Social Democracy with a Guiding Hand

Information Management Online, April 3, 2008

Clive Longbottom

Social networking, in whatever form it finally decides to adopt, is here to stay. Whether you believe in the blog as a means for an individual to publish their undiluted thoughts on a subject or see the blog morphing to becoming something that is more formally reviewed and published, the idea has stuck with us. The idea of a Wiki has also stuck with us – not as another attempt to top Wikipedia, but as a means of bringing together thoughts from a disparate group of people in a meaningful way. Instant messaging has been around for a while now and is the preferred means of communication for many younger workers in companies. VoIP has taken up a noticeable degree of many organizations’ data bandwidth, both at the LAN and WAN levels. Then, we have the external networking sites – the likes of LinkedIn and Plaxo, being replaced in the individual’s favorites by FaceBook and MySpace, which in turn address new entrants on a daily basis.

The stated aim from many vendors in communication and collaboration market, along with the perception from the users has been that technology will make everything far simpler – at least eventually. The problem for the moment seems to be technology is just making things worse. New technologies don’t replace old ones; they just increase the number of possible tools, while increasing the volume and type of information that needs capturing and storing.

For an organization, the issue rapidly becomes how to control the situation. There are two main constituents to this. One is what tools are to be allowed, and the second is around what can be done with the resulting output from such tools?

At the control level, should an organization decide to go it alone, an expensive, overly complex and manual approach will be required. For example, proscription – setting up a company policy that says that no instant messaging (IM) shall be used, that external social networking sites are banned from any level of access and so on - is very easy to do, but almost impossible to police. The majority of today’s social networking systems use a very simple approach to information transport. They use TCP/IP, generally over Port 80. Cutting off access to Port 80 means no one can access the Internet at all – not a very good overall solution. Sites can be blacklisted, but keeping the list up to date is pretty hard if you are going to try to manage it in house.

What happens when access to these nominally defined rogue sites is needed? For example, let’s say that you are a pharmaceutical company. You obviously don’t want your top scientists sharing all the chemical research on the latest drug on these sites, so you blacklist them. But then, a competitor, or a concerned consumer group puts up some information on such sites that could change the direction for the company and its competitors. You’re at a disadvantage, as access to the site can only be carried out by individuals from their private machine. Your competitor’s scientists are already working away at it. Sure, group policies can be set up. But, they need to be maintained and changed rapidly as the need dictates, leaving holes where the unhappy employee can walk through.

Or another example, you’re a financial services company, and a customer has just complained that they have been sold the wrong product. You look at your audit trail and everything was done correctly as far as you can tell. The customer then says that they had an IM session with the sales person during which everything was agreed. You may have a policy that forbids the use of IM, but it has already happened. Unfortunately, the content of the IM session doesn’t show in your audit log – but the fact that the IM session happened possibly does.

There are vendor solutions out there that identify rogue device applications and shut them down, or maintain dynamic blacklists at a granular level. These should be investigated rather than any homegrown approach.

What Else Can Be Done?

Firstly, the correct types of collaborative and social networking tools need to be utilized wherever possible. When it comes to IM, don’t just go for publically available, consumer focused systems. Take a solid enterprise back end system from the likes of Microsoft or IBM/Lotus. These can support the main consumer clients in areas such as IM, while providing tracking, content management and audit of content of blogs and wikis. Other systems, such as Witness Systems, can record the voice output from voice over internet protocol (VoIP) and standard telephone calls. Each also provides integration into existing applications and full logging of the content of sessions, so that an audit trail can show exactly what happened during any transaction.

Page 1 of 2.