. The greatest victim of this type of scenario is usually search. The job of providing accurate, aggregated, faceted, usable, user-centric and secure search across this type of complex network seems insurmountable.
Yet you don't have to look much further than "The Search Engine Wars" for evidence of just how important search really is. This is no less the case when it comes to enterprise. Enterprise search then should provide users with the resources when and how they need them, taking care of course not to lose sight of security and bridging the boundaries defined by security policies. Making search and security work hand in hand is the key criteria for a success story of the Enterprise CMS.
Does your content management system sacrifice security for the sake of an easier search experience? Or does the complexity of the security overwhelm and make for dreadful search experiences that result in further content duplication and isolation? The goal is to build a system that gains high marks in both security and usability (i.e. search): it provides the flexibility required by the advanced security needs of your environment while providing high usability and a good user experience.
Guidelines for Achieving a Workable Balance:
1. A two-way street between search and security
The traditional approach to Enterprise CMSs is to place security data in one repository while all the search data goes in another. That’s a problem. One cannot perform a search that will reflect security policies without the search infrastructure knowing something about those security policies. Share some information. A certain amount of security information must be shared with the search infrastructure (user X can read A and B).
2. Real-time governance
Keep information up to date and in sync between security and search. Do not let the search infrastructure's shared data go stale when making changes in the security policies. The data must stay relevant and fresh, or else it’s going to be wrong (user X can no longer read B; not sharing this change leaves user X finding B in search).
3. Context awareness
When a request comes in for information, take the context of that request into consideration when performing the search. If a user logs on and performs a search, the system "knows" the user and takes the person’s credentials into consideration when passing this information to the search infrastructure. The search infrastructure can then calculate the correct result (user X finds A, but not B; the administrator revokes user X's permissions on A, user X finds neither A or B).
When it comes to Enterprise CMS, a large part of increasing adoption comes from the trust users will put in the system, particularly when it comes to handling sensitive information. You want the system to earn users’ trusts while providing great usability. It takes a lot of work to find the right balance between search and security, but when you do, your organization will find its Enterprise CMS users to be a happier, more productive lot.
Title image courtesy of Anatoli Styf (Shutterstock)
Editor's Note: You may also be interested in reading this article: