Boost PC performance: How more available memory can improve productivity
Social Media & Social Networking: A Cautionary Tale
1. Social Media & Social Networking:A Cautionary Tale Michael Gotta Senior Technology Solutions ManagerEnterprise Social Software
2. The Social Side Of The Internet 75% of respondents are active in some kind of voluntary group or organization 68% of respondents (internet users & non-users alike) said the internet has had a major impact on the ability of groups to communicate with members 60% of respondents said the internet has had a major impact on the ability of groups to connect with other groups 59% of respondents said the internet has had a major impact on the ability of groups to impact society at large 62% of respondents said that the internet has had a major impact on the ability of groups to draw attention to an issue 59% of respondents said the internet has had a major impact on the ability of groups to organize activities Source: Pew Internet http://www.pewinternet.org/Press-Releases/2011/Social-Side-of-the-Internet.aspx
3. Social Networking & Social Media: Leverage new tools & literacies to enable new ways of working 3000 friends 100 fan pages 50 groups Has Own Channel Blogs Daily Following 325 Followers 915
4. Organizations Face Internal TensionAn Unequivocal “Yes” Or “No” Is Often Not The Answer Scale organizational expertise Lack of policy-based management Improve business processes Weak identity assurance Break down silos and barriers Inadequate security controls Benefits Risks Catalyze employee engagement Questionable privacy protections Address generational shifts Misuse by employees Improve talent & learning initiatives Unanticipated data disclosure Satisfy technology expectations Potential for “social engineering”
5. Leverage Use Case Scenarios: Shift The Discussion From “OR” to “AND” Observe and listen to employees, experts, and management regarding use of social tools Construct use case scenarios from those representative stories Identify decision and enforcement points where risks can be mitigated Plan, execute, adjust
6. Use Case #1: “Social Claims”Profiles may be viewed as a trusted information source Employee profiles populated with information from trusted enterprise systems My “Enterprise Identity” Mike Gotta EMPLOYEE #: LABOR GRADE: COST CENTER: Additional information entered by employees regarding skills, interests, expertise, experience DEPT: GROUP: My “Claimed Identity” JOB TITLE: EXPERTISE: HOBBIES: Information viewed as “trusted” but claims are not verified which can lead to risk scenarios EDUCATION: INTERESTS: PERSONAL TAGS: COMMUNITIES: FOLLOWING: COLLEAGUES: Add fields to profile where data goes through vetting process; pre-populate profile with other credentialing information
7. Use Case #2: Profile ProliferationMultiple profiles creates maintenance and data integrity issues My Primary Profile DiversityCommunity Profile Selling Into HealthcareCommunity Profile Customer InnovationCommunity Profile Profiles are becoming a common feature across many vendor products EMPLOYEE #: EMPLOYEE #: EMPLOYEE #: EMPLOYEE #: Jane Doe Jane Doe Jane Doe Jane Doe DEPT: DEPT: DEPT: DEPT: JOB TITLE: JOB TITLE: JOB TITLE: JOB TITLE: EXPERTISE: EXPERTISE: EXPERTISE: EXPERTISE: COLLEAGUES: COLLEAGUES: COLLEAGUES: COLLEAGUES: PERSONAL TAGS PERSONAL TAGS PERSONAL TAGS PERSONAL TAGS Employees create/maintain multiple “persona’s” based on technology silos Incomplete, abandoned, or inaccurate profiles due to redundancy creates risk Look for ways to federate, synchronize, or otherwise reduce number of user profiles Selling Into HealthcareCommunity CustomerInnovationCommunity DiversityCommunity
8. Automating profile updates can ease maintenance efforts by employees, increasing adoption Use Case #3: Automatic Social UpdatesLack of notice and consent can create privacy and HR issues My Profile #1 EMPLOYEE #: John Doe DEPT: JOB TITLE: EXPERTISE: COLLEAGUES: COMMUNITIES Vendor products are monitoring user activities and adding those actions to profiles without user intervention Restricted Access Unintended consequences can occur leading to HR-related issues such as diversity bias Activity Stream Activity Stream Public Access John Doe: Joined Community: “Selling Into Healthcare Community” John Doe: Joined Updated Wiki:“Best Ways To Respond To An RFP” John Doe: Joined Community: “Diversity Outreach Community” John Doe: Joined Community Forum: “It Gets Better Awareness Campaign” Include requirements for user-defined profile controls and management of profile updates from system activities/events DiversityCommunity Selling Into HealthcareCommunity
9. Use Case #4: Information LeakageOpen discourse can lead to sharing of inaccurate / sensitive data E-Mail Client ActivityStream Sender Name Subject My Profile #1 Micro-blogging / activity feeds are becoming a popular means of sharing information Sender Name Subject EMPLOYEE #: John Doe Activity Stream Activity Stream Activity Stream DEPT: JOB TITLE: EXPERTISE: Sender Name Subject Status update: xxxxxxxx Status update: xxxxxxxxx Status update: xxxxxxxxx Mike Jones: “Heading to the airport to meet with Company ABC on cross-selling biz deal” John Doe: “Working on a acquisition deal, need to work late tonight… stay tuned!” Fred Smith: “&#%^%$* we just lost Company XYZ account… Betty Smith: @Bob Jones that patient ID number is 123456789 Bob Jones: @SamJ I’ve changed the access controls so you can get into the workspace Sally Jones: I heard we might have a layoff by quarter end? David Brown: @SalesTeam I posted the new product discounting policy to the sales strategy community Mike Jones: “Does anyone know the best way to get an SOW processed in 2 days? I have an urgent need…” John Doe: “Hi, I’m a new remote employee – wondering who else is working in the marketing department!” Fred Smith: “Just figured out a workaround to a problem with our field group – ping me if interested…” Betty Smith: “We’re starting an innovation community on data quality – let me know if you’re interested” Bob Jones: “Does anyone know what IWE stands for?” Sally Jones: “Great article on social media risks http://xxxxxxx” David Brown: “@Sally, thx, we’re updating our policies now” COLLEAGUES: ACTIVITY STREAM Information shared in a public stream may be re-posted to profiles or other entities subscribing to that stream Public conversations or events published via other systems can create confidentiality and audit/archival concerns Policy, role, and rule-based approaches that create common treatments across applications are warranted
10. Use Case #5: Connected IdentitiesDisplay of public profiles can have unintended consequences Employee personal use of social media is becoming more commonplace E-Mail Client “ThePublicMe” Re: Partnering Opportunity Bill Smith Sent: Thu 03/01/11 To: John Doe We’ve discussed the proposal and have decided to pass at this time… Sender Name Subject Sender Name Subject An increasing number of tools aggregate Facebook, LinkedIn & Twitter information to display in applications like e-Mail Sender Name Subject Mixing public and enterprise data can give a false sense of validity and context creating trust and privacy issues My Profile #1 “TheWorkMe” EMPLOYEE #: John Doe DEPT: JOB TITLE: EXPERTISE: COLLEAGUES: COMMUNITIES Examine how the public data is aggregated; re-visit consent issues; provide users with an opt-out option Jon Doe’s social datadisplayed here
14. Direct MessagesConsumer and enterprise software providers often lack end-to-end capabilities Combine a mix of policy, monitoring, audit, and tooling tactics to mitigate risks to an acceptable level Embedded Policy-based Management withexternal integrations (security, compliance…)
17. SummaryThePublicMe Building a “personal brand” as an employee may seem like a worthwhile endeavor My YouTube My Twitter Status Updates & Activity Stream Third-Party Content &Applications Groups & Discussions Forums Enterprise policies or regulatory statutes may apply to personal use of social media, raising potential compliance concerns Jobs & Answers Contact Settings (Interested In…) Opportunities, Expertise Requests, Consulting Offers Re-visit policy, code of ethics, and social media guidelines. Educate employees on risks. Leverage monitoring tools. Alternative clients, widgets, message notifications…
18. Social network analysis is used to identify relation structures between people Use Case #8: Deciphering RelationshipsSocial analytics can identify patterns that thwart policies R&DDept. Ideation Community Access to social analytics is becoming more widespread, available to all end users in some cases Unfettered analysis of social data can lead to accidental or intentional abuse as well as social engineering attacks Business DevelopmentTeam Ensure social analytic tools include access controls, audit trails, and policy support to limit capabilities Node20 Node24 Node19 Node21 Node22 Node 23 Node18 Node14 Node13 Node15 Node16 Node17 Node 2 Node 4 Node5 Node6 Node 9 Node 8 Node12 Node11 Node10 Node 1 Node 3 Node 7
19. People Definea governance model that make sense; ensure enforcement is visible Balanced privacy considerations (enterprise and employee) Create feedback loops for employee ideas and concerns Process Update policies, terms of use, and code of ethics; consider specific guidelines for social media and social networking Make sure you have end-to-end processes with defined roles, responsibilities, and metrics in place for assessing risks – prioritize employee communication Audit data handling procedures to ensure proper management of social data Technology Adopt a “platform approach” towards social media and social networking Make embedded policy-based management services a priority capability Favor platforms that integrate with security, identity, and compliance systems Recommendations
20. Social media and social networking are strategic initiatives that are here to stay – saying “no” is not the right approach Identity and security needs should be viewed just as positively as goals for openness and transparency A decision-making framework and governance model is an essential component of any strategy; policies and procedures need to focus on the human element and avoid technology as a panacea Adopt a platform approach – prioritize solutions with embedded policy management and strong integration capabilities IT teams that should be viewed as key stakeholders include: Groups responsible for CRM, collaboration, content, and community efforts Identity management and security groups Information (records) management and business intelligence groups Summary
21.
22. What role is there for privacy? What “controls” should be afforded to “owners” of one’s own social data?