Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Social Media & Social Networking: A Cautionary Tale


Published on

Presented at Info 360/AiiM

Published in: Technology
  • Be the first to comment

Social Media & Social Networking: A Cautionary Tale

  1. 1. Social Media & Social Networking:A Cautionary Tale<br />Michael Gotta<br />Senior Technology Solutions ManagerEnterprise Social Software<br />
  2. 2. The Social Side Of The Internet<br />75% of respondents are active in some kind of voluntary group or organization<br />68% of respondents (internet users & non-users alike) said the internet has had a major impact on the ability of groups to communicate with members <br />60% of respondents said the internet has had a major impact on the ability of groups to connect with other groups <br />59% of respondents said the internet has had a major impact on the ability of groups to impact society at large<br />62% of respondents said that the internet has had a major impact on the ability of groups to draw attention to an issue<br />59% of respondents said the internet has had a major impact on the ability of groups to organize activities<br />Source: Pew Internet<br />
  3. 3. Social Networking & Social Media: Leverage new tools & literacies to enable new ways of working<br />3000 friends<br />100 fan pages<br />50 groups<br />Has Own Channel<br />Blogs<br />Daily<br />Following 325<br />Followers 915<br />
  4. 4. Organizations Face Internal TensionAn Unequivocal “Yes” Or “No” Is Often Not The Answer<br />Scale organizational expertise<br />Lack of policy-based management<br />Improve business processes<br />Weak identity assurance<br />Break down silos and barriers<br />Inadequate security controls<br />Benefits<br />Risks<br />Catalyze employee engagement<br />Questionable privacy protections<br />Address generational shifts<br />Misuse by employees<br />Improve talent & learning initiatives<br />Unanticipated data disclosure<br />Satisfy technology expectations<br />Potential for “social engineering”<br />
  5. 5. Leverage Use Case Scenarios: Shift The Discussion From “OR” to “AND”<br />Observe and listen to employees, experts, and management regarding use of social tools<br />Construct use case scenarios from those representative stories<br />Identify decision and enforcement points where risks can be mitigated<br />Plan, execute, adjust<br />
  6. 6. Use Case #1: “Social Claims”Profiles may be viewed as a trusted information source<br />Employee profiles populated with information from trusted enterprise systems<br />My “Enterprise Identity”<br />Mike Gotta<br />EMPLOYEE #:<br />LABOR GRADE:<br />COST CENTER:<br />Additional information entered by employees regarding skills, interests, expertise, experience<br />DEPT:<br />GROUP:<br />My “Claimed Identity”<br />JOB TITLE:<br />EXPERTISE:<br />HOBBIES:<br />Information viewed as “trusted” but claims are not verified which can lead to risk scenarios<br />EDUCATION:<br />INTERESTS: <br />PERSONAL TAGS:<br />COMMUNITIES:<br />FOLLOWING:<br />COLLEAGUES:<br />Add fields to profile where data goes through vetting process; pre-populate profile with other credentialing information<br />
  7. 7. Use Case #2: Profile ProliferationMultiple profiles creates maintenance and data integrity issues<br />My Primary Profile<br />DiversityCommunity Profile<br />Selling Into HealthcareCommunity Profile<br />Customer InnovationCommunity Profile<br />Profiles are becoming a common feature across many vendor products<br />EMPLOYEE #:<br />EMPLOYEE #:<br />EMPLOYEE #:<br />EMPLOYEE #:<br />Jane Doe<br />Jane Doe<br />Jane Doe<br />Jane Doe<br />DEPT:<br />DEPT:<br />DEPT:<br />DEPT:<br />JOB TITLE:<br />JOB TITLE:<br />JOB TITLE:<br />JOB TITLE:<br />EXPERTISE:<br />EXPERTISE:<br />EXPERTISE:<br />EXPERTISE:<br />COLLEAGUES:<br />COLLEAGUES:<br />COLLEAGUES:<br />COLLEAGUES:<br />PERSONAL TAGS<br />PERSONAL TAGS<br />PERSONAL TAGS<br />PERSONAL TAGS<br />Employees create/maintain multiple “persona’s” based on technology silos<br />Incomplete, abandoned, or inaccurate profiles due to redundancy creates risk <br />Look for ways to federate, synchronize, or otherwise reduce number of user profiles<br />Selling Into HealthcareCommunity<br />CustomerInnovationCommunity<br />DiversityCommunity<br />
  8. 8. Automating profile updates can ease maintenance efforts by employees, increasing adoption<br />Use Case #3: Automatic Social UpdatesLack of notice and consent can create privacy and HR issues<br />My Profile #1<br />EMPLOYEE #:<br />John Doe<br />DEPT:<br />JOB TITLE:<br />EXPERTISE:<br />COLLEAGUES:<br />COMMUNITIES<br />Vendor products are monitoring user activities and adding those actions to profiles without user intervention<br />Restricted Access<br />Unintended consequences can occur leading to HR-related issues such as diversity bias<br />Activity Stream<br />Activity Stream<br />Public Access<br />John Doe: Joined Community: “Selling Into Healthcare Community”<br />John Doe: Joined Updated Wiki:“Best Ways To Respond To An RFP”<br />John Doe: Joined Community: “Diversity Outreach Community”<br />John Doe: Joined Community Forum: “It Gets Better Awareness Campaign”<br />Include requirements for user-defined profile controls and management of profile updates from system activities/events<br />DiversityCommunity<br />Selling Into HealthcareCommunity<br />
  9. 9. Use Case #4: Information LeakageOpen discourse can lead to sharing of inaccurate / sensitive data<br />E-Mail Client<br />ActivityStream<br />Sender Name<br />Subject<br />My Profile #1<br />Micro-blogging / activity feeds are becoming a popular means of sharing information<br />Sender Name<br />Subject<br />EMPLOYEE #:<br />John Doe<br />Activity Stream<br />Activity Stream<br />Activity Stream<br />DEPT:<br />JOB TITLE:<br />EXPERTISE:<br />Sender Name<br />Subject<br />Status update: xxxxxxxx<br />Status update: xxxxxxxxx<br />Status update: xxxxxxxxx<br />Mike Jones: “Heading to the airport to meet with Company ABC on cross-selling biz deal”<br />John Doe: “Working on a acquisition deal, need to work late tonight… stay tuned!”<br />Fred Smith: “&#%^%$* we just lost Company XYZ account…<br />Betty Smith: @Bob Jones that patient ID number is 123456789<br />Bob Jones: @SamJ I’ve changed the access controls so you can get into the workspace<br />Sally Jones: I heard we might have a layoff by quarter end?<br />David Brown: @SalesTeam I posted the new product discounting policy to the sales strategy community<br />Mike Jones: “Does anyone know the best way to get an SOW processed in 2 days? I have an urgent need…”<br />John Doe: “Hi, I’m a new remote employee – wondering who else is working in the marketing department!”<br />Fred Smith: “Just figured out a workaround to a problem with our field group – ping me if interested…”<br />Betty Smith: “We’re starting an innovation community on data quality – let me know if you’re interested”<br />Bob Jones: “Does anyone know what IWE stands for?”<br />Sally Jones: “Great article on social media risks http://xxxxxxx”<br />David Brown: “@Sally, thx, we’re updating our policies now”<br />COLLEAGUES:<br />ACTIVITY STREAM<br />Information shared in a public stream may be re-posted to profiles or other entities subscribing to that stream<br />Public conversations or events published via other systems can create confidentiality and audit/archival concerns<br />Policy, role, and rule-based approaches that create common treatments across applications are warranted<br />
  10. 10. Use Case #5: Connected IdentitiesDisplay of public profiles can have unintended consequences<br />Employee personal use of social media is becoming more commonplace<br />E-Mail Client<br />“ThePublicMe”<br />Re: Partnering Opportunity<br />Bill Smith<br />Sent: Thu 03/01/11<br />To: John Doe<br />We’ve discussed the proposal and have decided to pass at this time…<br />Sender Name<br />Subject<br />Sender Name<br />Subject<br />An increasing number of tools aggregate Facebook, LinkedIn & Twitter information to display in applications like e-Mail<br />Sender Name<br />Subject<br />Mixing public and enterprise data can give a false sense of validity and context creating trust and privacy issues<br />My Profile #1<br />“TheWorkMe”<br />EMPLOYEE #:<br />John Doe<br />DEPT:<br />JOB TITLE:<br />EXPERTISE:<br />COLLEAGUES:<br />COMMUNITIES<br />Examine how the public data is aggregated; re-visit consent issues; provide users with an opt-out option<br />Jon Doe’s social datadisplayed here<br />
  11. 11. Use Case #6: Oversight: Approved UseSanctioned use of social media can still require controls<br />FINRA/SEC<br />FTCGuidelines<br />Regulatory and other policies can place enterprise constraints on use of social media <br />Notices &Disclaimers<br />Name:<br />Profile:<br />Web Site:<br />Listed<br />SocialMedia<br />Following<br />Guidelines are often “gray” and leave use of many features open to interpretation regarding compliance<br />EU PrivacyRegulations<br />HIPAA<br />Lists By<br />Favorites<br />Alternative clients, widgets, message notifications… <br />Message Types<br /><ul><li>Posts
  12. 12. @ Messages
  13. 13. ReTweets
  14. 14. Direct Messages</li></ul>Consumer and enterprise software providers often lack end-to-end capabilities <br />Combine a mix of policy, monitoring, audit, and tooling tactics to mitigate risks to an acceptable level<br />Embedded Policy-based Management withexternal integrations (security, compliance…)<br />
  15. 15. Use Case #7: Oversight: Personal UseWell-intentioned use may not excuse enterprise liability<br />My Blog<br />My LinkedIn<br />Regulatory and other policies can also place constraints on personal use of social media <br />Employee As “Brand Ambassador”<br />Profile<br /><ul><li>Recommendations
  16. 16. Websites
  17. 17. Summary</li></ul>ThePublicMe<br />Building a “personal brand” as an employee may seem like a worthwhile endeavor<br />My YouTube<br />My Twitter<br />Status Updates & Activity Stream<br />Third-Party<br />Content &Applications<br />Groups & Discussions Forums<br />Enterprise policies or regulatory statutes may apply to personal use of social media, raising potential compliance concerns<br />Jobs & Answers<br />Contact Settings (Interested In…)<br />Opportunities, Expertise Requests, Consulting Offers<br />Re-visit policy, code of ethics, and social media guidelines. Educate employees on risks. Leverage monitoring tools.<br />Alternative clients, widgets, message notifications… <br />
  18. 18. Social network analysis is used to identify relation structures between people <br />Use Case #8: Deciphering RelationshipsSocial analytics can identify patterns that thwart policies<br />R&DDept.<br />Ideation<br />Community<br />Access to social analytics is becoming more widespread, available to all end users in some cases<br />Unfettered analysis of social data can lead to accidental or intentional abuse as well as social engineering attacks<br />Business<br />DevelopmentTeam<br />Ensure social analytic tools include access controls, audit trails, and policy support to limit capabilities<br />Node20<br />Node24<br />Node19<br />Node21<br />Node22<br />Node 23<br />Node18<br />Node14<br />Node13<br />Node15<br />Node16 <br />Node17<br />Node 2<br />Node 4<br />Node5<br />Node6<br />Node 9<br />Node 8<br />Node12<br />Node11 <br />Node10<br />Node 1<br />Node 3<br />Node 7<br />
  19. 19. People<br />Definea governance model that make sense; ensure enforcement is visible<br />Balanced privacy considerations (enterprise and employee)<br />Create feedback loops for employee ideas and concerns<br />Process<br />Update policies, terms of use, and code of ethics; consider specific guidelines for social media and social networking<br />Make sure you have end-to-end processes with defined roles, responsibilities, and metrics in place for assessing risks – prioritize employee communication<br />Audit data handling procedures to ensure proper management of social data<br />Technology<br />Adopt a “platform approach” towards social media and social networking<br />Make embedded policy-based management services a priority capability<br />Favor platforms that integrate with security, identity, and compliance systems<br />Recommendations<br />
  20. 20. Social media and social networking are strategic initiatives that are here to stay – saying “no” is not the right approach<br />Identity and security needs should be viewed just as positively as goals for openness and transparency<br />A decision-making framework and governance model is an essential component of any strategy; policies and procedures need to focus on the human element and avoid technology as a panacea <br />Adopt a platform approach – prioritize solutions with embedded policy management and strong integration capabilities<br />IT teams that should be viewed as key stakeholders include:<br />Groups responsible for CRM, collaboration, content, and community efforts <br />Identity management and security groups<br />Information (records) management and business intelligence groups <br />Summary<br />
  21. 21. Closing RemarkIncreasing Ethical Dilemmas: Public vs. Publicized<br />“Just because we can rupture obscurity, should we? Just because we can publicize content, should we? Just because we can leverage PII, should we? Just because we can aggregate and redistribute data, should we?” – danahboyd, WWW 2010, 4/29/10<br /><ul><li>What are the ethics? What do we do about the consequences?
  22. 22. What role is there for privacy? What “controls” should be afforded to “owners” of one’s own social data?
  23. 23. Should we record things when we don’t have to?
  24. 24. Is automating the aggregation of information and correlating it sometimes “wrong” without consent?
  25. 25. How does this apply within an enterprise context?</li></li></ul><li>