social media: a cautionary tale - o'reilly mediaassets.en.oreilly.com/1/event/37/social media_...
TRANSCRIPT
All Contents © 2010 Burton Group. All rights reserved.
Social Media: A Cautionary Tale
Wednesday – May 5, 2010
Michael Gotta Principal Analyst [email protected] mikeg.typepad.com
Alice Wang Director [email protected]
www.burtongroup.com
• Testing • Testing • Testing
2
3000 friends 100 fan pages
50 groups Following 325 Followers 915
Has Own Channel Blogs
Daily
Social tools enable employee self-expression
Benefits of Social Tools
Social tools are often associated with “Enterprise 2.0” and CRM strategies • Benefits expected from social media • Connect people internally and externally (e.g., expertise location) • Build community across different function areas (e.g., best practices) • Improve external relationships and “brand” reputation • Break down organizational barriers and information silos • Promote broader participation in innovation (ideation) efforts • Address generational shifts (e.g., aging workforce) • Meet technology expectations of younger workers • Support strategic talent and learning initiatives
3
Risks of Social Tools
Social tools generally lack management capabilities that help support identity, security, privacy, and compliance needs • Risks associated with social media • Poor support for policy-based management • Inability to support identity assurance needs • Inadequate access controls at granular levels • Privacy concerns (such as racial and diversity profiling) • Compliance demands • E-Discovery and data retention • Data loss prevention • Increase risk due to correlation / social engineering capabilities
5
photo by *smiling pug*: http://www.flickr.com/photos/bugbunnybambam/2171798309
Saying “no” is not the answer
Listen to people
Construct use case scenarios from those
stories
Identify points where risks can be
mitigated
Use Case #1: Social Claims 8
zxcvxvxcccb
[email protected] +1-234-567-9012
+1-234-567-9012
Source: Booz Allen Hamilton
Use Case #1: Social Claims 9
Enterprise Identity HRMS Directory Other Systems-of-Record
Trusted Identity Sources
[email protected] +1-234-567-9012
[email protected] +1-234-567-9012 zxcvxvxcccb
Source: Booz Allen Hamilton
Use Case #1: Social Claims 10
Internal Social Identity Personal Claims
[email protected] +1-234-567-9012
[email protected] +1-234-567-9012 zxcvxvxcccb
Source: Booz Allen Hamilton
A single profile? Multiple profiles? Federated profiles?
Professional Support Group
Outreach Network
Community Of Practice
Internal “Facebook
Site”
Use Case #2: Profile Proliferation 11
Women Returning To Work After Extended
Leave
Professional Exchange of
Best Practices
Diversity Community
Activity streams reveal conversation and community actions
Use Case #3: Over-Sharing 12
Jane Doe: Joined Community: “Women Supporting Women”
John Doe: “Working on a big M&A deal, need to work late tonight… stay tuned!”
Fred Smith: &#%^%$* we just lost the Company ABC account…
Jane Doe: Joined Community: “Diversity Appreciation Community”
Betty Smith: @Bob Jones That patient ID number is 123456789
Bob Jones: @SamJ I’ve changed the access controls so you can get into the workspace
“Women Supporting Women”
“Diversity Appreciation Community”
Automatic posting of community
actions
Activity streams & “Enterprise
Twitter” messages
Use Case #4: Connected Identities 13
External social data can be “plugged into” social network sites, e-mail clients, and other application
contexts Personal Claims
[email protected] +1-234-567-9012
[email protected] +1-234-567-9012 zxcvxvxcccb
Is it me? How much is being shared? Under what controls?
Use Case #4: Connected Identities 14
Unification of an employee’s work and non-work social
structures
“The Work Me”
“The Citizen
Me”
Profile Groups Contacts
Profile Status Message Activities Photos
Profile Following / Followers “Tweets”
Enterprise Identity + Enterprise “Social Identity”
My politics My groups My music My friends
Regulatory policies can define use/non-use of capabilities • Identity (brand
and individual) • Content • Communications • Collaboration • Connections • Applications • Notifications • 3rd parties • Correspondence,
recordkeeping, and supervision requirements
Use Case #5: Oversight: Approved Use 15
Source: http://twitter.com/bofa_help
Use Case #6: Deciphering Relationships 17
HRMS Directory Other Systems-of-Record
Trusted Identity Sources
Role Management Applications
Business Process Management (BPM) Systems Enterprise Portals
Role Sources
Authentication, Authorization, Provisioning, RBAC, etc.
Enterprise Roles
My Roles • IT Architect • SME on “ABC” • Approver for access to “XYZ” • Certified on “123”
[email protected] +1-234-567-9012
[email protected] +1-234-567-9012 zxcvxvxcccb
Social Roles
Use Case #6: Deciphering Relationships 18
“Answer Person” “Wiki Gardener” “Idea Person” “News Filter”
Social Role Attributes
Social Data Aggregation & Correlation
Social Network Analysis
Use Case #6: Deciphering Relationships
Social analytics • Assess, correlate, and visualize relationship structures • Within the enterprise, discovery of latent connections most valuable • Evolution of tool capabilities can discover too much information on
organizational structures, activities, and relationships
19
Source: Telligent
Needs to figure out how to help a
company deal with export / import
regulations in country XYZ
Has dealt with import / export
problems in country XYZ for years in past
job role
Node 8 To Node 10 To Node 14 To Node 15
Members Of Investigation
Unit
Identify Control Points To Mitigate Risks
A mix of strategies and tactics to produce results • People
• Effective policies • Balanced privacy considerations (enterprise and employee) • Adequate training • Visible enforcement • Relevant social feedback
• Process • Assessing social media risks • Handling social information • Delivery social applications
• Technology • Support for access control and entitlement management • Effective monitoring, auditing, and logging
20
Awareness & Management Of Risks
Use Case concerns relevant to identity and security teams • Profiles And Profiling
• Credibility of profile and social claims • Possible bias against employees by co-workers based on race, diversity,
affiliation information made open and transparent via social media tools • Information Security
• Intellectual property, compliance, e-Discovery, monitoring… • Aggregation / correlation capabilities • Data management and data integration (profiles, roles, etc)
• Privacy • Adherence to regulatory statutes, level of employee controls, possible
stalking situations (hostile workplace) • Social Network Analysis
• Makes relationships visible that perhaps should not (“connecting the dots”) • May lead to “befriend / defraud” situations, social engineering
21
Recommendations
Moving forward with social media and social networking efforts • Social media and social networking are strategic initiatives that are
here to stay – saying “no” is not the right approach • A decision-making framework and governance model is an
essential component of any strategy • Policies and procedures need to focus on the human element and
avoid technology as a panacea • Identity and security objectives need to be viewed on the same
level as desires for openness and transparency • IT teams that should be viewed as key stakeholders in social
media and social networking strategies include: • Groups responsible for collaboration and community efforts • Identity management and security groups • Information management and data analysis groups
22
Social Media: A Cautionary Tale
References Collaboration and Content Strategies
• Social Media & FINRA: Twitter and LinkedIn Considerations • Social Media: Identity, Privacy, and Security Considerations • Field Research Study: Social Networking Within the Enterprise • Field Research Study: Getting Started with Enterprise Social Networks • Field Research Study: Addressing Business and Cultural Needs • Field Research Study: Facilitating Social Participation • Field Research Study: Enabling Social Platforms • Field Research Study: Actions To Take
Identity and Privacy Strategies • The Emerging Architecture of Identity Management • Barbarians at the Gate: Identity Proofing and Assurance • Privacy • A Relationship Layer for the Web . . . and for Enterprises, Too
• Blogs • Collaboration and Content Strategies blog (http://ccsblog.burtongroup.com/) • Identity and Privacy Strategies blog http://identityblog.burtongroup.com/
23