Given all of the traction with social networking, it is not surprising that the question comes up continually in business conversations- should my business embrace social networking? This is not an easy question to answer and respond to. I will do my best to present both sides of this argument.
First as always, the disclaimer. The opinions and thoughts represented on this blog are mine and do not represent those of my employer.
The value of social networking cannot be understated. In this flat, globalized world today , news and social value is clearly a part of our communicating to our friends, neighbors, colleagues, and our counterparts everywhere. The fact that this blog is part of that fabric should suggest my personal feelings. On the pro side of the equation are the very valuable content that social media initiates. It is important to note that content is in the eye of the beholder. What may be relevant and important content to me, may be of considerably less importance to you. If my blog, for instance, included my personal interests of baseball and diet (for example) the value may decline in terms of why the blog has a value to you as a reader and participant. However, for many, there obviously is an interest in day to day observations and activities. Social networking is now a substantial part of the relationship that people retain, it has value.
The news media represents one of the segments where the value proposition is well defined. Securing news and opinion from all points of view are now challenging mainstream media outlets. The mainstream media has also embraced social networking, so the playing field becomes much narrower. In my opinion, this trend will continue with minimal abatement.
With all of the ubiquitous networking and available content, should your business embrace social media?
Like all positions in lifecycle management, there is no clear right or wrong answers, only conscious and unconscious decisions. Social media falls in this category. The hypothetical approach may be the most useful. If you are a business, and considering social networks, the first quesiton is - what is the purpose? Is it to link manager to manager, manager to employee, employee to employee, customer to employee... the point is that the string may be endless. The social network discussion is much like the BYOC discussion- is this a business or personal application?
If the business owns the PC (as an example) and embraces social networking, who owns the content? What happens if an employee states an opinion (without a disclaimer), someone relies on it, and it proves to be an issue. Who is legally responsible?
What happens if Employee A states something unfavorable about Employee B, and Employee B sues. I am not a lawyer by any stretch of the imagination, but I can certainly see issues in this space.
If a business embraces social networking, are we enabling the technology and the related dialog that will naturally accompany it, and therefore are we somehow responsible? Clearly with social networking in a business environment, there needs to be training and criteria to be certain. Even with such rigorous training, is liability mitigated? I don't know.
For me, it always goes back to the basic dialog that we have in business- what is the benefit to the business itself. To count, the benefits need to be measureable and quantifiable, otherwise it will remain subjective. Depending upon your business and the industry that you are in, the risk for intellectual property, consumer information, and other liability needs to be a consideration in adopting social networking in your business. Once this line of communication is opened, it will prove to be a challenge to revert back if there are issues.
Interestingly, the core issue is one that we in IT have been challenged for years- are these business PC's or personal PC's. Social networking is a cross over issue, everyone is using it and directly or indirectly your business will be impacted. Whether someone enters a posting during business hours, reading or creating content, texting, or multi-tasking we need a governance model and guidelines to deal with this. Ignoring social networking is not a plan. As I have stated before, not fully in jest, is that if we in IT do not provide a plan , the end users will provide one for us that we will have to support.
I would be as always interested in your perspectives.
By the way, I am glad baseball season has started (go Red Sox) and I just ate a sausage pizza for dinner.
As the technology refresh cycle begins in earnest combined with W7 and new chip architecture, one of the questions your business may be asking is - what PC security counter measures are reasonable? Does the current business enviornment dictate more agressive counter measures, or is it business as usual?
As always the opinions expressed in my blog are mine and mine alone and does not represent that of my employer.
In previous interations of the PC refresh cycle, it has always been a challenge to quantify risk associated with securing the desktops and laptops. I would be very interested in hearing your thoughts on this topic.
My opinion is that for the most part the industry has not been aggressive enough in this area of concern. In my research for my book, I suggested that all mobility devices regardless of age be encrypted. Further, it was suggested that dual level authentication and potentially a "Lojak" type of solution makes sense for end user segments. With the desktop form factor becoming smaller each refresh, it seems to me that similar considerations should now be given to desktops as well.
Recent legistlation would seem to suggest that the rules and privacy acts are becoming more aggressive in their construct, and soon enforcement (in my opinion) will likely follow.
And yet, despite of all of the signals of concern, there remains, I think, a level of inertia. Part of it is a belief that risk is acceptable until it occurs (the Risk Cycle). Perhaps another is that we in IT and the business have not quantified the business case to the point where our management can see the impact of readiness. Cost as it relates to PC security should no longer be an issue , although I continue to see it every day. Now that we are in the holiday season, we should see the "blip" in identity theft and sceurity. It has always been there, but is frequently more accentuated in the holidays when more of us use on line or credit/debit cards.
If there is a breach, the cost impact is not that difficult to calculate (if you Google or Bing the topic you will see some really detailed anaysis). The cost of credit reports to those involved for 12 to 18 months may well justify the cost of the counter measures. More importantly is the loss of goodwill. While that may seem to be intangible, I believe that this factor alone can be measured in terms of loss revenue and / or continuity of customers. Once lost, it may take years to re-engage with those who might be impacted.
In one of my previous blogs, I cited part of the W7 rationale and the Intel chipsets referencing that older technology is simply more vulnerable. XP is 8 years old, and many businesses in the refresh cycle extended the useful life of the PC's to the point where the counter measures may be vulnerable.
The counterpoint argues that the network firewall and the PC embedded with some level of third party software is adequate.
Many businesses are citing security issues ,at the PC level, as one of the key decision points in virtualization projects, but yet, ignoring potential remediation of the remaining or existing installed base.
The issue, I believe, however, is not one of adequacy. If there is an area to over invest, it is likely in the area of PC security in client lifecycle management. We all know and acknowledge that retaining our existing relationships and achieving a continuance of high customer satisfaction is likely less costly that securing new market share overall. Keeping what you have may be a true challenge if there is a security issue involved because at the end of the day- that is about trust a cornerstone of a relationship.
This refresh cycle will likely highlight this issue since there are a number of conscious and unconscious decisions to be made.