PleaseTech blog

We aim to provide useful, pertinent and sometimes fun insights into the world of document collaboration and the workings of a technology company

What's your problem?

Posted by Sarah Edmonds on 18. June 2014 09:56

The other half of marketing... Google


What’s your problem?  No really, we want to know.  What are the problems you’re experiencing with your document review process?  Do you have a higher number of documents to review, how are you reviewing those documents, is the process working well for you?

It’s these sort of questions we’ve been asking prospective customers at the shows we’ve been attending this year.  At PleaseTech marketing HQ, it not only helps us get our messaging right, it also educates us so we can fully understand the inefficiencies of other review options (PDF, track changes with email, SharePoint, etc.) and why they don’t provide a completely effective review process.

Our latest research was gathered at the APMP Bid & Proposal Conference in Chicago in May of this year and highlighted something we’ve suspected for some time; that the document workload is increasing.   For proposal professionals, this means the number of documents they have to review is getting bigger and bigger.

Fine if the size of your team is increasing in proportion to the number of documents.   Or if you have a process in place to effectively manage the number of reviews coming across your desk, but our research suggests this isn’t the case.

Lots of color team reviewers don’t have simultaneous access to documents, nor can they review whenever, wherever and on any device.  Frustratingly, this means they’re sat at their desk waiting for a colleague to finish working on a document before they can begin. 

Many also say they’d like to know which of their changes do or don’t make the final draft, and associated rationale.

From the perspective of managing a review, document owners still have to merge several sets of changes into a master copy; they aren’t using a system which allows them to automatically incorporate all changes in one go. 

Often reviews are delayed when people forget about deadlines, and people tell us that a system that sent out reminders would be seriously helpful.  On the flip side, using a system that also showed each of the reviewers’ status on a review is also highlighted as being extremely useful by respondents. 

We know from past research conducted at SharePoint conferences that people are using legacy tools to review documents and this is the same for proposal professionals – tools of the trade include PDF mark-up, track changes with email or shared drives, and even hard copy. 

This amounts to proposals that miss deadlines; take far longer than necessary to complete; cost valuable work hours and causes inevitable disharmony amongst reviewers.

Every year, lots of new users come on board and start using PleaseReview.  Some of them from our existing customer base who see their colleagues using our software and want a slice of the cake, others new customers who come to us via our website, or who we meet at shows.  What they all have in common was a poor document review process, and the knowledge that there is a better way.  As for the rest of you, hopefully our research will begin to help you understand and improve your own processes.  We look forward to discussing it with you at one of the next shows we’re attending.

 

Veeva Vault and PleaseTech ‘take off’ with new integration

Posted by Sarah Holden on 12. June 2014 11:33

Half of the PleaseTech marketing team.


PleaseReview is already extensively used throughout Life Science companies, but we have high hopes of expanding this even further thanks to our most recent integration with another significant and rapidly growing player in this sector, Veeva Systems.

    Last week we announced the integration between PleaseReview and Veeva Vault.
A match made in heaven, well at least in the Cloud. 

Whilst we have several platform integrations in place which are based around on premise installations, and have many cloud customers, this is our first purely cloud-based integration. 

Veeva are specialists in cloud-based software for the Life Sciences Industry, and their Vault platform provides regulated content management applications that touch just about every part of a life sciences company - from clinical trials, to manufacturing, regulatory submissions, medical communications and marketing.  PleaseReview tackles the specific task of collaborative document co-authoring and review which, in the document-intensive and heavily regulated Life Sciences sector, is also applicable across departments and disciplines. 

The process is straightforward and user administration is managed in a single location. In practice, users simply login to PleaseReview, select documents stored within the controlled Veeva Vault repository, review and edit them within PleaseReview’s controlled collaborative environment and then check them directly back into Veeva without leaving PleaseReview.

As Life Sciences is such a regulated industry, control is a necessary consideration and a key element of both products’ success. In fact, the synergy between PleaseTech and Veeva is so strong that it led to customers asking for this integration.  Now PleaseReview can be used in conjunction with Veeva’s Submissions, QualityDocs, eTMF, MedComms and PromoMats Vaults.

We are just finalizing plans with Veeva to host a joint webinar to show how it all works in a little more detail, and I hope to be able to share that with you shortly. If you wish to be kept informed, just let us know.

 

 

An increasing document workload

Posted by David Cornwell on 2. June 2014 10:44

Founder/CEO of PleaseTech Ltd - collaborative document review and co-authoring for the enterprise.


As you may be aware, PleaseTech attends a large number of conferences every year. Not only do we have a booth/stand to show our products and chat with existing and prospective customers, but also in order to get additional insight as to the pressures driving prospective clients, we conduct research at these conferences. This normally takes the form of a brief iPad questionnaire which we ask delegates to complete.

Where we get a statistically meaningful sample, we publish the results of this research as White Papers and webinars. The research tends to be geared towards the conferences’ specific industry or discipline, so the results from different conferences are not always directly comparable.

However, one of the recurring themes we see in this research is the increase in what we are calling the ‘document workload’. I’m thinking of the document workload as the number of documents required to achieve a certain goal. If that goal is running a successful business then let’s define it as the number of documents required to run the business.  Another way to think of it is, the number of documents required to do your job, or that you come across in your job. 

There is no doubt that the document workload is increasing. That’s what people tell us and it’s what we observe in our own business. Why? Well, the standard answer is the increased regulatory and legislative overhead and resulting increased emphasis in procedures and client auditing requirements. 

The phrase ‘If it’s not documented it didn’t happen’ (or similar wording) is well known, especially in the FDA-regulated Life Sciences market, which historically has been and remains our largest market. This is the corollary of procedures where it’s commonly stated that: 'If a process is not documented it doesn’t exist’. Whilst these clichés have always been true in Life Sciences, if you search for the terms you will find them equally applicable to Legal, Government, Healthcare, etc.

So the good news is that the document workload is increasing. Good news? Yes, very much so if you are a vendor in the ‘document workload mitigation’ industry. Whilst I suspect that the ‘document workload mitigation’ industry isn’t an officially recognized industry sector, it’s really the reason why there is so much focus on document management and document collaboration - a recognized sector which PleaseTech is very much part of. 

This increase in the document workload leads directly and unequivocally to an increase in the ‘review workload’. An increase in the review workload means an increase in demand for PleaseReview. In fact, we would argue that the review workload is a significant percentage of the effort required in dealing with the document workload. 

We have previously documented the results of our research which suggest that people have a low expectation of document collaboration solutions. Everyone just assumes that there is no way around the ‘tracked changes nightmare’. As the document workload increases, so will that nightmare and the associated pain. 

Mitigation is all about the reduction of pain and one of the things I’ve come to understand in my long career is that in order to sell a software product it must solve a pain point. If it doesn’t solve a pain point there won’t be a compelling ROI and it becomes a ‘nice to have’ - and no one has the time or budget for that stuff these days. 

Whilst I was thinking about the document workload and collating the ideas as a subject for this blog post, I thought a bit of research of my own was in order. I was hoping to find some research which quantified the increase of the document workload on businesses. From that I reasoned I could work out the increase in the review workload. I was somewhat surprised to find that there doesn’t appear to be much, if any, research on the subject. A search for ‘document workload’ resulted in nothing meaningful. Likewise ‘document burden’ didn’t produce anything interesting. There were a number of vendors talking about the ‘document burden’ but no hard research.

So, I’m thinking that we need to start researching this. We need to find out by how much the document workload is increasing year on year. We need to ask people what percentage of the document workload they estimate can be attributed to the review workload and what the pain is, in real terms, of the review workload. The output of all this research is a marketing campaign!

If you wish to be a part of this research, please let us know by emailing us at marketing@pleasetech.com!

 

PleaseTech and Generis form strategic partnership to integrate PleaseReview with CARA for life science organizations

Posted by Sarah Edmonds on 20. May 2014 15:47

The other half of marketing... Google


Following a strategic partnership with Generis Knowledge Management, PleaseTech is undertaking a project to integrate PleaseReview with the CARA user interface. This will be of particular interest to life science organizations which already use a content management platform - typically Documentum although there will be other supported ECMs. 

For those who aren’t aware, CARA is a configurable user interface and business rules engine that facilitates the creation, review, approval and management of documents and connects with various document repositories. CMSWire recently called CARA a ‘pretty slick tool’. Specifically, with the deprecation of EMC Documentum’s Webtop interface, CARA is being used as a replacement by many organizations.

This latest integration will provide life sciences organizations and other CARA users with a market leading document review and co-authoring process seamlessly integrated within their CARA interface.

Initially, we’ll be supporting CARA with the EMC Documentum platform. Other platforms will follow.

What this means for Generis’ customers is that they’ll be able to leverage the power and functionality of PleaseReview’s document review and co-authoring tools through CARA on their Content Management Systems.

So, as we start the long, slow farewell to Documentum’s WebTop, we hope this strategic partnership is just the beginning for CARA and PleaseReview.

Trials and tribulations of online security

Posted by Tim Robinson on 8. May 2014 14:45

CTO at PleaseTech


For most people working in IT, security is never far from the top of the priority list, and for PleaseTech we seem to get hit all ways because we’re an ISV but also a SaaS provider, our software often integrates with other applications (whether in the enterprise or the cloud), and we’re a distributed company that relies on many cloud and internet systems to get our job done.

We got off lightly with the Heartbleed virus because it does not affect Microsoft IIS, and by definition PleaseReview only works on IIS.

Heartbleed was a very interesting bug because it was such a simple coding mistake that could be understood, if not by everyone, then at least by non-programmers, whereas most attack vectors we see in software vulnerabilities are extremely sophisticated. Essentially what happens in a Heartbleed attack is that the client asks the server to “echo” back some data to show it’s still connected but, by lying about how much data it has sent, it can force the server to copy more data into the response than it should, and that extra data (which is just whatever happened to be stored in server memory at the time) could theoretically contain useful secrets.

Like many security glitches, this one comes down to the fact that C, the language used to implement SSL, allows a program to access blocks of “raw” memory rather than checking the start and end point of each variable being used. Because the attacker can’t choose which piece of memory to retrieve, he would have to rely on persistence and a large amount of luck to get anything useful, but the mass panic came because there was a theoretical chance of retrieving extremely sensitive information and nobody knew (or indeed still knows) to what extent it might have been exploited in the real world.

You can see that in this case, if you are a customer of, say, Dropbox, and a hacker uses the Heartbleed attack and happens to retrieve your password or credit card details, there is absolutely nothing you could have done to stop them.

Outside of direct PleaseTech business, I was affected by another internet security problem which is also quite simple and (hopefully) interesting to understand, and it is related to Hotmail hijacks.

If you’ve got friends or family that use Hotmail (which has recently been renamed Outlook, but let’s not confuse matters) you’ve probably received emails which appear to originate from them but are actually spam. Whenever this has happened to me in the past I have replied to the person in question saying that their Hotmail account may have been hacked and recommending them to change their password, but I’ve never really understood why this seems to happen with Hotmail (and less frequently Yahoo) but rarely or never to other providers. However, recently I was fortunate/unfortunate enough to witness a Hotmail hijack first-hand. Here’s how it works:

DISCLAIMER: I have described the nature of the attack to the best of my knowledge. I consider myself to be a pretty clever computer guy but there’s a chance I’ve gotten completely the wrong end of the stick about this whole thing. If you know better, let me know and I will happily withdraw this.

My girlfriend (who is emphatically not a computer geek) received an email apparently from a friend’s Hotmail account with a short piece of text and a hyperlink. Due to the format, I suspected it was spam but the text was something like “video of my recent holiday” so she had clicked on it before I could dissuade her. Up popped a video about a weight loss pill or something, so she realised it was spam and closed the window. Soon afterwards she noticed a lot of undeliverable and out-of-office replies coming into the inbox, so we checked the sent items and there were hundreds of them, all containing a short paragraph of text plus a hyperlink, and all sent during the few seconds she had the weight loss video on the screen.

This is called a "cross-site request forgery" (CSRF or XSRF). Basically because you are already logged in to Hotmail in one window, another window can also send requests to Hotmail which will automatically be executed under your Hotmail session. This was interesting to me because we have done work in PleaseReview to guard against exactly this type of attack.

There are well documented ways to guard against this kind of attack and recent versions of Microsoft’s own ASP.NET web development framework even have them built in. Why Hotmail doesn't use any of them is a mystery to me but it certainly explains why naïve users can have their Hotmail account hacked even when they have a secure password, whereas Gmail users don't suffer from the problem at all.

Hotmail detected the large amount of sent items, deduced there had been an attack and then made my girlfriend change her password and reset her security details. This might make the user feel like they have done something to counteract the spammers but as you can see, it doesn't make the slightest bit of difference to security because the attack doesn't depend on the spammer knowing your Hotmail password or any personal details, just on you clicking the link.

So how can you guard yourself against this kind of attack? This bug has been around for at least five years so don’t hold your breath waiting for Microsoft to fix it! Treat email hyperlinks that look like spam (i.e. where the text in the message doesn’t seem like the kind of thing your friend would normally write) with extreme suspicion and if you decide you want to click anyway just to find out, copy the URL and open it in another browser or in “private” browsing mode.

Following on from this, just last week there was an Internet Explorer vulnerability which could allow a hacker to access a user’s PC and run his own code. This was considered so serious by Microsoft that they even broke their rule of “XP support ends on April 8th” to release an immediate fix for XP. This isn’t quite so straightforward to explain but it basically comes down again to the fact that the software was written in C and so has no memory protection.

Similar to the Hotmail attack, this one means the attacker has to lure the user to a malicious web page but as we’ve seen, for many users that’s not difficult to do.

For all of us, both as suppliers and users of IT, it’s clear that online security is going to be an ever increasing part of our world. Even though bugs like these can be resolved, it would be extremely naïve to think we’ll ever solve them all when software is being produced at an ever increasing rate.

Plus of course, there are plenty of attacks that don’t rely on faulty software at all. In my own case I had to cancel my cell-phone account with EE because someone else was repeatedly calling up their support line claiming to be me but to have forgotten their password, then they would change their home address and order a new phone to be charged to my account. Even though this happened around 10 times in the course of a single month, EE seemed unable to put in place even the most basic measures to stop it (like calling me on me mobile phone which would have quickly enabled them to ascertain that the “me” trying to change the account details didn’t even have access to the phone connected to the account).

So the only lessons here for suppliers as well as customers are to be continually vigilant, understand what security threats exist and do your best to mitigate them, but don’t rely on any “silver bullet” to resolve your security issues..

 

header bg