The recent news of government secrets posted to WikiLeaks is startling because of its size and scale. It is also symptomatic of a problem that practically every enterprise is also facing. Thanks to advent of Web 2.0, employees are demanding the benefits and openness of their social networking experience inside the enterprise. And with that newfound sharing and openness come significant security risks. Here’s my take:
1. People’s notion of privacy is changing quickly, and the enterprise is not immune.
In the consumer world, the boundaries of what’s considered private are continually being lowered. Facebook, Twitter and Zynga have clearly re-defined how we interact with each other and how much we’re willing to share. Governments are asking people to sacrifice privacy in the name of security. As a result, people are expecting and demanding the same level of openness from their government and employers. Enterprises and governments, however, don’t have the luxury of uniformly being open. Not only are they concerned about trade secrets and confidential information, they must operate in a highly regulated world. Employees often don’t understand and often don’t care. So, it’s up to the company or agency to put the right security and compliance processes in place to ensure that it does not run afoul of regulations or compromise its sensitive information. And they need to be able to keep these processes current with evolving norms and regulation.
Every day people at work are revolting against closed systems, hard to use technology and siloed process. The contrast between their consumer experience and work experience is massive and growing. People are pushing for new ways to communicate, collaborate, and share information. Enterprises are discovering that employees demand new social, Web 2.0 tools. And if they doesn’t deliver, their people will just go around them. Employees will post work information on Twitter, FaceBook, and LinkedIn. They figure out how to get their corporate email on their personal iPhones. They will go outside corporate networks to set up their own social networks for collaborating with each other. They are using consumer Web services for email, instant messaging, shipping files to each other, sharing documents, and storage. These services are cheap, easy to get to and too legion to block.
3. IT can’t just ignore this.
Last week, a publishing exec told me that a junior person in the organization had used an external file sharing service to deliver the 2011 marketing budget to the CFO. Employees are spewing confidential and propriety business data and communication all around the consumer Web. This is scary stuff for anyone charged with compliance and governance. Even their colleagues are not their allies. At a recent conference, one CIO said, “Let’s face the facts, we’re just one email away from supporting this stuff, where a VP or President demands use/support for the iPad, iPhone, or some social app.”
4. This is core to how business is changing and presents a massive opportunity.
When social is done correctly, there are massive benefits, which can address not only the social revolution but address compliance and governance issues. There are some powerful enterprise implementations that have yielded strong return on investment. Take McAfee for example who achieved a 25% decrease in monthly Technical Support calls. Or CSC, who now has over 90% of its entire employee base on its collaboration platform and leverage it to significantly decrease customer acquisition costs. Yum! is another example, as they are saving critical time with “24-hour-a-day innovation” innitiative channeled through their social collaboration platform.
5. Make a careful and informed decision when investing in this stuff.
What characterizes successful solutions is not only the ease of collaboration and sharing, but also requirements around privacy, identity, governance, record keeping and eDiscovery. The right implementations have not only the social and collaborative benefits, but give IT the control they require. I believe that the social wave has the capability to truly transform the way work gets done and make it more creative, fun and personal. But it also represents something so deep and fundamental to companies that the right technology choice is critical. There’s a huge return on investment when done right, but it should be investigated thoroughly, to understand the requirements and to be social and secure.
Brian Roddy is the Senior Vice President of Engineering for Jive Software.
Follow everything from CIO.com on Twitter @CIOonline.