Security and Compliance
Guest post by IDC Group Vice President Michael Fauscette…
The biggest concerns when talking to CIO’s and executives about enterprise social networks (ESN) are around security, intellectual property (IP) protection and compliance. Not surprising of course, with openness, transparency and collaboration comes a lot of responsibility to protect the companies competitive advantage and to stay inside the law. There’s always risk to a company’s IP, security and compliance but with social tools there is at least the perception, if not the reality, of increased risk. So what should IT organizations consider when deploying ESN’s and other social tools?
The first consideration is really the tool itself. Enterprise ready tools, not public social networks and social media sites, are essential for scalability and for having the capabilities to provide the necessary security and compliance features and functions. Tools built for enterprise deployment should include:
- Secure user access including LDAP directory integration, single sign-on, and two-factor authentication
- Support VPN access
- HTTPS connections for secure communications
- The ability to securely connect to public social sites with granular control over what is shared and what is protected
- Supports configurable data discovery and retention policies to meet corporate compliance and other regulatory requirements
- Support open standards like OpenSocial, OAuth, OpenID and REST API’s
In addition to providing enterprise class social tools it’s essential to establish clear policies for the use of both corporate provided ESN’s and also for the use of public social networks and social media. As a part of IP protection efforts be clear in the corporate policy what information can be shared where and what information should be protected. Having a formal policy and training employees on the policy sends a clear message and establishes what is and is not acceptable behavior. The policy should include:
- How and when employees can use external social media and social networks sites.
- Define the official company public social presence and how employees can interact with it
- Define how employees can represent the company brand
- Define acceptable behavior (how to interact, respect, adding value, dealing with conflict) on the ESN and public social networks
- Define types of company information and the limitations on what can and can not be shared and with whom
- Clearly define topics that need to be handled by specific departments like PR or legal.
Choosing the right social tools, with the right features to handle your specific compliance, security and IP protection requirements, backed up with a simple, clear set of employee policies and guidelines, goes a long way to meeting business needs while mitigating corporate risk. Striking the balance between protection and business needs is essential, ignoring or worse, trying to eliminate the use of social tools, both enterprise and public, is not a reasonable approach. Today’s mobile and empowered employees will ignore and work around your restrictions if they believe it’s important enough for the business. Consciously choosing to embrace social tools in an intelligent and open way goes a long way toward managing any corporate risks.
Michael Fauscette leads IDC’s Software Business Solutions Group, which encompasses research and consulting in enterprise software applications including ERP, SCM, CRM, PLM, collaboration and social applications, software partner and alliance ecosystems, open source software, software vendor business models, SaaS and cloud computing, and software pricing and licensing. He also provides thought leadership in the area of social applications and the transition to the social business.
Prior to joining IDC Mr. Fauscette held senior consulting and services roles with seven software vendors including Autodesk, Inc., PeopleSoft, Inc. and MRO, Inc. Mr. Fauscette graduated with special honors from Jacksonville State University with a BA in Sociology and History and with honors from Widener University with a MS in Business.
Follow Mike Fauscette on Twitter.