Enterprise IT Governance & Social Media

Alan Radding, Veteran Tech Journalist | 12/10/2010 | 22 comments

Alan Radding
If you don't think social media needs to be on the radar of enterprise IT, check out this data point from a recent study from Palo Alto Networks: More than 220 socializing and file-sharing applications are being used in up to 96 percent of the organizations surveyed.

The latest comScore study reports that smartphone adoption grew 15 percent by the end of September over the preceding three-month period. Nearly 59 million people in the US had smartphones. Those people are not using smartphones just to call Mom; IT can be sure social media usage, along with their apps in the enterprise, will only increase.

For IT, these studies raise a number of issues, but the two most important should be security and governance. IT already is pretty good at locking down technical security by implementing reasonably rigorous access controls behind the firewall. A bigger problem for IT, however, is user behavior.

One aspect of user behavior -- that these devices get lost all the time in airports, taxis, little-league bleachers, etc. -- has a straightforward solution. IT must insist that any enterprise data on those devices be encrypted. Governance alone won’t help much: You can prohibit enterprise data from being put on these devices, but users will ignore it. Just encrypt everything on the device.

A bigger concern is users blurring the distinction between personal behavior and enterprise or business behavior on social media. Posting photos from the company Christmas party probably is innocuous enough; naming clients and discussing them probably is not. On social media, not all Friends are actually friends. For instance, there may be people, friends of friends of friends, who might have decidedly unfriendly interests in who the company’s customers are.

Part of the problem, notes Sarah Carter, chief strategy officer at FaceTime Communications Inc. , an Internet security firm, is the newness of social media. Most people are sufficiently steeped in enterprise security procedures that they don’t post passwords or open just any email attachment. People aren’t yet that savvy with social media.

The gut reaction from IT management, Carter continues, is to prohibit the use of social media. That’s a bad idea for two reasons: First, it already is happening and there is no going back. More importantly, there are business benefits and opportunities with social media that the enterprise doesn’t want to miss out on.

The solution requires IT to get involved in governance and education. Only then does IT have a chance of getting users to act smart when using social media. To do this, Carter suggests three things:

  • Educate your users to what social media are, their implications for the business, and any appropriate regulatory compliance issues that come into play.

  • Define appropriate policies. This is the governance part. The policies should specify what information is acceptable to share, when, and with whom. The policies also should provide clear guidelines around what is acceptable public business behavior on social media.

  • Communicate the policies to everyone regularly. Doing it once is not nearly enough.

Doing these three things will go a long way in preventing many of the major problems you might encounter. What are some of the other ways your organization is handling social media?

View Comments: Newest First | Oldest First | Threaded View
Page 1 / 3   >   >>
Zentropist   Enterprise IT Governance & Social Media   12/13/2010 1:11:49 PM
Re: Another one

Since one of my lines of business is marketing strategy and copy writing, I completely agree that social media is an important part of overall communications strategy. I also tend to believe that for the most part, most companies will probably be best served by having people trained in this particular medium monitoring, responding and initiating most contact via this channel. 

Social media is a great way to solicit feedback on a product or service, or to handle customer inquiries, issues, etc., but due to its bi-directional nature, and the manner in which it can be rapidly propagated, it can bite the unwary individual or institution very badly. You can potentially use it to proactively improve your business, or conversely, quickly create PR nightmares for yourself...

Zentropist   Enterprise IT Governance & Social Media   12/13/2010 12:56:53 PM
Re: Another one
@ Broadway:

I'm glad to see that you and others seem to understand how the potential security risks from ill-considered use of social media extend beyond the "cyber-world" and potentially into real life. 

Providing up-to-date feeds, such as via Twitter, as to your location now or at a future date only makes it easier to target the individual broadcasting this information and/or his or her property. 

The question is, how hip to this are those in the business of providing security, especially say in the private sector?

sechristiansen   Enterprise IT Governance & Social Media   12/13/2010 10:30:35 AM
Re: Enterprise IT Governance & Social Media
I agree completely in the fact that it is the "newness" of social media that has people turning a blind eye to behavior they typically wouldn't do outside of that context.  Would you take a picture of yourself drunk, wearing Elvis glasses, kissing a statue of Ronald McDonald, and post it to your office community billboard?  Most of you probably would not (I always leave the exception clause open).  SO why do you do it on social media sites.  Because social media sites are fun, and you don't know any better until you are burned by it.

There was another post a few weeks ago concerning the personal use of company technology.  Technology, since it has invaded our homes and integrated so tightly with our daily lives, has created this blur for people from which they are no longer easily able to differentiate between business use technology and personal.  It is just tech to them.  Therein is where the problem lies.


Steel2179   Enterprise IT Governance & Social Media   12/13/2010 9:35:01 AM
Re: Another one
"...whether at a gov defense contractor or a private corporation--should NOT be allowed to participate on social media, unless heavily monitored by a marketing, investor relations and/or security personnel."

I think that you will see this issue discussed here more and more.  The question of governance and sm policy.  Companies will have to develop some type of parameters and quickly.  It may not be the most comfortable feeling, but organizations need to take charge before they become the case study that everyone is talking about.
Taimoor Zubair   Enterprise IT Governance & Social Media   12/13/2010 5:44:56 AM
Role of cloud applications
"One aspect of user behavior -- that these devices get lost all the time in airports, taxis, little-league bleachers, etc. -- has a straightforward solution. IT must insist that any enterprise data on those devices be encrypted."

To cater to the above issue, it's important that the organizations move towards cloud applications. All data should reside within the cloud and not lie on user devices. That's one effective way of achieving data protection yet allowing access to data through any channel. Also, since the users would be using more than one devices to access and manipulate information, syncing the data can be a hassle if it's lying on the devices. The cloud takes care of this as well.
Broadway   Enterprise IT Governance & Social Media   12/13/2010 12:29:31 AM
Re: Another one
"How hard would it be to potentially use the profile that you built on an individual, via their interactions on social media, with access to information that you or your organization wants and then blackmail that party, kidnap them (because they've made their usual schedule/routine known to the world) or otherwise exploit them?"

It wouldn't be difficult at all. Far less intelligent thieves use FB to know when their "friends" are away on vacation and rob their homes. Any spy or kidnapper worth their salt could easily tap into the LinkedIn, Twitter or FB account of a less savvy individual to gain serious competitive intelligence to sell to the highest bidder, or to track routine or travel plans and organize a kidnapping or incident accordingly. Possibly, anybody at an organization with any sort of high-value operational knowledge or hierarchical value--whether at a gov defense contractor or a private corporation--should NOT be allowed to participate on social media, unless heavily monitored by a marketing, investor relations and/or security personnel.
DBK   Enterprise IT Governance & Social Media   12/12/2010 8:19:42 PM
Re: The Policies are Key for Internal use and Vendors?
Curtis I think that you hit the nail on the head with the 3 person committee.  That is the right size, small enough to avoid “Indecision by Committee” and big enough to sample the appropriate demographics.  The factors for pursuing social media for companies and vendors is to meet the evolving requirements of the user groups.  Social media is a growing requirement for marketing and for communication.  Plus it is the new style for the up and coming generation, so called Gen x’ers.  They don’t want to use the phone, they want text or IM.  They don’t place as high a value general public input they want demographic specific recommendations.  And the manufactures have found a new product to integrate to drive net new revenue and to meet the needs of the new new employees.
CurtisFranklin   Enterprise IT Governance & Social Media   12/12/2010 10:32:16 AM
Re: The Policies are Key for Internal use and Vendors?
@DBK, you're absolutely right -- large chunks of the world are moving in the direction of social media, and companies are going to find themselves cut out of software features and revenue-generating opportunities if they continue to stick their IT heads in the sand regarding the technologies. The real problem for overworked IT departments is that many of the forces pushing for social networking are offering no guidance in the best way to do things, and the whole area is new enough to make "best practices" a very squishy science, indeed, at this point.

I've just about decided that the best way to start is a three-person committee, with a young IT person, a more experienced sales or marketing person, and someone from PR in the mix to figure out how to get things moving in the right direction. That combination of experience and knowledge would present at least an outside shot at getting something workable on the table; with any luck at all the mistakes that follow will be small and manageable. What do you think about the committee approach?
CurtisFranklin   Enterprise IT Governance & Social Media   12/12/2010 10:25:36 AM
Re: Another one
@Z, in the discussions I've either been part of or listened to, the "Facebook Czar" has been seen more as a cheerleader and coordinator than policy enforcer. The prevailing wisdom seems to be that most companies need to be convinced away from the "just say no" direction to actively engage in social media, and that having someone in charge of the effort is the best way to make that happen. Questions of limits and appropriate behavior are separate.

We recently had a conversation here about the difficulty in getting users to behave rationally about, oh, anything that has to do with corporate IT. Any time you have a vehicle for communicating, whether it's dinner party conversation, email or Facebook, you're going to have the potential for someone saying something they shouldn't. The fact is that companies looking to expand their use of social networking, and especially those that want lots of employees engaged in the effort, need to be willing to invest considerable resources in training and ongoing education about why things are being done in a particular way, the kind of message and overall impression the company wants to present, and what information that absolutely should not be shared looks like.

Are social networks security risks? You betcha! Does that mean they shouldn't be part of a company communications strategy? Absolutely not. It does mean that significant thought needs to go into working out how they can best be used, and how to make sure employees know the right things to do, and the consequences of doing the wrong things.
DBK   Enterprise IT Governance & Social Media   12/11/2010 7:36:53 PM
Re: The Policies are Key for Internal use and Vendors?

The unmentioned elephant in the IT meeting room is the injection for how social media is being integrated into mainstream products.  If you look at Salesforce as a SaaS cloud provider or even Cisco as a main stream hardware/software vendor they each have a strategy for rolling out social media into their products. These products are considered productivity tools as well as marketing tools.  Perhaps even more importantly is how they are integrated and then delivered to the mobile applications.  So not only is IT in the hot seat with their internal users but also the product providers who are calling on them and “Encouraging” their adoption and implementation.

Page 1 / 3   >   >>

The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Alan Radding
Alan Radding   11/5/2010   5 comments
Unified communications (UC) has been around in various forms for some time. At its most basic, it called for the merging of a company's PBX-based, switched-voice network with its data ...
Alan Radding   9/27/2010   10 comments
A recent IBM Corp. (NYSE: IBM) survey found information governance emerging as the next big enterprise IT mangement trend. Governance has been a big deal in financial circles since the ...
Alan Radding   9/15/2010   13 comments
"64-bit computing is the future," declared Mark Teter, chief technical officer of Advanced Systems Group, a systems integrator based in Denver. Gartner Inc. agrees, ...
Alan Radding   7/22/2010   19 comments
CIOs like to apply portfolio management to their application portfolios to determine how to allocate resources. They should apply the same thinking to IT outsourcing, especially offshore.
Latest Archived Broadcast
We talk with Bernard Golden about accelerating application delivery in the cloud.
On-demand Video with Chat
Register for this video discussion to learn how tablets can provide true business usability and productivity.
4/29/2014 - Join Dell and Intel for an interactive discussion about implementing, refining and improving your virtual environment. Specifically we’ll discuss pain points virtualization can solve and those that it can create and how to prevent them.
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
Dell's Efficiency Modeling Tool
The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise.

Read the full report
The State of Enterprise Efficiency in the Virtual Era: Virtualization – Smart Approaches to Maximize Gains
Virtualization is a presence in nearly all enterprise data centers. But not all companies are using it to its best effect. Learn the common characteristics of success, what barriers companies face, and how to get the most from your efforts.

Read the full report
Informed CIO: Dollars & Sense: Virtual Desktop Infrastructure
Cut through the VDI hype and get the full picture -- including ROI and the impact on your Data Center -- to make an informed decision about your virtual desktop infrastructure deployments.

Read the full report
A Video Case Study – Translational Genomics Research Institute
e2 Video

On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments

Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   12 comments

The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   5 comments

TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments

The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments

Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments

IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments

TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments

TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   8 comments

The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments

The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Tom Nolle
The Big Reason to Use Office

3|18|14   |   02:24   |   19 comments

Office and personal productivity tools come in a first-class and coach flavor set, but what makes the difference is primarily little things that most users won't encounter. What's the big issue in using something other than Office, and can you get around it?
E2 Editors
SPONSORED: Mobile Security — A Use Case

3|4|14   |   04:27   |   6 comments

New mobile security solutions can accommodate a wide array of needs, including those of a complex university environment.
Tom Nolle
Killing Net Neutrality Might Save You Money

1|16|14   |   2:13   |   11 comments

The DC Court of Appeals voided most of the Neutrality Order, and whatever it might mean for the Internet overall, it might mean better and cheaper Internet VPNs for businesses.
Tom Nolle
The Internet of Everythinguseful

1|10|14   |   2:18   |   19 comments

We really don't want an "Internet of Everything" but even building an Internet of Everythinguseful means setting some ground rules to insure there's value in the process and that costs and risks are minimized.
Tom Nolle
Maturing Google Chrome

12|30|13   |   2.18   |   25 comments

Google's Chrome OS has a lot of potential value and a lot of recent press, but it still needs something to make it more than a thin client. It needs cloud integration, it needs extended APIs via web services, and it needs to suck it up and support a hard drive.
Sara Peters
No More Cookie-Cutter IT

12|23|13   |   03.58   |   21 comments

Creating the right combination of technology, people, and processes for your IT organization is a lot like baking Christmas cookies.
Sara Peters
Smart Wigs Not a Smart Idea

12|5|13   |   3:01   |   46 comments

Sony is seeking a patent for wigs that contain computing devices.
Tom Nolle
Cloud in the Wild

12|4|13   |   02:23   |   15 comments

On a recent African trip I saw examples of the value of the cloud in developing nations, for educational and community development programs. We could build on this, but not only in developing economies, because these same programs are often under-supported even in first-world countries.
E2 Editors
SPONSORED: Is Malware Evading Your IPS?

11|18|13   |   03:16   |   4 comments

Intrusion prevention software is supposed to detect and block malware intrusions, but clever malware authors can evade your IPS in these five main ways.
Sara Peters
Where Have All the Mentors Gone?

9|27|13   |   3:15   |   38 comments

A good professional mentor can change your life for the better... but where do you find one?
Tom Nolle
SDN Wars & You Could Win

9|17|13   |   2:10   |   5 comments

VMware's debate with Cisco on SDN might finally create a fusion between an SDN view that's all about software and another that's all about network equipment. That would be good for every enterprise considering the cloud and SDN.
Ivan Schneider
The Future of the Smart Watch

9|12|13   |   3:19   |   39 comments

Wearing a bulky, oversized watch is good training for the next phase in wristwatches: the Internet-enabled, connected watch. Why the smartphone-tethered connected watch makes sense, plus Ivan demos an entirely new concept for the "smart watch."
Tom Nolle
Cutting Your Cloud Storage Costs

9|4|13   |   2:06   |   3 comments

Cloud storage costs are determined primarily by the rate at which files are changed and the possibility of concurrent access/update. If you can structure your storage use to optimize these factors you can cut costs, perhaps to zero.
Sara Peters
Do CIOs Need an IT Background?

8|29|13   |   2:11   |   23 comments

Most of the CIOs interviewed in the How to Become a CIO series did not start their careers as IT professionals. So is an IT background essential?
Ivan Schneider
The Internet Loves Birthdays

8|27|13   |   3:25   |   69 comments

The Internet has evolved into a machine for drumming up a chorus of "Happy Birthday" messages, from family, friends, friends of friends who you added on Facebook, random people that you circled on G+, and increasingly, automated bots. Enough already.