Tag Archives: regulatory

M-Files cloud subscription turns hybrid with M-Files Online

To reflect the desire for flexibility, and regulatory shifts in the enterprise content management industry, software vendors are starting to offer users options for storing data on premises or in a cloud infrastructure.

The M-Files cloud strategy is a response to these industry changes. The information management software vendor has released M-Files Online, which enables users to manage content both in the cloud and behind a firewall on premises, under one subscription.

While not the first ECM vendor to offer hybrid infrastructure, the company claims that with the new M-Files cloud system, it is the first ECM software provider to provide both under one software subscription.

“What I’ve seen going on is users are trying to do two things at once,” said John Mancini, chief evangelist for the Association of Intelligent Information Management (AIIM). “On one hand, there are a lot of folks that have significant investment in legacy systems. On the other hand, they’re realizing quickly that the old approaches aren’t working anymore and are driving toward modernizing the infrastructure.”

Providing customer flexibility

It’s difficult, time-consuming and expensive to migrate an organization’s entire library of archives or content from on premises to the cloud, yet it’s also the way the industry is moving as emerging technologies like AI and machine learning have to be cloud-based to be able to function. That’s where a hybrid cloud approach can help organizations handle the migration process.

Organizations need to understand that cloud is coming, more data is coming and they need to be more agile.
John Mancinichief evangelist, Association of Intelligent Information Management

According to a survey by Mancini and AIIM, and sponsored by M-Files, 48% of the 366 professionals surveyed said they are moving toward a hybrid of cloud and on-premises delivery methods for information management over the next year, with 36% saying they are moving toward cloud and 12% staying on premises.

“We still see customers that are less comfortable to moving it all to the cloud and there are certain use cases where that makes sense,” said Mika Javanainen, vice president of product marketing at M-Files. “This is the best way to provide our customers flexibility and make sure they don’t lag behind. They may still run M-Files on premises, but be using the cloud services to add intelligence to your data.”

M-Files cloud system and its new online offering act as a hub for an organization’s storehouse of information.

“The content resides where it is, but we still provide a unified UI and access to that content and the different repositories,” Javanainen said.

M-Files Online screenshot
An M-Files Online screenshot shows how the information management company brings together an organization’s content from a variety of repositories.

Moving to the cloud to use AI

While the industry is moving more toward cloud-based ECM, there are still 60% of those in the AIIM survey that want some sort of on-premises storage, according to the survey.

“There are some parts of companies that are quite happy with how they are doing things now, or may understand the benefits of cloud but are resistant to change,” said Greg Milliken, senior vice president of marketing at M-Files. “[M-Files Online] creates an opportunity that allows users that may have an important process they can’t deviate from to access information in the traditional way while allowing other groups or departments to innovate.”

One of the largest cloud drivers is to realize the benefit of emerging business technologies, particularly AI. While AI can conceivably work on premises, that venue is inherently flawed due to the inability to store enough data on premises.

M-Files cloud computing can open up the capabilities of AI for the vendor’s customers. But for organizations to benefit from AI, they need to overcome fears of the cloud, Mancini said.

“Organizations need to understand that cloud is coming, more data is coming and they need to be more agile,” he said. “They have to understand the need to plug in to AI.”

Potential problems with hybrid clouds

Having part of your business that you want more secure to run on premises and part to run in the cloud sounds good, but it can be difficult to implement, according to Mancini.

“My experience talking to people is that it’s easier said than done,” Mancini said. “Taking something designed in a complicated world and making it work in a simple, iterative cloud world is not the easiest thing to do. Vendors may say we have a cloud offering and an on-premises offering, but the real thing customers want is something seamless between all permutations.”

Regardless whether an organization is managing through a cloud or behind a firewall, there are undoubtedly dozens of other software systems — file shares, ERP, CRM — which businesses are working with and hoping to integrate its information with. The real goal of ECM vendors and those in the information management space, according to Mancini, is to get all those repositories working together.

“What you’re trying to get to is a system that is like a set of interchangeable Lego blocks,” Mancini said. “And what we have now is a mishmash of Legos, Duplos, Tinker Toys and erector sets.”

M-Files claims its data hub approach — bringing all the disparate data under one UI via an intelligent metadata layer that plugs into the other systems — succeeds at this.

“We approach this problem by not having to migrate the data — it can reside where it is and we add value by adding insights to the data with AI,” Javanainen said.

M-Files Online, which was released Aug. 21, is generally available to customers. M-Files declined to provide detailed pricing information.

Compliance Manager tool aims to ease security audit process

underlying environment also means they are at Microsoft’s mercy for its answers on regulatory compliance audits. To address this situation and others, Microsoft developed a Compliance Manager tool that provides a real-time risk analysis of the different cloud workloads.

Over the last year, there has been an uptick in security measures in the enterprise. Two compliance regulations that come up frequently are the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR).

For HIPAA, introduced in 1996, the rise in hospital audits by the Office for Civil Rights and data breaches in recent years has many enterprises re-evaluating their security practices around patient data. GDPR is the compliance requirement that starts May 25, 2018, for organizations that handle the data of European Union citizens.

Most organizations that deal with HIPAA, GDPR or any other regulatory compliance know the difficulties associated with tracking results from audits, questionnaires, surveys and other standard operating procedures. The amount of information required to satisfy requests for compliance checklists and security assessments can overwhelm many Exchange administrators.

Regardless of the industry, the IT staff must address regulatory compliance audits; otherwise, the company can face financial and legal penalties. Microsoft released its Compliance Manager tool in November to assist IT in these efforts.

Compliance Manager tool offers compliance overview

Compliance Manager is a SaaS application located in the Service Trust Portal that features a dashboard summary of an organization’s data protection, compliance status and documentation details related to GDPR, HIPAA and other requirements.

The Compliance Manager tool provides an automated assessment of Microsoft workloads such as Office 365, Dynamics 365 and some in Azure. The utility suggests ways to boost compliance and data protection in the environment.

Compliance audits often require gathering the same information. Exchange administrators can save some time by using the Compliance Manager tool, which acts as a central repository of audit details and documentation. Admins can maintain this documentation over time and ensure they meet the compliance processes mandated by their teams.

The Compliance Manager tool is still in preview mode; Microsoft said it plans to have all the compliance templates set prior to May 2018, but anyone with an Office 365 subscription can sign up to test it.

For on-premises workloads, the Compliance Manager tool provides the requirements that need to be validated and evaluated by the administrators. Microsoft has not indicated if it will extend the automated assessment feature to any on-premises tools.

Compliance Manager assists administrators with compliance requirements across the different Microsoft workloads with full document management features and task management.

Compliance Manager assessments
The dashboard in the Compliance Manager tool gives a summary of the controls fulfilled by the customer and by Microsoft to meet a standard or regulation.

Compliance Manager breaks down compliance for a standard or regulation into assessments. Each assessment consists of controls mapped to a standard that are shared between Microsoft and the tenant. The dashboard shows which controls a customer and Microsoft have met to comply with a regulation or standard.

Administrators can use the Compliance Manager portal to manage control assignments for team members based on specific compliance requirements. Microsoft calls this task management feature action items, and it allocates different controls to individuals within the organization. This helps organize the tasks needed from each IT worker, such as data or email retention associated with GDPR, that Exchange administrators must complete. The platform enables administrators to set the priority and the individual responsible for it.

There are a few other features in the Compliance Manager tool worth noting:

  • A flexible platform that supports multiple regulations. In the initial preview release of the Compliance Manager tool, the application only supports GDPR, ISO 27001 and ISO 27018. Microsoft said it will add support for HIPAA and other regulatory standards, such as the National Institute of Standards and Technology Special Publication 800-53. Having one tool that covers the range of regulatory compliance requirements makes it a very attractive option for IT and Exchange administrators.
  • Coverage on multiple platforms. After Microsoft introduced Office 365, a number of Exchange Online administrators began to manage more than just Exchange workloads. It’s the responsibility of the IT department to ensure the interdependent workloads associated with Exchange Online meet compliance requirements. Microsoft includes assessments of Dynamics 365, Azure and the full Office 365 suite in the Compliance Manager tool to give IT full visibility into all the workloads under one compliance platform.

Compliance Manager tool shows promise

Microsoft has certainly delivered a good snapshot of what most compliance officers and administrators would like in its preview version of Compliance Manager. However, the tool only addresses three existing compliance requirements, when many in IT will want to see coverage extend to include the Payment Card Industry Data Security Standard, the Sarbanes-Oxley Act, HIPAA, Food and Drug Administration 21 Code of Federal Regulations part 11 and others. 

While there are a number of mature compliance and auditing tools in the market that offer more certifications and regulatory compliance, Compliance Manager eliminates the daunting task for administrators to produce detailed assessments under each of the compliance requirements. Some of this manual work includes interviewing Microsoft technical resources, gathering legal and written statements with certain security configurations, and, in some cases, hiring third-party auditors to validate the findings.

Microsoft will need to cover the rest of the compliance spectrum to encourage administrators to embrace this platform. But the platform is easy to use and addresses many of the concerns organizations have with the upcoming GDPR.