social media & governance
DESCRIPTION
Organizations want to improve collaboration and innovation, but also ensure regulatory compliance and control. AIIMs research suggests that a majority of organizations recognize Enterprise 2.0 as critical to the success of their business goals and objectives, but an increasing amount of regulations also require good control and security. This presentation summarize AIIM's Enterprise 2.0 research from all perspectives including technology, business drivers and market dynamics, but will also the necessary link between ECM and Enterprise 2.0.TRANSCRIPT
Enterprise 2.0 - Required governance when using social
software
Atle SkjekkelandVice President, AIIM
Q1 2008, 441 respondents
2
www.aiim.org/research
Q2 2009, 789 respondents
AIIM Certificate Programs
3aiim.org/training
Objectives› Defining ECM and Enterprise 2.0› Why Enterprise 2.0?› Business drivers for ECM and Enterprise 2.0› E2.0 technology compliments and alternatives› Adoption of Enterprise 2.0› Governance and control
6
Defining Enterprise 2.0
7© AIIM | All rights reserved
Technology that enables people to collaborate and/or form online communities
The application of Web 2.0 to the enterprise A new set of technologies, models and methods used to develop
and deliver business software The next generation of knowledge management The ability to snap together software services to enable business
agility The next generation of collaboration The democratization of information and content-centric systems The use of emergent social software platforms within companies,
or between companies and their partners or customers A user-centric approach to working with enterprise-focused
content systems The next generation of enterprise content management (ECM) Exposing the collective wisdom of a networked workforce,
partner and customer base Leveraging metatags to tap into collective wisdom
Re-Defining Enterprise 2.0
AIIM› Enterprise 2.0 is a system of web-based
technologies that provide rapid and agile collaboration, information sharing, emergence and integration capabilities in the extended enterprise”
Andrew McAfee, MIT› Enterprise 2.0 is the use of emergent social
software platforms by organizations in pursuit of their goals
8
What is ECM?
AIIM› The strategies, methods and tools used to
capture, store, manage, preserve, and deliver content in support of business processes
Gartner› “Umbrella” term for collection of CM technologies
› Document Management / Imaging› Electronic Records Management› Workflow› Document-Centric Collaboration› Web Content Management
Objectives› Defining ECM and Enterprise 2.0› Why Enterprise 2.0?› Business drivers for ECM and Enterprise 2.0› E2.0 technology compliments and alternatives› Adoption of Enterprise 2.0› Governance and control
IsolatedFully Engaged
Islands of Me One-way Me Team Me Proactive Me Two-way Me Islands of We Extended Me
1.0
1.5
2.0
Evolution of Federal Technology
The New Administration
Internal
Objectives› Defining ECM and Enterprise 2.0› Why Enterprise 2.0?› Business drivers for ECM and Enterprise 2.0› E2.0 technology compliments and alternatives› Adoption of Enterprise 2.0› Governance and control
ECM is often about content control
Compliance = legal requirements + industry standards + organisational policies and guidelines, and more...› Finding and retrieving information on demand› Controlling access and confidentiality› Monitoring and reporting for enforcement› Comprehensive auditing› Secure retention and destruction
Source: Ovum
When you consider document and records management technologies, what is the most significant business driver ?
All respondents (476)
Which THREE of the following benefits would most likely justify a spend on collaboration tools within your organization?
Knowledge sharing
Efficiency
Timelines
Travel costs
10+ employees (656)
In your view, how critical is Enterprise 2.0 to your organization’s overall business goals and success?
Importance of Enterprise 2.0
10+ employees (656)
54% of organisations
considerEnterprise 2.0to be important
Cf: 44% in 2008
Which THREE of the following would you say are the key drivers for Enterprise 2.0 in your organisation?
Knowledge share
Collaboration
Responsiveness
10+ employees (656)
Which group is the PRIMARY driver of Enterprise 2.0 in your organization?
Driven from bottom up not
top down
10+ employees (656)
Objectives› Defining ECM and Enterprise 2.0› Why Enterprise 2.0?› Business drivers for ECM and Enterprise 2.0› E2.0 technology compliments and alternatives› Adoption of Enterprise 2.0› Governance and control
Source: Dion Hinchliffe, ZDNethttp://blogs.zdnet.com/Hinchcliffe/?p=143
Overview of 1.0 Technologies & FLATNESSES
Directly ProvidesPartially ProvidesDoes Not Provide
Overview of 1.5 Technologies & FLATNESSES
29© AIIM | All rights reserved
Directly ProvidesPartially ProvidesDoes Not Provide
Overview of 2.0 Technologies & FLATNESSES
Directly ProvidesPartially ProvidesDoes Not Provide
The Integrated Value• Why do I need non-
Enterprise 2.0 Technologies?– Consider that the
creation of Wikis has caused a resurgence in chat rooms and e-mail based alerts
Directly ProvidesPartially ProvidesDoes Not Provide
Positioning Technology Alternatives To Business Needs
32
Directly Provides
Partially Provides
Does Not Provide
Objectives› Defining ECM and Enterprise 2.0› Why Enterprise 2.0?› Business drivers for ECM and Enterprise 2.0› E2.0 technology compliments and alternatives› Adoption of Enterprise 2.0› Governance and control
33
Which THREE of the following document collaboration tools would you say are the most used by your team or within your business unit?
Most of us are still playing
email ping-pong
10+ employees (656)
What is the current level of involvement with the following Enterprise 2.0 technologies in your organization?
50% have committed to main E 2.0
technologies
10+ employees (656)
How would you describe the understanding of Enterprise 2.0 in your organization?
All respondents (785)
25% of organisations
are doing something about
it
up from 13%
Objectives› Defining ECM and Enterprise 2.0› Why Enterprise 2.0?› Business drivers for ECM and Enterprise 2.0› E2.0 technology compliments and alternatives› Adoption of Enterprise 2.0› Governance and control
37
Operations and regulatory environment
› Every organization operates within its society and sector
› The three key factors that determine the regulatory environment are:› Geography› Industry or sector› Nature of operation
For each type of content, evaluate the degree of control that exists in your organization in managing it.
Does your organization have a specific policy or guidance on the USAGE and/or CONTENT of the following technologies?
70% have no policies on Web 2.0 or Enterprise
2.0
– although 45% limit access
10+ employees (656)
Emails - recorded, complete, and retrievable
› 34% of organizations never delete emails, 31% have no policy, 8% delete when running out of storage space, 27% delete after 1- 24 months
› Some 45% of organizations do not have a policy on Outlook “Archive settings” so most users will likely create .pst archive files on local drives.
› 33% of organizations have no policy to deal with legal discovery, 40% would likely have to search back-up tapes, and 23% feel they would have gaps from deleted emails.
› 18% had been exposed to a legal challenge in the last 12 months and a further 15% in the last 3 years – a one-in-three chance.
Which of the following best describes your organization’s policy as regards PUBLIC-FACING Blogs and Forums?
47% discourage staff from public
blogs
- although 13% have official
CEO or Marketing blogs
10+ employees (656)
Which of the following apply as regards internal STAFF-FACING Blogs?
57% take an encouraging attitude to
internal blogs
10+ employees (656)
No single security answer
› The needs of departments, regions, partners, customers, etc. will have their own unique security needs – requiring that your ECM architecture support a variety of changing circumstances
WebIM
Meta Data Management
Records Management
Shared Drives
E-mail Data
ID Extraction
Enterprise Digital Rights Mgmt
BPM/
Workflow
Digital Asset Management
ContextualFiltering
Authentication
Portal/Web
Content Analytics
Search
Taxonomy/Facets
Document
Management
Visualization
Collaboration
Social Network Analysis
Content Management
Information Architecture
Multimedia
How important is it (or would it be) to you that your ECM suite offers a full range of Enterprise 2.0 capabilities?
40% want to see it as part of their
ECM suite
10+ employees (656)
UsersUsers
Information Governance Framework
AdminAdminSpecialist- Security- Web
ExploitExploitBusiness & IM
Own Own CIO IT, RM
Not all separate roles – may be combined or delegated
Information Governance
1. Prevent
• Risk assessments
• Training
• Policies & procedures
• Executive commitment
2. Detect
• Audit
• Ombudsman
• Monitoring
3. Respond
• Investigation
• Communication
• Improvements
• Employee discipline
ECM 'Best Practices'
Examples:• Team-working across Functions• Re-using, not re-inventing• Proactive sharing of knowledge
Su
pport
ECM Procedures
Examples:• Procedure for requesting a new
Team Site
• Procedure for declaring a recordto the ECM Repository
ECM Rules
Examples:• Information must be stored in the
appropriate location• Information with corporate value
is stored to the ECM Repository
Drive
Drive
ECM Principles
Examples:• Duty to Share• Information as a Corporate
Resource• Collaborative Working
Em
bodie
din
› Spear Phishing is an attack targeting a specific user or group of users, and attempts to deceive the user into performing an action that launches an attack, such as opening a document or clicking a link
› The second concern regarding social media use by federal employees is Social Engineering, which relies on exploiting the human element of trust
› Advances in web application technologies allow attackers to use new techniques against social media websites not previously possible in email.
› Policy Control› The safe use of social media is fundamentally a behavioral
issue, not a technology issue.
› Acquisition Controls › Ensure some level of risk management, mitigation, and
acceptance of residual risk.
› Training Controls› Provide periodic awareness and training of policy, guidance,
and best practices
› Network Controls› Use technologies to secure a department’s infrastructure
› Host Controls › Just as important to securing the network is securing the
host.
The Air Force’s Rules of Engagement for Blogging
Conclusion?
How important is…› Knowledge capture and sharing?› Open innovation?› Collective Intelligence?› Expertise location?› Control?
Get educated in ECM and Enterprise 2.0!
58aiim.org/training
Thank You!
Atle Skjekkeland
Vice President
AIIM
Email: [email protected]
Twitter: Skjekkeland
Don't get left behind, - join the AIIM community of experts by becoming an AIIM Practitioner, Specialist or Master.