PleaseTech blog

We aim to provide useful, pertinent and sometimes fun insights into the world of document collaboration and the workings of a technology company

An increasing document workload

Posted by David Cornwell on 2. June 2014 10:44

Founder/CEO of PleaseTech Ltd - collaborative document review and co-authoring for the enterprise.


As you may be aware, PleaseTech attends a large number of conferences every year. Not only do we have a booth/stand to show our products and chat with existing and prospective customers, but also in order to get additional insight as to the pressures driving prospective clients, we conduct research at these conferences. This normally takes the form of a brief iPad questionnaire which we ask delegates to complete.

Where we get a statistically meaningful sample, we publish the results of this research as White Papers and webinars. The research tends to be geared towards the conferences’ specific industry or discipline, so the results from different conferences are not always directly comparable.

However, one of the recurring themes we see in this research is the increase in what we are calling the ‘document workload’. I’m thinking of the document workload as the number of documents required to achieve a certain goal. If that goal is running a successful business then let’s define it as the number of documents required to run the business.  Another way to think of it is, the number of documents required to do your job, or that you come across in your job. 

There is no doubt that the document workload is increasing. That’s what people tell us and it’s what we observe in our own business. Why? Well, the standard answer is the increased regulatory and legislative overhead and resulting increased emphasis in procedures and client auditing requirements. 

The phrase ‘If it’s not documented it didn’t happen’ (or similar wording) is well known, especially in the FDA-regulated Life Sciences market, which historically has been and remains our largest market. This is the corollary of procedures where it’s commonly stated that: 'If a process is not documented it doesn’t exist’. Whilst these clichés have always been true in Life Sciences, if you search for the terms you will find them equally applicable to Legal, Government, Healthcare, etc.

So the good news is that the document workload is increasing. Good news? Yes, very much so if you are a vendor in the ‘document workload mitigation’ industry. Whilst I suspect that the ‘document workload mitigation’ industry isn’t an officially recognized industry sector, it’s really the reason why there is so much focus on document management and document collaboration - a recognized sector which PleaseTech is very much part of. 

This increase in the document workload leads directly and unequivocally to an increase in the ‘review workload’. An increase in the review workload means an increase in demand for PleaseReview. In fact, we would argue that the review workload is a significant percentage of the effort required in dealing with the document workload. 

We have previously documented the results of our research which suggest that people have a low expectation of document collaboration solutions. Everyone just assumes that there is no way around the ‘tracked changes nightmare’. As the document workload increases, so will that nightmare and the associated pain. 

Mitigation is all about the reduction of pain and one of the things I’ve come to understand in my long career is that in order to sell a software product it must solve a pain point. If it doesn’t solve a pain point there won’t be a compelling ROI and it becomes a ‘nice to have’ - and no one has the time or budget for that stuff these days. 

Whilst I was thinking about the document workload and collating the ideas as a subject for this blog post, I thought a bit of research of my own was in order. I was hoping to find some research which quantified the increase of the document workload on businesses. From that I reasoned I could work out the increase in the review workload. I was somewhat surprised to find that there doesn’t appear to be much, if any, research on the subject. A search for ‘document workload’ resulted in nothing meaningful. Likewise ‘document burden’ didn’t produce anything interesting. There were a number of vendors talking about the ‘document burden’ but no hard research.

So, I’m thinking that we need to start researching this. We need to find out by how much the document workload is increasing year on year. We need to ask people what percentage of the document workload they estimate can be attributed to the review workload and what the pain is, in real terms, of the review workload. The output of all this research is a marketing campaign!

If you wish to be a part of this research, please let us know by emailing us at marketing@pleasetech.com!

 

PleaseTech and Generis form strategic partnership to integrate PleaseReview with CARA for life science organizations

Posted by Sarah Edmonds on 20. May 2014 15:47

The other half of marketing... Google


Following a strategic partnership with Generis Knowledge Management, PleaseTech is undertaking a project to integrate PleaseReview with the CARA user interface. This will be of particular interest to life science organizations which already use a content management platform - typically Documentum although there will be other supported ECMs. 

For those who aren’t aware, CARA is a configurable user interface and business rules engine that facilitates the creation, review, approval and management of documents and connects with various document repositories. CMSWire recently called CARA a ‘pretty slick tool’. Specifically, with the deprecation of EMC Documentum’s Webtop interface, CARA is being used as a replacement by many organizations.

This latest integration will provide life sciences organizations and other CARA users with a market leading document review and co-authoring process seamlessly integrated within their CARA interface.

Initially, we’ll be supporting CARA with the EMC Documentum platform. Other platforms will follow.

What this means for Generis’ customers is that they’ll be able to leverage the power and functionality of PleaseReview’s document review and co-authoring tools through CARA on their Content Management Systems.

So, as we start the long, slow farewell to Documentum’s WebTop, we hope this strategic partnership is just the beginning for CARA and PleaseReview.

Trials and tribulations of online security

Posted by Tim Robinson on 8. May 2014 14:45

CTO at PleaseTech


For most people working in IT, security is never far from the top of the priority list, and for PleaseTech we seem to get hit all ways because we’re an ISV but also a SaaS provider, our software often integrates with other applications (whether in the enterprise or the cloud), and we’re a distributed company that relies on many cloud and internet systems to get our job done.

We got off lightly with the Heartbleed virus because it does not affect Microsoft IIS, and by definition PleaseReview only works on IIS.

Heartbleed was a very interesting bug because it was such a simple coding mistake that could be understood, if not by everyone, then at least by non-programmers, whereas most attack vectors we see in software vulnerabilities are extremely sophisticated. Essentially what happens in a Heartbleed attack is that the client asks the server to “echo” back some data to show it’s still connected but, by lying about how much data it has sent, it can force the server to copy more data into the response than it should, and that extra data (which is just whatever happened to be stored in server memory at the time) could theoretically contain useful secrets.

Like many security glitches, this one comes down to the fact that C, the language used to implement SSL, allows a program to access blocks of “raw” memory rather than checking the start and end point of each variable being used. Because the attacker can’t choose which piece of memory to retrieve, he would have to rely on persistence and a large amount of luck to get anything useful, but the mass panic came because there was a theoretical chance of retrieving extremely sensitive information and nobody knew (or indeed still knows) to what extent it might have been exploited in the real world.

You can see that in this case, if you are a customer of, say, Dropbox, and a hacker uses the Heartbleed attack and happens to retrieve your password or credit card details, there is absolutely nothing you could have done to stop them.

Outside of direct PleaseTech business, I was affected by another internet security problem which is also quite simple and (hopefully) interesting to understand, and it is related to Hotmail hijacks.

If you’ve got friends or family that use Hotmail (which has recently been renamed Outlook, but let’s not confuse matters) you’ve probably received emails which appear to originate from them but are actually spam. Whenever this has happened to me in the past I have replied to the person in question saying that their Hotmail account may have been hacked and recommending them to change their password, but I’ve never really understood why this seems to happen with Hotmail (and less frequently Yahoo) but rarely or never to other providers. However, recently I was fortunate/unfortunate enough to witness a Hotmail hijack first-hand. Here’s how it works:

DISCLAIMER: I have described the nature of the attack to the best of my knowledge. I consider myself to be a pretty clever computer guy but there’s a chance I’ve gotten completely the wrong end of the stick about this whole thing. If you know better, let me know and I will happily withdraw this.

My girlfriend (who is emphatically not a computer geek) received an email apparently from a friend’s Hotmail account with a short piece of text and a hyperlink. Due to the format, I suspected it was spam but the text was something like “video of my recent holiday” so she had clicked on it before I could dissuade her. Up popped a video about a weight loss pill or something, so she realised it was spam and closed the window. Soon afterwards she noticed a lot of undeliverable and out-of-office replies coming into the inbox, so we checked the sent items and there were hundreds of them, all containing a short paragraph of text plus a hyperlink, and all sent during the few seconds she had the weight loss video on the screen.

This is called a "cross-site request forgery" (CSRF or XSRF). Basically because you are already logged in to Hotmail in one window, another window can also send requests to Hotmail which will automatically be executed under your Hotmail session. This was interesting to me because we have done work in PleaseReview to guard against exactly this type of attack.

There are well documented ways to guard against this kind of attack and recent versions of Microsoft’s own ASP.NET web development framework even have them built in. Why Hotmail doesn't use any of them is a mystery to me but it certainly explains why naïve users can have their Hotmail account hacked even when they have a secure password, whereas Gmail users don't suffer from the problem at all.

Hotmail detected the large amount of sent items, deduced there had been an attack and then made my girlfriend change her password and reset her security details. This might make the user feel like they have done something to counteract the spammers but as you can see, it doesn't make the slightest bit of difference to security because the attack doesn't depend on the spammer knowing your Hotmail password or any personal details, just on you clicking the link.

So how can you guard yourself against this kind of attack? This bug has been around for at least five years so don’t hold your breath waiting for Microsoft to fix it! Treat email hyperlinks that look like spam (i.e. where the text in the message doesn’t seem like the kind of thing your friend would normally write) with extreme suspicion and if you decide you want to click anyway just to find out, copy the URL and open it in another browser or in “private” browsing mode.

Following on from this, just last week there was an Internet Explorer vulnerability which could allow a hacker to access a user’s PC and run his own code. This was considered so serious by Microsoft that they even broke their rule of “XP support ends on April 8th” to release an immediate fix for XP. This isn’t quite so straightforward to explain but it basically comes down again to the fact that the software was written in C and so has no memory protection.

Similar to the Hotmail attack, this one means the attacker has to lure the user to a malicious web page but as we’ve seen, for many users that’s not difficult to do.

For all of us, both as suppliers and users of IT, it’s clear that online security is going to be an ever increasing part of our world. Even though bugs like these can be resolved, it would be extremely naïve to think we’ll ever solve them all when software is being produced at an ever increasing rate.

Plus of course, there are plenty of attacks that don’t rely on faulty software at all. In my own case I had to cancel my cell-phone account with EE because someone else was repeatedly calling up their support line claiming to be me but to have forgotten their password, then they would change their home address and order a new phone to be charged to my account. Even though this happened around 10 times in the course of a single month, EE seemed unable to put in place even the most basic measures to stop it (like calling me on me mobile phone which would have quickly enabled them to ascertain that the “me” trying to change the account details didn’t even have access to the phone connected to the account).

So the only lessons here for suppliers as well as customers are to be continually vigilant, understand what security threats exist and do your best to mitigate them, but don’t rely on any “silver bullet” to resolve your security issues..

 

The evolution of testing

Posted by Ashley Harrison on 11. March 2014 11:11

Senior test analyst for PleaseTech


The test team here at PleaseTech are at full speed ahead. This is currently one of my more exciting times as a tester as the next release of PleaseReview, our collaborative review solution, looms on the horizon and a host of new functionality and enhancements start to roll in. Getting to strip down a specification for new functionality where new ideas and possibly new technology are being implemented, analysing and identifying areas of risk, prioritising risk and ultimately identifying test case criteria are what gets the blood of a tester flowing - what other job pays you to break things!?

At the beginning of every release cycle for PleaseReview I sit down and look at what is coming, and establish a plan of attack – and then the murmur of automation creeps into my mind. Automation is on the mind of every test team I have been a part of, whether it was only a consideration or was being actively worked on. As a relatively juvenile profession, the core of a test team’s work is on a predominately manual basis. Automation is the evolution of testing.

When you sit down and think about it, automation initially appears a no brainer. The brilliant thing about automation is the flexibility it provides, for example:

-     It can be added to the overnight build script which then provides you with a log of results, which are waiting for you on your arrival in the morning and highlight any potential issues

      It can be used to lighten the load of regression testing allowing manual focus to be intensified on high risk areas;

      It can even (subject to software and configuration) identify areas of code change and call on previous automation test cases that ran over that specific area of code, giving you a heads up on potential issues before you have even had the chance to   look at the work item.

However, automation is not answer to everything… Certain software and testing activities lend themselves to automation but many don’t, especially in the area of document review.

For example, it’s one thing to automatically test the completion and submissions of an HTML form, it’s another to select some text in a document and edit it to create a proposed change.  If you think about it, the test is going to work for that precise document and that precise edit. However, we can’t control what documents clients put into PleaseReview, which bits they edit and what they put in that edit. In reality, edits are frequently copied and pasted from other documents. In fact, the Word documents are frequently large, complex documents which make full use of Word’s cross referencing, field codes, styles, and so on.

So, whilst there are areas of the testing we can automate some areas will have to continue to be manual.

There is also the fact that the initial implementation of an automated suite of tests is incredibly labour intensive, as is the maintenance. Before you even get to the stage of writing test cases you must establish which software fits best and what technology you are going to use. Once that has been decided on you can get to grips with creating an automation suite.

Creating an automation suite is, in itself, a software project. It needs to be designed, developed and tested, and that’s a challenge I’m up for.

Ultimately the quality of a released product lies with me. So automation is a must have in my point of view. We pride ourselves in the quality of our product, and to maintain the high standards that we have set ourselves, I plan to have automation up and running in the near future. The initial analysis of automation implementation suggests that it’s not going to be easy, but who likes easy?

Watch this space and I’ll let you know how I get on.

PleaseTech and Oracle® introduce WebCenter Content’s new collaborative document review capabilities

Posted by Sarah Holden on 24. January 2014 10:10

Half of the PleaseTech marketing team.


It’s been a couple of weeks since we announced our PleaseTech integration with Oracle’s WebCenter Content ECM platform. We are now following that up by hosting a brief webinar to demonstrate both what this partnership brings and how it works.

Oracle’s WebCenter Content allows businesses to not only consolidate and manage their documents and content from a central platform, but now has the added capability to address a very specific, yet prolific business issue. How to collaboratively edit, review and co-author a document at the same time as others, whilst maintaining control over the document, management over the process and adherence to corporate compliance requirements. Oh, and making it easy to do, too!

The webinar will be presented by PleaseTech CEO, Dave Cornwell and Senior Principal, Product Management, Oracle.

So simply sign up! LINK to webinar page.

Webinar: Collaborative document review within Oracle WebCenter Content

Thursday January 30th, 2014: 12 noon, EST / 9am PST / 5pm GMT

Duration: 30 minutes

 

We look forward to you joining us next week.

header bg