Implementing
  Enterprise 2.0 in a
Controlled Environment:
   Lessons Learned
            Carl Frappaolo
      Information...
The company
treads a delicate
balance between
social computing
   and privacy.
Oh Really
            Really ?
Risk                                     Knowledge
Management                                  Management
Control & Secure...
“Enterprise 2.0 platforms, are by their nature more
open, transparent, and visible than
communication channels like email....
“You have to deal with
   this. Times have
      changed. “
 “This is the biggest
  unspoken hurdle
companies will face in...
2 General Findings
• Very few best practices exist
• There is no single “approach” or
  perspective
CULTURE
> vertical industry & European presence
Privacy = Security =
 Legal Compliance
Build on the Past
Challenge
Assumptions
Think Anew
Lowest
 Common
Denominator
Policy

Technology-driven
  Enforcement
“There are no
new risks - just
     more
opportunity for
them to occur”
Opt-in
• Popular & Simple
• Challenges Exist
  • Granularity
  • Criticality
  • Basic rights
  • “Practical” / pressure
 ...
Piloting
• Not Universally Used
• Introduction to E2.0 and Security
• Scale and Scope are Critical to Value
• Start in are...
Automated Tracking &
       Reporting
• Not reliable or always permitted
• Can constitute a violation in itself
• Exceptio...
Avoid
• Bookmarking
• Tagging
• Voting
• Social Network Analysis
Approaches
• Cyclical
• Ongoing
• Situational
•“This is not a one-and-done situation”
Policy Guidelines
• KISS
• High level
• Formally “informal”
• Allow for interpretation
• Stress individual accountability ...
Other Words of Advice
• Know how/where your software gathers
  personal data
• Understand user concerns
• Bring all partie...
CIO: ...Does the Enterprise 2.0 industry need
to do something to improve security?
McAfee: ... very little, if anything, n...
Jane Doe v. Norwalk
Community College
      EFF v US
    TEKsystems
 Souvalian v. Google
  Crispin v. Audigier
Risk                                     Knowledge
Management                                  Management
Control & Secure...
“Ask what is the lost potential value if
compliance is strictly enforced.”

“If we do this then what can go wrong? What is...
“For us the local laws have been trumped by
the greater good of the business.”

“The business models and advantages offere...
Social Media Policies:
http://alturl.com/kvra

Thank you Doug Cornelius
Let’s Get 2.0
    www.informationarchitected.com
    Facebook: Information Architected
      Text
    Twitter: @IAI


    ...
Esecurity e202
Upcoming SlideShare
Loading in …5
×

Esecurity e202

1,722 views
1,636 views

Published on

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,722
On SlideShare
0
From Embeds
0
Number of Embeds
293
Actions
Shares
0
Downloads
8
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Esecurity e202

  1. 1. Implementing Enterprise 2.0 in a Controlled Environment: Lessons Learned Carl Frappaolo Information Architected, Inc.
  2. 2. The company treads a delicate balance between social computing and privacy.
  3. 3. Oh Really Really ?
  4. 4. Risk Knowledge Management Management Control & Secure Collaborate & Innovate Information Architecture / Sourcing Strategy BPM Portals Search Visualization Workflow Websites Authentication Taxonomy IRM/ERM Facets Collaboration ID Contextual Content Social Network Extraction Filtering Analytics Computing Document DRM Tagging & Management DAM ePublishing Voting Records Content Community Management Management COLD Analytics Email IM Shared Drives html Multimedia DBs …
  5. 5. “Enterprise 2.0 platforms, are by their nature more open, transparent, and visible than communication channels like email. Most of my work has stressed the benefits of using these platforms, but there are also potential drawbacks… Perhaps the most obvious of these goes by the label ‘security.’ It's the fear that the wrong content will show up on the platform, and/or that it will be viewed by the wrong people.” - Prof. Andrew McAfee
  6. 6. “You have to deal with this. Times have changed. “ “This is the biggest unspoken hurdle companies will face in this area.”
  7. 7. 2 General Findings • Very few best practices exist • There is no single “approach” or perspective
  8. 8. CULTURE > vertical industry & European presence
  9. 9. Privacy = Security = Legal Compliance
  10. 10. Build on the Past
  11. 11. Challenge Assumptions Think Anew
  12. 12. Lowest Common Denominator
  13. 13. Policy Technology-driven Enforcement
  14. 14. “There are no new risks - just more opportunity for them to occur”
  15. 15. Opt-in • Popular & Simple • Challenges Exist • Granularity • Criticality • Basic rights • “Practical” / pressure • Reciprocity issues • Potentially undermines the initiative • Innatley revealing • Poor analytics
  16. 16. Piloting • Not Universally Used • Introduction to E2.0 and Security • Scale and Scope are Critical to Value • Start in areas where content is not confidential
  17. 17. Automated Tracking & Reporting • Not reliable or always permitted • Can constitute a violation in itself • Exceptions •“Having our solution provide abuse reports was a huge win. These tools make it easier for employees to create anything, We can see if an employee posts something inappropriate.”
  18. 18. Avoid • Bookmarking • Tagging • Voting • Social Network Analysis
  19. 19. Approaches • Cyclical • Ongoing • Situational •“This is not a one-and-done situation”
  20. 20. Policy Guidelines • KISS • High level • Formally “informal” • Allow for interpretation • Stress individual accountability / ethics
  21. 21. Other Words of Advice • Know how/where your software gathers personal data • Understand user concerns • Bring all parties to the table as early as possible • Don’t own the content • Policy policy policy ... evolve, evolve, evolve • Remember these concerns are solvable
  22. 22. CIO: ...Does the Enterprise 2.0 industry need to do something to improve security? McAfee: ... very little, if anything, needs to be done with it. I ask for horror stories all the time when I talk to groups, especially compliance or security-related horror stories. My collection is empty. People know how to do their jobs. By this point, none of these tools are a week old, so the rules for using them aren't unclear. ...
  23. 23. Jane Doe v. Norwalk Community College EFF v US TEKsystems Souvalian v. Google Crispin v. Audigier
  24. 24. Risk Knowledge Management Management Control & Secure Collaborate & Innovate Information Architecture / Sourcing Strategy BPM Portals Search Visualization Workflow Websites Authentication Taxonomy IRM/ERM Facets Collaboration ID Contextual Content Social Network Extraction Filtering Analytics Computing Document DRM Tagging & Management DAM ePublishing Voting Records Content Community Management Management COLD Analytics Email IM Shared Drives html Multimedia DBs …
  25. 25. “Ask what is the lost potential value if compliance is strictly enforced.” “If we do this then what can go wrong? What is the potential damage if that happens?” “Our goal was to enable usage of technology to the highest degree PRACTICAL”
  26. 26. “For us the local laws have been trumped by the greater good of the business.” “The business models and advantages offered by E2.0 are compelling and so you have to work through the risk issues.” “How we balance the legitimate demand for appropriate privacy and security against the need for knowledge exchange to support an effective and efficient community is the defining issue of the 21st century.”
  27. 27. Social Media Policies: http://alturl.com/kvra Thank you Doug Cornelius
  28. 28. Let’s Get 2.0 www.informationarchitected.com Facebook: Information Architected Text Twitter: @IAI cf@informationarchitected.com Facebook: Carl Frappaolo Twitter: @carlfrappaolo

×