Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Social Networking and Identify - A Cautionary Tale


Published on

Presenation given by Alice Wang and Mike Gotta of Burton Group at Enterprise 2.0 San Francisco 2009.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Social Networking and Identify - A Cautionary Tale

  1. 1. Social Networking and Identity – A g y Cautionary Tale Alice Wang November 5 2009 5, Mike Gotta All Contents © 2009 Burton Group. All rights reserved.
  2. 2. Two Sides Of The Social Networking Coin 2 Why are we here… • Use of social networking tools and applications to improve information sharing and collaboration will transform how organizations think about, and manage, identities • Profiles, social graphs, and activity streams enable employees to construct their own social identities across internal and external constituencies • Participation in social networks and community contributions enable employees to establish their own social roles and reputations • However, what are the benefits, risks, and implications of more open collaboration and transparent knowledge sharing on identity management strategies
  3. 3. Two Sides Of The Social Networking Coin 3 +1-234-567-9012 zxcvxvxcccb +1-234-567-9012 @ Source: Booz Allen Hamilton
  4. 4. Two Sides Of The Social Networking Coin 4 Benefits expected from social tools and applications • Connect people internally and externally • B k down organizationall b i and iinformation silos Break d i ti barriers d f ti il • Promote employee innovation • Address generational shifts; meet technology expectations of younger workers • Support strategic talent and learning initiatives However – open and transparent environments can raise identity and security concerns
  5. 5. Use Case #1: Social Network Site 5 +1-234-567-9012 zxcvxvxcccb +1-234-567-9012 Trusted Identity Sources Enterprise Identity HRMS Directory Other Systems-of-Record
  6. 6. Use Case #1: Social Network Site 6 +1-234-567-9012 zxcvxvxcccb +1-234-567-9012 Personal Internal Social Identity Claims
  7. 7. Use Case #2: Profile Proliferation 7 A single profile? Multiple profiles? Federated profiles? Women Employee Women’s Returning To Profile #2 Support Work After Group Extended Leave Employee Internal Employee Outreach Profile “Facebook Profile #3 Network Site” Gay & Professional Lesbian Exchange of Community Community Of Practice Best Practices Employee Profile #4
  8. 8. Use Case #3: Activity Streams & Profiles 8 Over-sharing via social conversation and community actions Employee p y Profile Jane Doe: Joined Community: “Women Supporting Women” “Women Supporting Women” John Doe: “W ki J h D “Working on a big M&A d l bi deal, need to work late tonight… stay tuned!” “Gay & Lesbian Employees” Fred Smith: &#%^%$* we just lost the Outreach Company ABC account… Automatic A t ti posting of Jane Doe: Joined Community: community “Gay & Lesbian Employees Outreach” actions Betty Smith: @ y @Bob Jones That p patient ID number is 123456789 Activity streams & Bob Jones: @SamJ I’ve changed the access controls so you can get into the workspace Enterprise “Enterprise Twitter” messages
  9. 9. Use Case #4: First Comes Aggregation 9 +1-234-567-9012 zxcvxvxcccb +1-234-567-9012 Personal External Social Claims Identities
  10. 10. Use Case #4: Followed By Correlation 10 Is it me? How much is being shared? Under what controls? Profile Profile Status Message Profile Groups Activities A ti iti Following / Followers Contacts Photos “Tweets” Unification of an My politics Enterprise Identity My g p y groups employee s employee’s social Enterprise “Social Identity” My music structures My friends “The “The Work Citizen Me” Me”
  11. 11. Use Case #5: Leveraging Consumer Tools 11 Enterprise roles and identities can collide with personal use of “The “The social media Citizen Employee Me” Me”
  12. 12. Use Case #6: Enterprise Roles 12 Trusted Id tit Sources T t d Identity S HRMS Directory Other Systems-of-Record Role Sources Authentication, Authentication +1-234-567-9012 Role Management Authorization, Applications Provisioning, RBAC, etc. Business Process zxcvxvxcccb +1-234-567-9012 Management (BPM) Systems My Roles • IT Architect Enterprise Portals • SME on “ABC” • Approver for access to “XYZ” • Certified on “123” Enterprise Roles
  13. 13. Use Case #6: Emergence Of “Social Roles” 13 “Answer P “A Person” ” “Wiki G d Gardener” ” “Idea Person” “Id P ” “News Filt ” “N Filter” Social Role Social Data Aggregation & Social Network Attributes Correlation Analysis Social Roles
  14. 14. Use Case #6: Community Equity 14 From roles to reputation • Reputation is as aspect of someone’s identity; need a social value system based on social activities • Analyze social data to derive community equity • Aggregate social activities: edit, tag, bookmark, follow, comment, reply, post, attach, subscribe join attach subscribe, join… • Correlate patterns: participation, contributions, skills, reputation, social graph Skills Contributions Reputation Participation Community Equity Social Graph
  15. 15. Use Case #7: Analyzing Relationships 15 Social analytics • Assess, correlate, and visualize relationship structures • Di Discovery of llatent connections most valuable f t t ti t l bl Needs to figure out how to help a company deal with export / import regulations iin country l ti t Node 8 XYZ To Node 10 To Node 14 To Node 15 Has dealt with import / export problems in country XYZ for years in past job role Source: Telligent
  16. 16. Use Case #7: Analyzing Relationships 16 Without proper controls, identity and security issues can arise • Evolution of tool capabilities can discover too much information on organizational structures activities, and relationships structures, activities Person 4 Product C Product B Person 2 SCN Group1 Product A Purchased Customer X Business Process 2 Key talent in organization Person 5 developing new Marketing Campaign 1 ideas and products Part of Source: SAP Sale Process 1 Person 3
  17. 17. Awareness & Management Of Risks 17 General concerns relevant to identity and security teams • Identity • Assuring profiles (identities) – internal and external • Populating profiles with trusted enterprise data • Assessing social identity attribute claims • Making sure that controls exist to satisfy privacy mandates • Security • Applying policy-based management (including enforcement) • Inclusion of monitoring, discovery, and audit mechanisms • Validating "fine-grained” access controls and role modeling capabilities • Satisfying S ti f i compliance, di li discovery and related d t t ti controls d l t d data-retention t l • Ensuring data loss protection
  18. 18. Awareness & Management Of Risks 18 Use Case concerns relevant to identity and security teams • Profiles And Profiling • Credibility of profile and social claims • Possible bias against employees by co-workers based on race, diversity, affiliation information made open and transparent via social media tools • Information Security • Intellectual property, compliance, e-Discovery, monitoring… • Aggregation / correlation capabilities gg g p s • Data management and data integration (profiles, roles, etc) • Privacy • Adherence to regulatory statutes, level of employee controls, possible stalking situations (hostile workplace) • Social Network Analysis y • Makes relationships visible that perhaps should not (“connecting the dots”) • May lead to “befriend / defraud” situations, social engineering
  19. 19. Recommendations 19 Moving forward with social media and social networking efforts • Social media and social networking are strategic initiatives that are here to stay – saying “no” is not the right approach no • A decision-making framework and governance model is an essential component of any strategy • Policies and procedures need to focus on the human element and avoid technology as a panacea • Id tit and security objectives need t b viewed on th same Identity d it bj ti d to be i d the level as desires for openness and transparency • IT teams that should be viewed as key stakeholders in social media and social networking strategies include: • Groups responsible for collaboration and community efforts • Id tit management and security groups Identity t d it • Information management and data analysis groups
  20. 20. A Look Ahead 20 Do we someday reach a point where social networking, social roles, and community equity enable self-regulating systems? Social Role not No change Enterprise Social associated with Role Role enterprise role or entitlement Social role indicates Discovery of latent talent synergies with enterprise Enterprise Social in the agency, perhaps a agency Role Role new subject matter expert role and entitlements Social role becomes Provisioning and access synonymous with Enterprise Social controls adapt based enterprise role and p Role Role level of community equity entitlement performing social role
  21. 21. 21 Q&A All Contents © 2009 Burton Group. All rights reserved.