Firstly, let me remind you that these ramblings do not necessarily reflect EMC's thoughts. Although I am very proud of the technology that we build at EMC I try to keep my blog agnostic - I think it is more interesting that way. Bear this in mind when you read my thoughts on Microsoft's foray in to the world of records management. This entry is not a Microsoft-bashing session just to be fashionable, I genuinely believe that Microsoft's strategy is flawed and will be damaging to a company's records management deployments.
From a compliance perspective there are a lot of things that concern me about applications like Sharepoint. For example, their relative ease of deployment makes them viral in nature, the lack of centralized repository makes risk management & discovery difficult -- security and scalability are another blog entry all together but these are not my biggest concern. My biggest concern might be somewhat less obvious. I'll try to make this very brief because I don't want to belabor the point; as always email me or post comments if you want to discuss the implications.
Can you say "Silo"?
Let's start with a brief history of records management. When all records were printed on papyrus/paper we had no choice but to move them to a secure storage location for safe keeping. Later, when the first electronic records management systems came on to the scene we replicated this model; when a document was deemed to be a "copy of record" it was moved to a separate electronic document repository. We did this for two key reasons: 1) The only system we could rely on for immutability was the records system and 2) It allowed us to sleep soundly at night seeing all of the records safely held in one single location.
However, the problems related to moving records in to a silo are significant. The most obvious one is that you just moved a business document in to a silo -- hence it is no longer where it used to be. Heaven help the poor sap who was using it and still needs to have access to it. Obviously you could copy the file to the silo but that creates a disposition and security headache later on.
Over the last 5 years we have started moving away from the mandatory "silo it to protect it" model. For example, here at EMC, our records management system can enforce DoD chapter 4-level security on any piece of content in any Documentum repository without having to move it anywhere. This means that the record declaration of a document can happen in a non-invasive way -- there's no reason to up-root the content just because it makes you feel better.
Not convinced? Look at the amount of excitement around EMC's assured federated records management solution. Why is it compelling? Because we want to centralize the management of our compliance solutions. We want to have a single place to go to see all records, perform discovery, manage disposition, do capacity planning, etc. Every time you create a new non-federated silo you compound the problem of enterprise-wise records management.
So why does Sharepoint's approach to records management scare me so much ? Every Sharepoint repository is effectively a content silo. Forget formal records management for a second and consider discoverable content - pretty much anything in your enterprise could be subject to a discovery notice from the courts. Will you be able to go to one place and find, categorize, lock down and deliver content from all of your Sharepoint repositories? I spoke to a customer recently who were adding 1,000 new Sharepoint repositories a month - yes, that's 12,000 new silos per year.
If you think that's bad then understand that when you declare a record in Sharepoint it moves the document to a separate records repository (read "silo") -- sounds familiar doesn't it? It's what we were all doing 10 years ago and have fought hard to move away from for the last 5 years.
The bottom line.
Sharepoint might look very compelling now but when you have 20,000 disparate repositories in your organization and you need to perform controlled disposition or start a formal discovery you'll feel the pain - I guarantee it! I want to re-assure you that this is not me taking an anti-Microsoft stance as a marketing ploy -- I genuinely believe that this silo-approach to records management will hurt records deployments significantly. We cannot let it happen, sign a partition, (there's one in the bathroom), or better still a petition.
If you are going to do this, and I do understand why it is compelling, then at least ensure that you are using a decent federated search engine to tie the content together; better still, use Sharepoint as a front end to a real enterprise content management solution...if not then you are on your own. Let me know if you are moving ahead and I'll set up a cron job that will email you a "Told you so" in 2 years time.