20091018 ARMA 2009 Web 20 Compliance and the Cloud

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

more share options
Embed For WordPress.com

Without related presentations

Now let’s turn to some definitions. And we begin with Web 2.0. The first references to Web 2.0 occurred as early as 1999, but it wasn’t until Tim O’Reilly’s inaugural Web 2.0 Conference in 2004 that the term really started to stick. Tim has redefined Web 2.0 on a number of occasions and seems to be happiest with this one. I won’t read the entire thing to you, but I do want to focus your attention on the last line: “Build applications that harness network effects to get better the more people use them.” This really started with fax – the first person to buy a fax was pretty gullible, no? So was the second. But once that tipping point hit, fax became an amazing business tool that many companies today consider a critical part of their communications infrastructure. Amazon doesn’t work nearly as well without recommendations, and “People who bought this also bought…..”, and lists, and all the other social functionality embedded in it. Wikipedia with only one author is Microsoft Word with a bad user interface.

Here’s another definition of Web 2.0, this one from Sharon Richardson at Joining Dots. She defines Web 2.0 as the intersection of People, Processes and Technologies. Now let’s look at each of these three in more detail. http://www.joiningdots.net/library/Research/Created/web_20.html

The first thing to consider is the people, whom Sharon defines as “digital natives”. In a speech to the American Society of Newspaper Editors in 2005, Rupert Murdoch captures the essence of digital natives pretty well: “Like many of you in this room, I’m a digital immigrant….My two daughters, on the other hand, will be digital natives. They’ll never know a world without ubiquitous broadband internet access….We may never become true digital natives, but we can and must begin to assimilate to their culture and way of thinking.” Think about that. Think about what the workforce looks like to the digital natives, who don’t remember cell phone charges by the minute; who don’t know what dialup is except for that being the sound effect in the movies when a computer connects; and who don’t know what the Internet was pre-Google or pre-Myspace.

The next point Sharon makes is about processes – here referring to the concept of “internet economics”. This consists of two complementary concepts. 1. The long tail – lower cost of storage & shippingThe first is the economics of “the long tail”. Up until about 5 years ago, the way to make money in music, movies, or publishing was to have a hit. To sell a million records or to gross $100 million or to make the New York Times bestseller list. Then along came two phenomena: the wholesale conversion of publishing in all media from analog to digital, and the realization by a little company called Amazon that even a market of a small handful could make money if the costs were reduced enough. Enter the web. Amazon can stock literally almost every book, album, and movie in existence because there are no shelves to stock them on. And with digital items that can be downloaded, there is no physical limitation at all. There’s no waiting for the next shipment from the publisher and no postage to be paid. This means that whether your tastes are to Zydeco, Stephen King books (but only the pseudonymous ones), or Russian art flicks, hold the subtitles, there’s stuff for you to buy. Chris Anderson wrote about this phenomenon at length in his excellent book, “The Long Tail: Why the Future of Business is Selling Less of More”. 2. Participatory economics – the low cost of productionThe other is the notion of participatory economics, which don’t really work without the long tail. Everyone has hobbies, and many of us have dreams of quitting our day jobs to do our hobbies full time. But if you are a musician, or a writer, or a film producer, the sheer economics of making a record or a movie have tended to dissuade anyone but the most driven from anything but the most casual. Now you can get more powerful movie editing tools than were available to Hollywood 10 years ago for less than $1,000, and buy a laptop for another $2,000 that is powerful enough to run it. $3,000 to put out a movie as good as Hollywood circa 1998. And it may not show on 4,000 screens on the Independence Day weekend, but it doesn’t have to in order to be a success.

And finally, we have a technology component. If Web 1.0 was the static web, where I publish and you read, and hopefully both happen somewhat regularly, the technology that underpins Web 2.0 is the read/write web. Users can participate in creating social communities or the world’s largest encyclopedia. As we’d mentioned above, Wikipedia has 10 million articles that have been edited more than 270 million times by more than a million people in 250 languages. There is no centralized editor to speak of. And it’s not just blogs, but wikis, and Facebook pages, and Ning networks, and a host of other outlets for our creativity. Part of the change is that the tools are so much easier; part of it is that they are so much cheaper; and frankly part of it is that there are so many of them and they are so easy to find.

Key: easy publishing, get the tool out of the way (throughout)Blogs are excellent for any type of one-way or broadcast-related communications. For example, they could be used for project updates. HR could use a blog to announce promotions or policy changes. Managers, technical support, or sales could provide status updates through a blog. And many organizations use them as a communications mechanism to interact with their customers. Some of these use cases are internal, while others are more outward-facing. So you may be asking, “Why should we use blogs rather than our existing communications mechanisms?” I assume that for most of you, that mechanism is email. And for almost all of you, email is horribly broken. You get hundreds of messages a day, most of which are useless. For the ones that do follow this pattern, there’s always someone who replies to the sender using “reply to all” and ends up spamming the entire group or even the entire organization. And because of the volume of email, too often important messages get lost in the deluge. Instead, you can publish those one-way communications to a blog, thereby getting it out of the inbox, and push updates out to users. They can subscribe to receive updates so that when something new is posted, they get it. If nothing new is posted, they don’t.

Key: easy publishing and updatingThe newest and most buzz-worthy Web 2.0 entrant these days is Twitter. Ari Herzog’s definition is probably the best: “It is part text messaging and part blogging, with the ability to update on your cellphone or computer, but constrained to 140 characters.” Notice that this definition itself is only 137 characters. Twitter is a combination of instant messaging, email, blogging, and texting, and each of those tools can be used to update Twitter. Users have to be succinct to get a meaningful response in 140 characters, but most Twitter users aren’t really inflicting “txt message speak” on their followers. It just means thinking about what you want to convey.

Key: easy collaborationWikis are another really common example of Web 2.0 tools. Whereas blogs are designed for one-way broadcast-type communications, wikis are genuinely collaborative tools. The most well-known example of this is Wikipedia, which as of this morning had (more than 10 million articles in 260+ languages, comprised of more than 280 million edits). Compare this with the EncyclopediaBrittanica, which includes some 65,000 articles in its 35-volume set.

Key: easy collaboration, “good-enough” tools. The next set of tools is sometimes referred to as “Office 2.0”. These are web-based office productivity suites such as Google Docs & Spreadsheets, Thinkfree, and as you see here, Zoho. There are many different applications available, ranging from fairly narrow and simple capabilities to fully-featured solutions (as you can see). Even Microsoft has moved in this direction with its Office Live offerings.

Key: easy navigation Tags are available for many of the tools we’ve already described. These are simply user-provided metadata that may be able to be assigned at the individual item level (blog post, wikipedia article, photo, or bookmark) or as part of a category or even a user profile. Each of the words shown in this slide uses a font size as a relative indicator of how frequently that tag has been used; clicking on the tag will return a list of all the items that use that tag, thereby serving as another findability tool. Tags are emergent. That is, nobody decides what tag to use for a given topic. This seems chaotic on first impression, and at the beginning it is. But as users see what others have tagged a given item or concept, they tend to use those same tags again rather than reinventing the wheel every single time. As that corpus of terms becomes a bit more consistent, it evolves into what Thomas Vanderwal calls a folksonomy: a user-created bottom-up categorical structure with an emergent thesaurus.

Sharing – YouTube (video), Flickr (photos), Del.icio.us (bookmarks), Box.net (files), Slideshare (presentations)

Key: easy collaboration and expertise/contact managementSocial networks are probably the most-used Web 2.0 tool after web-based email. These tools, including but definitely not limited to Myspace, Facebook, etc. started out as a way to interact with friends, acquaintances, or business contacts more effectively. Since then, many of them have grown to add blogging or microblogging capabilities, tagging, photo uploads and tagging, and many other types of content. For many users, they serve as an alternative to or even replacement for email. My 21-year-old brother is I think indicative of this. He *has* an email account – but he almost never checks it. Instead, he connects to his friends, sets up parties, etc. using either Facebook or one of his online video games like World of Warcraft. It’s what his friends all use, so it’s what he uses. In a more business-like environment, many associations are turning to tools like Ning, which allows you to set up your own public or private social network. AIIM has one of these at informationzen.org; I’m a member of no fewer than 14 Ning-based social networks, which allows me to set up a consistent profile and manage it across all of them.

Key: easy app development and data reuseFinally, one of the more subtle Web 2.0 tools for most of us is mashups. Mashups connect two or more data sources using loosely coupled connectors and generally open standards to create new ways of looking at information or even new information offerings. Mashups make it easy to deploy just-in-time applications – and the tools are both simple and sophisticated enough that business users can deploy their own applications and views with limited or no IT assistance and in a fairly short period of time. Many mashups today are map-based or map-related, primarily because the Google Maps API is available and fairly well-documented. Twitter mashups are also increasingly common for the same reason, and a number of other applications are taking this approach as well. And they can be used in the enterprise as well – consider an approach that combines your sales data with Google Maps, or that lets you map potholes, permits, or realtime voter and polling place monitoring.

InternalWithin departments/groups/processesSerendipitous collaborationExternalPartners, customers, clientsExperts in the fieldThe public/casual users

Hard cost of the tools are lower – often as low as free. Even those that are not free are frequently within the range of the typical user’s credit card – either corporate or personal. And even enterprise-class capabilities are within range of even smaller organizations thanks to economies of scale of storage and network bandwidth and the open source movement. The time to implement is negligible – where implementation is required it is typically measured in days or weeks rather than months or years. And the time to learn the tool is similarly lower than for many traditional software applications. No, you don’t get as many capabilities with Zoho Writer or Google Docs as you do with Microsoft Word 2007 – but many of us see that as a feature, not a bug. And the time required to support and administer the tools is much lower. Consider that for most of these tools there’s no such thing as service packs, patches, hot fixes, or even versions to have to implement. For those tools that do offer updates, they are generally done automatically and because they are being rolled out to thousands or even millions of users, bugs get found very quickly. Yes, there are issues with this in terms of potential incompatibilities, particularly where these tools get integrated into business processes. But how is that different from a bad patch from any other vendor – except that your organization first took the time to install it before having to take the time to uninstall it?

Present: same as collaboration and expertise discovery noted earlier. Future-looking: Getting new users up to speed on project – email vs. blog Documentation of decisions and decisionmaking process – blog, wiki, soc network

Records managers often raise specific issues with some or all of these tools. Some of these concerns include: - Do these tools create records? - How do we manage the records these tools create?

And of course records and legal need to understand the impact of these tools on discovery. The short answer is that of course these could be subject to discovery, disclosure, open records act, etc. if they are responsive and available. From that perspective there is no difference. Where the issues come up are first, what exactly is it that needs to be disclosed and second, how do you go about doing that? We’re still working through many of these issues but again – most of them are hosted databases at their core. Google, Facebook, et al will honor subpoenas and other legal requests when required and can then produce the requested information, often as a spreadsheet or database extract.

Another concern many organizations have regarding these tools is what happens if it goes down? A key benefit of having the application onsite is that if it does go down, IT can be sent to fix it. This assumes of course that IT has the expertise and the bandwidth to address it and that it wouldn’t require additional assistance from someone offsite anyway. For the better tools, downtime is generally measured in hours per year; compare that with many of your onsite applications.

And one of the biggest issues is what happens if the vendor itself goes out of business: Where’s your data, who has access to that data, can you get it back. In many jurisdictions privacy laws govern this; that said, how do you exercise those rights after the vendor closes shop, particularly if the vendor was located in another country?

The first step many organizations take to manage Web 2.0 is to try to block them. This is unrealistic for a number of reasons.

Technology often moves from the consumer space to the enterprise – consider everything from CDs to instant messaging. But often the technologies require very technology-savvy users, a bit of hacking about, and at least the tacit acceptance if not outright assistance of IT to implement. Web 2.0 is sometimes referred to as “Shadow IT” because it is so easy to do without IT’s assistance. Many of these tools are free, or extremely low cost. The software that runs Wikipedia for example is open source (and therefore essentially free). It’s a complicated product – but if you don’t need that scalability and robustness, you can set up a very feature-rich yet intuitive wiki from pbWorks or Wikispaces for very low cost in about 15 minutes. And most of the other tools we discussed earlier are similar.

The gatekeepers to the enterprise, whether IT or RM, are also challenged by the fact that there are so many of these tools and they change so quickly. You saw the Simplespark video earlier; this screenshot is for almost exactly a year ago. Since then 40% of the applications have shut down, but 60% more have been created (and again, these are just the ones listed through Simplespark). You can’t rewrite your policy quickly enough to address them all, and IT can’t block them quickly enough to keep them all out.

And of course no matter how much technology IT implements and how many policies RM, legal, etc. write, it’s going to be difficult to block these technologies because almost everyone has a smart phone with a browser, applications, or both that can access them.

So the first step really to take control of these tools is to address them in the organization’s policies. Some of the things to consider:Whether Web 2.0 solutions will be allowed. As I think is clear at this point, I believe that many of these tools can be quite useful if managed appropriately; I also think it’s very difficult to block them entirely. Which tools will be allowed or even supported. It may be that some tools are considered “safer” than others in the public sphere. Whether public-facing content will be reviewed pre- or post-publication. I don’t believe in pre-publication reviews for three reasons. 1. It greatly slows the responsiveness of the blog, Twitter, wiki, whatever. 2. Posts that are reviewed by 14 layers of bureacracy will sound exactly like that – and nobody will read or respond to them, which defeats the purpose. 3. You have to trust people. My company does not review my blog posts, personal or professional, before I post them. Part of that is because they trust me, and part of that is because I’ve earned that trust. A number of organizations have set up publicly available policies for their Web 2.0 and social networking efforts, and the best ones basically boil down to, “Don’t be stupid”. And whether the tool is creating records or not. Most organizations don’t record the audio for every single meeting ever held, or retain every scrap of paper ever written upon – in fact that’s almost contrary to most records programs. So why should you keep every change of a character in a wiki? Perhaps it’s the deliverable that’s the final record, and the wiki is work product, draft, whatever you call it in your organization.

I’m not a big fan of pre-publication review – anything that’s been vetted by 12 layers of bureaucracy will sound like it has. It also defeats the purpose of some of these tools – Twitter in particular is based on rapid response. That said, it’s absolutely appropriate for the organization to monitor how its employees use social networking.

For hosted tools, such as FB or Twitter, that may mean taking periodic snapshots of what is posted to them. Right now there aren’t a lot of tools that do this; one way that can be effective is to capture the RSS feeds generated by these tools. As updates are made, they are published through the RSS feed, which can be saved locally. It might also require working with the third-party vendor in the event that some information or some updates are not available through RSS – for example, web-based email.

Most of these tools can be secured with passwords and/or have the default permissions set to be private. They are not hacker-proof, necessarily, but for most non-confidential information this is sufficient security.

Fundamentally, most of the most commonly used 2.0 tools are databases + templates. That raises two points. The first is that most of these tools are already manageable in the same way that databases are. The second is that they tend to track changes and versions automatically. Here you see a screenshot of the change tracking in Wikipedia. On the right you see in yellow those areas that were changed, and on the left you see what they were changed to. Wikipedia tracks changes to the individual character level (and so do other wiki packages); other tools may not be quite as granular but can still provide an audit trail, though the granularity will vary widely.

Finally, there are enterprise versions of every Web 2.0 application. These enterprise versions are often available to be hosted inside the firewall, meaning that security is much more robust. Access can be secured to them much more effectively. They can be integrated into the organization’s identity infrastructure – whether Active Directory or something else – such that any change, post, comment, edit, update, etc. can all be tracked and, more importantly, tracked to a specific named user. No anonymous postings here. Of course, you have to pay for an enterprise version, but what you’re really paying for is a level of peace of mind. And you still get many of the same benefits – ease of use, familiarity with the type of tool, rapid and agile collaboration across geographical and time boundaries, etc. You’re just getting a more secure and robust version of it.

At this point I’d be pleased to entertain your questions.

Favorites, Groups & Events

20091018 ARMA 2009 Web 20 Compliance and the Cloud - Presentation Transcript

Web 2.0: Compliance and the Cloud
Jesse Wilkins,CRM
Access Sciences Corporation
EducationCode: SU02-2207
Learning Objectives
Upon completion of this session, participants will be able to:
Identify Web 2.0 technologies and processes.
Identify and describe the implications of Web 2.0 on records programs and organizations.
Define what to include in policies and procedures to address Web 2.0.
Introduction to Web 2.0
Web 2.0
“Web 2.0 is the business revolution in the computer industry caused by the move to the internet as platform, and an attempt to understand the rules for success on that new platform. Chief among those rules is this: Build applications that harness network effects to get better the more people use them.”
-- Tim O’Reilly, 12/10/2006
Source: Joining Dots
Web 2.0
Digital natives
Internet economics
The read/write web
Web 2.0 Technologies
Blogs
Blogs
Microblogging (Twitter)
It is part text messaging and part blogging, with the ability to update on your cellphone or computer, but constrained to 140 characters.
-- Ari Herzog, Ariwriter.com
Wikis
Collaborative authoring and publishing
Meeting agenda and minutes
Proposals and presentations
Contract negotiation
Collect and organize research
Easy to create, update, correct,
and retrieve
Organized(!) as collection of
topics or articles
Web-based office suites
Many different applications available
Fully-featured to fairly narrow
Generally compatible with common Office functionality
May default to private or public
Office 2.0
Tags
Social sharing
Video
Photographs
Files
Bookmarks
Presentations
Social networks
Contact management
Expertise management
Can be used to find and tap unknown resources
Alternative to email
That users are already using
That allows tagging, blogging, etc.
Mashups
The benefits of web 2.0
Less tool, more work
Better collaboration
Source: Intellipedia
The economics of web 2.0
Hard cost of the tools
Time to implement
Time to learn to use
the tool
Support and
administrative effort
Making the connections
“If HP knew what HP knows, we would be three times as profitable.”
-- Lew Platt
Former CEO, Hewlett-Packard
Making the connections
"It was never very clear to us who the authoritative sources where, who was good at solving problems. Now we can see a lot of that because we're starting to see patterns emerge:
Who follows whom
Who's the good source of questions
Who's the good source of answers
All the things you know by the grapevine, we now have data for.”
--John Parkinson, TransUnion
Knowledge dissemination
Knowledge transfer
The implications of web 2.0
Records management issues
Legal issues
Reliability pt 1: the tool
Reliability pt 2: the vendor
Prohibition
The “Shadow IT department”
There are too many of them
They change too quickly
Mobile access
Change
Records management 2.0
Address in policies
36
Policy 2.0 – in 140 characters
Our Twitter policy: Be professional, kind, discreet, authentic. Represent us well. Remember that you can’t control it once you hit “update.”
Policy 2.0 – in 3 words
Don’t be stupid
Policy 2.0 – in 2 words!
Be professional
Policy 2.0 – in 1 word?
Think!
Monitor
Monitor the tools
Plan for discovery
Secure the tools
or set them to be private
The good news
Many of the most commonly used 2.0 tools already track changes and versions
Wikis
Blogs
Track changes
Implement enterprise versions
Questions?
Conclusion
Web 2.0 is here
Web 2.0 tools can add significant value to the organization
Prohibition is not a realistic option
Lead your organization to use them effectively
Web 2.0: Compliance and
the Cloud
Please Complete Your
Session Evaluation
Jesse Wilkins, CRMAccess Sciences Corporation
jwilkins@accesssciences.com
EducationCode: SU02-2207