social media: a cautionary tale wednesday – may 5, 2010
DESCRIPTION
Social Media: A Cautionary Tale Wednesday – May 5, 2010. Michael Gotta Principal Analyst [email protected] mikeg.typepad.com Alice Wang Director [email protected] www.burtongroup.com. Testing Testing Testing. 3000 friends 100 fan pages 50 groups. Has Own Channel. - PowerPoint PPT PresentationTRANSCRIPT
All Contents © 2010 Burton Group. All rights reserved.
Social Media: A Cautionary Tale
Wednesday – May 5, 2010
Michael Gotta
Principal Analyst
mikeg.typepad.com
Alice Wang
Director
www.burtongroup.com
• Testing• Testing• Testing
2
3000 friends100 fan pages
50 groups Following 325Followers 915
Has Own Channel Blogs
Daily
Social tools enable employee self-expression
Benefits of Social Tools
Social tools are often associated with “Enterprise 2.0” and CRM strategies
• Benefits expected from social media• Connect people internally and externally (e.g., expertise location)• Build community across different function areas (e.g., best practices)• Improve external relationships and “brand” reputation• Break down organizational barriers and information silos• Promote broader participation in innovation (ideation) efforts• Address generational shifts (e.g., aging workforce)• Meet technology expectations of younger workers• Support strategic talent and learning initiatives
3
At times, we want to control what is revealedAt times, we want to control what is revealed
Risks of Social Tools
Social tools generally lack management capabilities that help support identity, security, privacy, and compliance needs
• Risks associated with social media• Poor support for policy-based management • Inability to support identity assurance needs• Inadequate access controls at granular levels• Privacy concerns (such as racial and diversity profiling)• Compliance demands• E-Discovery and data retention• Data loss prevention• Increase risk due to correlation / social engineering capabilities
5
photo by *smiling pug*: http://www.flickr.com/photos/bugbunnybambam/2171798309photo by *smiling pug*: http://www.flickr.com/photos/bugbunnybambam/2171798309
Saying “no” is not the answerSaying “no” is not the answer
Listen to people
Construct use case scenarios from those
stories
Identify points where risks can be mitigated
Listen to people
Construct use case scenarios from those
stories
Identify points where risks can be mitigated
Use Case #1: Social Claims 8
zxcvxvxcccb
[email protected]+1-234-567-9012
+1-234-567-9012
Source: Booz Allen Hamilton
Use Case #1: Social Claims 9
Enterprise Identity HRMS Directory Other Systems-of-Record
Trusted Identity Sources
[email protected]+1-234-567-9012
[email protected]+1-234-567-9012zxcvxvxcccb
Source: Booz Allen Hamilton
Use Case #1: Social Claims 10
Internal Social IdentityPersonalClaims
[email protected]+1-234-567-9012
[email protected]+1-234-567-9012zxcvxvxcccb
Source: Booz Allen Hamilton
A single profile? Multiple profiles? Federated profiles?
EmployeEmployee Profile e Profile
#4#4
EmployeEmployee Profile e Profile
#3#3
EmployeEmployee Profile e Profile
#2#2
Use Case #2: Profile Proliferation 11
Women Returning To Work After Extended
Leave
ProfessionalExchange of
Best Practices
DiversityCommunity
Activity streams reveal conversation and community actions
EmployeEmployee Profilee Profile
Use Case #3: Over-Sharing 12
Jane Doe: Joined Community: “Women Supporting Women”
John Doe: “Working on a big M&A deal,need to work late tonight… stay tuned!”
Fred Smith: &#%^%$* we just lost the Company ABC account…
Jane Doe: Joined Community: “Diversity Appreciation Community”
Betty Smith: @Bob Jones That patientID number is 123456789
Bob Jones: @SamJ I’ve changed the access controls so you can get into the workspace
“Women Supporting Women”
“Diversity Appreciation Community”
Automatic posting of community
actions
Activity streams & “Enterprise
Twitter” messages
Use Case #4: Connected Identities 13
External social data can be “plugged into” social network sites, e-mail clients, and other
application contextsPersonalClaims
[email protected]+1-234-567-9012
[email protected]+1-234-567-9012zxcvxvxcccb
Is it me? How much is being shared? Under what controls?
Use Case #4: Connected Identities 14
Unification of an employee’s work and non-work social
structures
“TheWorkMe”
“TheCitizen
Me”
ProfileGroupsContacts
ProfileStatus MessageActivitiesPhotos
ProfileFollowing / Followers“Tweets”
Enterprise Identity +Enterprise “Social Identity”
My politicsMy groupsMy musicMy friends
Regulatory policies can define use/non-use of capabilities• Identity (brand
and individual)• Content• Communications• Collaboration• Connections• Applications• Notifications• 3rd parties• Correspondence,
recordkeeping, and supervision requirements
Use Case #5: Oversight: Approved Use 15
Source: http://twitter.com/bofa_help
Ad-hoc business use can cause enterprise risk
Use Case #5: Oversight: Personal Use 16
Use Case #6: Deciphering Relationships 17
HRMS Directory Other Systems-of-Record
Trusted Identity Sources
Role Management Applications
Business ProcessManagement (BPM)Systems
Enterprise Portals
Role Sources
Authentication,Authorization,Provisioning,RBAC, etc.
Enterprise Roles
My Roles• IT Architect• SME on “ABC”• Approver for access to “XYZ”• Certified on “123”
[email protected]+1-234-567-9012
[email protected]+1-234-567-9012zxcvxvxcccb
Social Roles
Use Case #6: Deciphering Relationships 18
“Answer Person” “Wiki Gardener” “Idea Person” “News Filter”
Social Role Attributes
Social Data Aggregation & Correlation
Social Network Analysis
Use Case #6: Deciphering Relationships
Social analytics• Assess, correlate, and visualize relationship structures• Within the enterprise, discovery of latent connections most valuable• Evolution of tool capabilities can discover too much information on
organizational structures, activities, and relationships
19
Source: Telligent
Needs to figure out how to help a
company deal with export / import
regulations in country XYZ
Has dealt with import / export
problems in country XYZ for years in past
job role
Node 8To Node 10To Node 14To Node 15
Members Of Investigation
Unit
Identify Control Points To Mitigate Risks
A mix of strategies and tactics to produce results• People
• Effective policies• Balanced privacy considerations (enterprise and employee)• Adequate training• Visible enforcement• Relevant social feedback
• Process• Assessing social media risks• Handling social information• Delivery social applications
• Technology• Support for access control and entitlement management• Effective monitoring, auditing, and logging
20
Awareness & Management Of Risks
Use Case concerns relevant to identity and security teams
• Profiles And Profiling• Credibility of profile and social claims• Possible bias against employees by co-workers based on race, diversity,
affiliation information made open and transparent via social media tools
• Information Security• Intellectual property, compliance, e-Discovery, monitoring…• Aggregation / correlation capabilities• Data management and data integration (profiles, roles, etc)
• Privacy• Adherence to regulatory statutes, level of employee controls, possible stalking
situations (hostile workplace)
• Social Network Analysis• Makes relationships visible that perhaps should not (“connecting the dots”)• May lead to “befriend / defraud” situations, social engineering
21
Recommendations
Moving forward with social media and social networking efforts
• Social media and social networking are strategic initiatives that are here to stay – saying “no” is not the right approach
• A decision-making framework and governance model is an essential component of any strategy
• Policies and procedures need to focus on the human element and avoid technology as a panacea
• Identity and security objectives need to be viewed on the same level as desires for openness and transparency
• IT teams that should be viewed as key stakeholders in social media and social networking strategies include:
• Groups responsible for collaboration and community efforts • Identity management and security groups• Information management and data analysis groups
22
Social Media: A Cautionary Tale
ReferencesCollaboration and Content Strategies
• Social Media & FINRA: Twitter and LinkedIn Considerations • Social Media: Identity, Privacy, and Security Considerations • Field Research Study: Social Networking Within the Enterprise • Field Research Study: Getting Started with Enterprise Social Networks • Field Research Study: Addressing Business and Cultural Needs • Field Research Study: Facilitating Social Participation • Field Research Study: Enabling Social Platforms • Field Research Study: Actions To Take
Identity and Privacy Strategies• The Emerging Architecture of Identity Management • Barbarians at the Gate: Identity Proofing and Assurance • Privacy • A Relationship Layer for the Web . . . and for Enterprises, Too
•Blogs• Collaboration and Content Strategies blog (http://ccsblog.burtongroup.com/)• Identity and Privacy Strategies blog http://identityblog.burtongroup.com/
23
All Contents © 2010 Burton Group. All rights reserved.
Q&A
24