When thinking of Enterprise Content Management scenarios, be they document and records management, web content management or even collaboration and social business software, a very unglamorous element of designing, building and implementing these systems is managing the user accounts. So as we start a new year, let us take a reflective moment to consider this important, if often overlooked element of managing our content.

The Ghost of Christmas Past

Whether you are in a small to medium enterprise, or the manager/administrator of a small-scale system in a globe spanning enterprise, you may be able to benefit from the old fashioned method of managing all your users and groups of users within the content management application itself. For you, this approach may not add any considerable management overhead as the overall number of users and groups remains small enough for one or two people to keep on top of. Also, the likely complexity in such scenarios, specifically with respect to permissions and access control requirements, should be at a manageable level.

However, when you scale such a system up to an enterprise level, this approach becomes the ghost of Christmas past, because it's likely to bite you on your posterior. As numbers of users, groups of users and the complexity of environment increases, the overheads involved in managing your users becomes much larger, to the point that it may become painful for users and inefficient for the business as a whole.

The Ghost of Christmas Present

I am going to address my comments to a specific directory system as an example, namely Microsoft Active Directory (AD), but if you're not a MS shop, you can swap in any Enterprise Identity Access and Management (EIAM) technology stack -- the issues remain the same. The issues are many and varied, and they are very well known, but that does not mean organizations have been good at dealing with them. For example, for Active Directory, Microsoft has produced literally tons (or tonnes) of advice and best practice material on how best to set it up, manage it and utilize it, so if we want to be really contentious, we could say there really is no excuse for doing a bad job of this -- but real life is never that simple.

What are the major EIAM issues when it comes to Enterprise CMS? In my experience they crop up most in enterprise-wide use cases, for EDRM systems (e.g. FileNet P8, EMC Documentum, OpenText Content Manager aka LiveLink) or content-centric collaboration platforms such as SharePoint, or for large deployments of social business software (e.g. Jive) where there are large numbers of users and user groups.

If you have a sound, well designed, organized and managed EIAM system, in other words, the system that you should use to manage all groups of users, then it hooks into your Enterprise CMS or collaboration system and the administrators or "devolved managers" can look for and add these existing groups. To take this to its logical extent, you need either a single centralized, or a number of devolved teams that manage the EIAM environment, using the appropriate tools.

So instead of devolving administration to the local SharePoint super user, who may or may not have much expertise or experience in SharePoint, so that they can spend hours outside their core tasks adding users to groups or sites, we should employ a centralized team with all the required Active Directory management tools and an appropriate workflow tool (i.e. a "ticketing" system) where end users can use a simple web front-end to make requests to add users to specific groups.

I have seen both approaches. I have worked in an organization in the UK, of around 11,000 end users which had a small central team (3 people) to manage AD, with local IT support staff in the business units able to add users to AD groups. It worked very well, and meant when Documentum was implemented there was an easy way to build the required groups and to attach those user groups to the folder structure and build out the permissions as required. On the other hand, I have worked in an organization in Canada with a very similar sized set of users, where there was no such management function, and SharePoint site owners got to spend lots of fun time setting up their own groups, adding individual users and generally propagating bad practice, instead of focusing on their real jobs.

The Ghost of Christmas Future

So if many of our organizations don't have well managed EIAM environments, which causes us pain in setting up and managing our Enterprise CMS and collaboration environments (and many other enterprise systems, too!), how on earth are we going to manage cloud and cloud/private hybrid systems?

My good friend Lawrence has coined the term Omnipresent Content Management (OCM) as the label for the future beyond Enterprise CMS. It includes a large cloud component that would allow users to access their content as and when they need it, independent of the application they are working in, the device they are using or their location. In our discussion of this subject at last years AIIM conference we decided that a real barrier to the development of OCM was going to be scalable, reliable and truly secure services to provide federated identity management.

I will finish with a set of questions for you, to hopefully generate some comments:

  1. Does your current EIAM/directory services environment cause you problems managing your content?
  2. If some organizations are so bad at managing this internally, do you think there is any hope for us to create the infrastructure to provide a cloud-based future to enable Omnipresent Content Management?

If you're an EIAM expert (because I am not), please weigh in with your opinions.

Editor's Note: You may also be interested in reading: