If you don't think social media needs to be on the radar of enterprise IT, check out this data point from a recent study from Palo Alto Networks: More than 220 socializing and file-sharing applications are being used in up to 96 percent of the organizations surveyed.
The latest comScore study reports that smartphone adoption grew 15 percent by the end of September over the preceding three-month period. Nearly 59 million people in the US had smartphones. Those people are not using smartphones just to call Mom; IT can be sure social media usage, along with their apps in the enterprise, will only increase.
For IT, these studies raise a number of issues, but the two most important should be security and governance. IT already is pretty good at locking down technical security by implementing reasonably rigorous access controls behind the firewall. A bigger problem for IT, however, is user behavior.
One aspect of user behavior -- that these devices get lost all the time in airports, taxis, little-league bleachers, etc. -- has a straightforward solution. IT must insist that any enterprise data on those devices be encrypted. Governance alone won’t help much: You can prohibit enterprise data from being put on these devices, but users will ignore it. Just encrypt everything on the device.
A bigger concern is users blurring the distinction between personal behavior and enterprise or business behavior on social media. Posting photos from the company Christmas party probably is innocuous enough; naming clients and discussing them probably is not. On social media, not all Friends are actually friends. For instance, there may be people, friends of friends of friends, who might have decidedly unfriendly interests in who the company’s customers are.
Part of the problem, notes Sarah Carter, chief strategy officer at FaceTime Communications Inc. , an Internet security firm, is the newness of social media. Most people are sufficiently steeped in enterprise security procedures that they don’t post passwords or open just any email attachment. People aren’t yet that savvy with social media.
The gut reaction from IT management, Carter continues, is to prohibit the use of social media. That’s a bad idea for two reasons: First, it already is happening and there is no going back. More importantly, there are business benefits and opportunities with social media that the enterprise doesn’t want to miss out on.
The solution requires IT to get involved in governance and education. Only then does IT have a chance of getting users to act smart when using social media. To do this, Carter suggests three things:
- Educate your users to what social media are, their implications for the business, and any appropriate regulatory compliance issues that come into play.
- Define appropriate policies. This is the governance part. The policies should specify what information is acceptable to share, when, and with whom. The policies also should provide clear guidelines around what is acceptable public business behavior on social media.
- Communicate the policies to everyone regularly. Doing it once is not nearly enough.
Doing these three things will go a long way in preventing many of the major problems you might encounter. What are some of the other ways your organization is handling social media?