esecurity e202

Implementing Enterprise 2.0 in a

Controlled Environment: Lessons Learned

Carl FrappaoloInformation Architected, Inc.

The company treads a delicate balance between social computing

and privacy.

Oh ReallyReally ?

Risk Management

KnowledgeManagement

Visualization

Collaboration

Social Network

Computing

Search

TaxonomyFacets

ContentAnalytics

RecordsManagement

DocumentManagement

ContentManagement

DRMDAM

BPMWorkflow

Authentication

PortalsWebsites

Control & Secure Collaborate & Innovate

Information Architecture / Sourcing Strategy

IDExtraction

IRM/ERM

Contextual

Filtering

ePublishingTagging &

Voting

Community Analytics

Email IM Shared Drives html Multimedia DBs …

COLD

“Enterprise 2.0 platforms, are by their nature more open, transparent, and visible than communication channels like email. Most of my work has stressed the benefits of using these platforms, but there are also potential drawbacks… Perhaps the most obvious of these goes by the label ‘security.’ It's the fear that the wrong content will show up on the platform, and/or that it will be viewed by the wrong people.” - Prof. Andrew McAfee

“You have to deal with this. Times have

changed. “

“This is the biggest unspoken hurdle

companies will face in this area.”

2 General Findings• Very few best practices exist

• There is no single “approach” or perspective

CULTURE> vertical industry & European presence

Privacy = Security = Legal Compliance

Build on the Past

Challenge Assumptions

Think Anew

Lowest Common

Denominator

Policy

Technology-driven Enforcement

“There are no new risks - just

more opportunity for them to occur”

Opt-in• Popular & Simple

• Challenges Exist• Granularity• Criticality• Basic rights• “Practical” / pressure• Reciprocity issues• Potentially undermines the initiative• Innatley revealing

• Poor analytics

Piloting• Not Universally Used

• Introduction to E2.0 and Security

• Scale and Scope are Critical to Value

• Start in areas where content is not confidential

Automated Tracking & Reporting

• Not reliable or always permitted

• Can constitute a violation in itself

• Exceptions•“Having our solution provide abuse reports was a huge win. These tools make it easier for employees to create anything, We can see if an employee posts something inappropriate.”

Avoid• Bookmarking

• Tagging

• Voting

• Social Network Analysis

Approaches• Cyclical

• Ongoing

• Situational

•“This is not a one-and-done situation”

Policy Guidelines• KISS

• High level

• Formally “informal”

• Allow for interpretation

• Stress individual accountability / ethics

Other Words of Advice• Know how/where your software gathers personal data• Understand user concerns

• Bring all parties to the table as early as possible• Don’t own the content

• Policy policy policy ... evolve, evolve, evolve

• Remember these concerns are solvable

CIO: ...Does the Enterprise 2.0 industry need to do something to improve security?

McAfee: ... very little, if anything, needs to be done with it. I ask for horror stories all the time when I talk to groups, especially compliance or security-related horror stories. My collection is empty. People know how to do their jobs. By this point, none of these tools are a week old, so the rules for using them aren't unclear. ...

Jane Doe v. Norwalk Community College

EFF v USTEKsystems

Souvalian v. GoogleCrispin v. Audigier

Risk Management

KnowledgeManagement

Visualization

Collaboration

Social Network

Computing

Search

TaxonomyFacets

ContentAnalytics

RecordsManagement

DocumentManagement

ContentManagement

DRMDAM

BPMWorkflow

Authentication

PortalsWebsites

Control & Secure Collaborate & Innovate

Information Architecture / Sourcing Strategy

IDExtraction

IRM/ERM

Contextual

Filtering

ePublishingTagging &

Voting

Community Analytics

Email IM Shared Drives html Multimedia DBs …

COLD

“Ask what is the lost potential value if compliance is strictly enforced.”

“If we do this then what can go wrong? What is the potential damage if that happens?”

“Our goal was to enable usage of technology to the highest degree PRACTICAL”

“For us the local laws have been trumped by the greater good of the business.”

“The business models and advantages offered by E2.0 are compelling and so you have to work through the risk issues.”

“How we balance the legitimate demand for appropriate privacy and security against the need for knowledge exchange to support an effective and efficient community is the defining issue of the 21st century.”

Social Media Policies:http://alturl.com/kvra

Thank you Doug Cornelius

Let’s Get 2.0

cf@informationarchitected.com Facebook: Carl Frappaolo Twitter: @carlfrappaolo

www.informationarchitected.com Facebook: Information Architected Twitter: @IAI

Text