This report offers purchasing and procurement tips for managers involved in decisions about selecting a DAM system. Also included is an example RFP with questions that specifically relate to Digital Asset Management.
Request the report
Practical advice for IT professionals on issues from systems integration to the IT infrastucture requirements for Digital Asset Management.
Request the report
Marketing managers are invited to consider 12 crucial points that will determine the success or failure of a web video archive.
Request the report
The Seven Deadly Sins of Digital Asset Micromanagement
This article describes how to identify and avoid what we refer to as "Digital Asset Micromanagement" when applying permissions and workflow models to Digital Asset Management software. This topic is of particular relevance to Enterprise DAM but the points discussed should be applicable to any multi-user digital asset management solution.
In our article, The Four Cornerstones of Digital Asset Management, the subject of Permissions was described as being one of the key elements of a corporate DAM. Permissions are automated controls embedded into the application logic of a DAM system to help manage business risks and are known by various other descriptions such as rights, privileges and restrictions. Although essential for safe usage, without proper care and attention, they can rapidly become automated forms of what could be termed: "Digital Asset Micromanagement".
While having the technical ability to configure permissions flexibly is important, some client education and practical analysis of where permissions controls need to be applied is even more essential. In the rest of this article, some of the more common causes of Digital Asset Micromanagement are described as well as tips and guidance on how to avoid them.
1. Allowing the Fear Factor to Dictate Permissions Controls
In organisations with more than 10-20 users, the permissions element of DAM systems can very quickly become a hot political potato. There are many reasons why, here are some more common ones:
- If assets fall into the wrong hands, managers fear they will be blamed for not implementing adequate controls.
- Often a business will use assets that are not their own intellectual property and these have licence restrictions that need to be closely observed to avoid litigation risks.
- If inappropriate assets are disseminated using the DAM, the potential impact is far greater than an employee or partner creating one and distributing using conventional methods (e.g. email or a shared folder).
- If DAM systems are opened up for use by external partners or suppliers there are potential political issues over asset visibility and what external users can gain access to.
- Disputes can develop between business units (or departments) about who "owns" assets and whether one group should be allowed to hide assets from others or require permissions to download it.
- The level of detail users who want to access restricted assets are required to provide and more importantly, who has the right (and responsibility) for deciding whether to allow or deny a request can lead to internal conflicts and bureaucracy generating compromises that try to resolve them.
Overlaying these DAM-specific permissions issues are general business or operational restrictions such as IT and legal policy. For IT this means regular updates of passwords, auto-expiring accounts, strong password policies as well as obscure technical restrictions that can impact the vendor's solution in ways that are more difficult to predict. Legal department requirements may include multiple places where acceptance of terms and conditions is mandatory to permit progress through a given task, audit trails and awareness emails. All these factors are discussed in more detail later.
The typical method for dealing with the weight of perceived potential risk for many corporate implementers of DAM is to opt for an excess of management controls to protect the interests of different stakeholders. Everyone wants to make sure they have covered their specific area of responsibility so if something does go wrong, it won't be their fault and the objective is often to limit the potential for anyone to argue that controls were not in place and that they didn't know about some critical event or development.
To accommodate their appetite for risk reduction, many businesses can end up effectively automating micromanagement of employees in a manner that is neither effective nor productive. This common sense free approach may actually increase risk as well as limiting ROI from the DAM system by encouraging abandonment during high pressure periods such as project deadlines or general frustration when trying to carry out routine tasks that the system was supposed to simplify.
2. Excessive Email Notifications
In many cases, when first developing a spec for a DAM solution implementation, clients will want email notifications for a multitude of events that everyone who is vaguely connected with an asset will also be co-opted into receiving whether they need to know or not.
We try to emphasise the dangers of providing too many or irrelevant notifications. If the volume of messages is excessive staff will begin to use their mail client filtering tools to reclaim their in-boxes or just delete notifications without reading them. At some point, a genuinely important notification will come through which will then be missed as a result.
To avoid these situations, think carefully about whether you really want to send automated email notifications for a given event and who genuinely does need to be "in the loop". What options are there for batching these or issuing digests at scheduled times (e.g. once per day or week)? It is essential that notifications don't just turn into background noise that users will train themselves (or their email client) to ignore.
3. Throwing In the Permissions Kitchen Sink
Most vendors kit out their products with a wide range of settings, configuration options and tools to help deal with different permissions requirements. However, this does not mean they all need to be used for every implementation.
If the system is commissioned by an IT department, or they act in a consultative capacity to advise colleagues in another department like marketing, the requests for controls tends to increase. This is not universally the case and there are a number of IT managers who recognise the implications of experimenting with every kind of permissions tool available, however, automating tasks (especially dull ones like compliance) appeals to most technologists and permissions in DAM systems are no different in that respect.
Invariably, the "kitchen sink" approach to permissions results in many of the controls being repealed because of the delays and extra workload they can introduce. So a critical evaluation of the business benefits of applying each security option and the implications of adding or removing them in terms of business risk, productivity and financial cost (in terms of staff time) should always be carried out.
4. Protecting Assets by Preventing Anyone from Accessing Them
Asset ordering and download requests are another source of potential frustration for end users. Danger signs during the planning stage are when stakeholders use phrases like "we can just make everything restricted and we'll see how many requests we get then open it up later if we need to".
Where prior to a DAM system, users fruitlessly searched DVDs, memory sticks, shared drives etc. and maybe found an asset some of the time, now they can use the DAM software to find a great asset that fits their exact needs in a few seconds but then potentially have to wait several days for someone to agree to allow them to download it.
If the process of getting assets is onerous and time consuming, users will not bother, they will return to what worked before so the need to vary the permissions model never arises and the DAM system withers on the vine unused because the assets are effectively inaccessible. It is of crucial importance that a "one size fits all" permissions approach does not get applied to spare everyone the effort of considering asset usage scenarios in greater detail and negotiating them satisfactorily with all asset owners.
This issue often comes into play when dealing with external suppliers. Most companies tend to restrict access to any assets by external suppliers and partners. While it is easy to see why this is done, a lot depends on the nature of the services that the supplier provides and their reasons for accessing the DAM system. If they are a design agency, video production company or other creative producer, they may typically make greater use of any digital assets than most internal staff. When developing permissions rules, it is wise to profile users according to their needs and ensure there are options to promote (or reduce) external supplier permissions when it makes sense to do so.
5. Enforcing Gratuitous Use of Technology
Prior to a system being introduced, if assets were required and users didn't know how to get them they probably phoned or emailed someone they thought could help and asked them. While DAM solutions are great for cutting down the workload of whoever used to have to deal with all those calls, it is important to remember that a quick call or email can sometimes solve the problem faster than a heavily systemised approach.
This especially comes into play with permissions and copyright compliance. In DAM implementations we consult on, we look for product options to allow users to hold an 'order conversation' electronically to help track approvals and keep case histories, but we do recognise that for complex decision making it is often easier to just pick up the phone and ask. A DAM system needs to permit tracking of 'offline' approvals to support this method of use where is may be needed. While you need to be encouraging colleagues to use the facilities of the DAM for requesting assets, there is a tipping point where the software hinders rather than helps this process and there needs to be an option to break out of it.
6. Persistent Requests to Agree to Terms and Conditions
In multi-user DAM systems, it is usually necessary to require users agree to terms and conditions at various key points. Some of these are reasonable, for example, if there is a registration system (for staff or external users) or when requesting permission to use restricted assets.
Where the legalities can become less effective is if users are required to agree to terms persistently for tasks that they might need to carry out numerous times within a short period of time. This can be the result of where the client has recently suffered some legal or financial penalty because previous controls that were too lax. Alternatively, they may wish to distribute assets that are clearly high risk and want to ensure that there is no possibility of them being accused of failing to issue warnings (see the earlier point about not wanting to get pinned with the blame for inappropriate asset usage).
As with a number of the other permissions related pitfalls described, the effect of overloading the legalities is that users start to ignore them and the impact of any legal warnings diminishes. Casual users who might look over the DAM system on the off-chance they might find some suitable assets may decide that the system is too much hassle to be worth investigating, whereas those determined to get an asset will just click their way through the multitude of warnings presented and fail to appreciate their significance.
Where T&Cs need to be shown and agreed to by users, it is advisable to apply them sparingly and also prioritise according to the sensitivity of the operation the user is carrying out. The impact of legal warnings has an inverse relationship with the number of occasions where they are displayed. If the required click/check actions are reserved for occasions when it really counts then the chances that users will take them more seriously are raised also.
7. Failing to Listen to Users and Make Refinements Based on Their Feedback
It would be fair to say that when implementing DAM solutions, it is impossible to consistently and accurately predict the implication of every permissions decision. What might have worked perfectly for one situation can be much less successful when applied again to another for a range of different reasons and seemingly reasonable IT policy requirements can lead to some unwelcome and unexpected side-effects.
Looking at usage stats or only talking to experienced or senior users can fail to give a true reflection of any significant permission problems that are preventing more users from taking up a system. In larger corporate DAM scenarios, the majority of users may access the system infrequently for an ad-hoc task like downloading a logo or the latest product videos. This group of employees are most likely to be put off by poorly considered permissions controls. Therefore, it is essential that feedback is taken from light users as well as those who spend all day working with the DAM system.
By consistently reviewing user experiences with DAM solutions and listening to feedback across the business, areas that can be tweaked to produce considerable enhancements in system usage and overall ROI as a result.
To give an example, we once worked with a client whose IT department initially had a policy that access to all systems by internal staff had to originate from the internal company network (a list of approved IP addresses). The reason for this was never fully clear as external users accessing systems made available by the business had to be exempted from this restriction. Although the DAM solution had a list of the known corporate IP addresses and management tools to change them, these were in a constant state of flux with networks being added and removed all the time (plus users working at home or off-site) and it wasn't possible for administrators to keep up. The result was that many staff would frequently be denied access while suppliers they were working with could always gain entry. After discussion with the IT department and an explanation of the incongruities of the current access policy, this restriction was switched off within the DAM solution. As a result, many additional users were subsequently able to login to the DAM system and start using it; the number of support calls decreased by a quarter and usage increased by over 30% as a result of this one amendment. This is typical of a win-win outcome that is possible when user feedback is collected and acted upon and modifications of this nature can usually be achieved for little or no additional cost.
It is true that not all inconvenient permissions and access policies can just be stripped away because they irritate users as unlike the previous example, there may frequently be legitimate reasons for retaining them. In most cases, however, there is more than one method to achieve the same objective and often an analysis of the alternative options yields an approach which retains the same level of risk protection but in a form that is more convenient for end users.
While it is essential that assets and sensitive business or user data is protected and not allowed to fall into the wrong hands, uncritically applying permissions will tend to lead to a mechanised form of Digital Asset Micromanagement. This is likely to inflict greater damage in the form of lost ROI from a DAM system then many of the perceived risks.
To avoid these negative consequences it is important that managers and vendors regularly solicit feedback from all groups of users about any areas that are causing usability problems. Further, any criticisms that relate to permissions and access controls should not be dismissed because they relate to security and therefore impervious from all forms of critical evaluation. Both vendors and client managers must continuously investigate more efficient methods for applying permissions in a way that protects against risk while still enabling the business to profit from the productivity gains that can be achieved by deploying a Digital Asset Management solution. In addition to thorough planning before a system is introduced, it is vital that the process of refinement does not end as soon as the solution is signed off and released to end-users.
Where can I find out more?
The Four Cornerstones Of Digital Asset Management describes the key elements of DAM solution and provides a good general background to some of the issues discussed in this article.
Digital Asset Management Glossary
A glossary explaining many of the terms commonly used in Digital Asset Management.
DAM reports and resources
Our repository of reports, articles and related resources.
Our own Digital Asset Management Blog with opnion and news about Digital Asset Management subjects.
About the Author
Ralph Windsor is a senior partner in digital asset management implementation consultants, Daydream. He has nineteen years experience of delivering DAM and content technology solutions acquired as a developer, project manager and consultant working with global clients such as WS Atkins, Major League Baseball, BNP Paribas and The British Museum.
To find out more about Daydream, please email firstname.lastname@example.org or telephone us on: +44 (0)20 7096 1471.