Given all of the traction with social networking, it is not surprising that the question comes up continually in business conversations- should my business embrace social networking? This is not an easy question to answer and respond to. I will do my best to present both sides of this argument.
First as always, the disclaimer. The opinions and thoughts represented on this blog are mine and do not represent those of my employer.
The value of social networking cannot be understated. In this flat, globalized world today , news and social value is clearly a part of our communicating to our friends, neighbors, colleagues, and our counterparts everywhere. The fact that this blog is part of that fabric should suggest my personal feelings. On the pro side of the equation are the very valuable content that social media initiates. It is important to note that content is in the eye of the beholder. What may be relevant and important content to me, may be of considerably less importance to you. If my blog, for instance, included my personal interests of baseball and diet (for example) the value may decline in terms of why the blog has a value to you as a reader and participant. However, for many, there obviously is an interest in day to day observations and activities. Social networking is now a substantial part of the relationship that people retain, it has value.
The news media represents one of the segments where the value proposition is well defined. Securing news and opinion from all points of view are now challenging mainstream media outlets. The mainstream media has also embraced social networking, so the playing field becomes much narrower. In my opinion, this trend will continue with minimal abatement.
With all of the ubiquitous networking and available content, should your business embrace social media?
Like all positions in lifecycle management, there is no clear right or wrong answers, only conscious and unconscious decisions. Social media falls in this category. The hypothetical approach may be the most useful. If you are a business, and considering social networks, the first quesiton is - what is the purpose? Is it to link manager to manager, manager to employee, employee to employee, customer to employee... the point is that the string may be endless. The social network discussion is much like the BYOC discussion- is this a business or personal application?
If the business owns the PC (as an example) and embraces social networking, who owns the content? What happens if an employee states an opinion (without a disclaimer), someone relies on it, and it proves to be an issue. Who is legally responsible?
What happens if Employee A states something unfavorable about Employee B, and Employee B sues. I am not a lawyer by any stretch of the imagination, but I can certainly see issues in this space.
If a business embraces social networking, are we enabling the technology and the related dialog that will naturally accompany it, and therefore are we somehow responsible? Clearly with social networking in a business environment, there needs to be training and criteria to be certain. Even with such rigorous training, is liability mitigated? I don't know.
For me, it always goes back to the basic dialog that we have in business- what is the benefit to the business itself. To count, the benefits need to be measureable and quantifiable, otherwise it will remain subjective. Depending upon your business and the industry that you are in, the risk for intellectual property, consumer information, and other liability needs to be a consideration in adopting social networking in your business. Once this line of communication is opened, it will prove to be a challenge to revert back if there are issues.
Interestingly, the core issue is one that we in IT have been challenged for years- are these business PC's or personal PC's. Social networking is a cross over issue, everyone is using it and directly or indirectly your business will be impacted. Whether someone enters a posting during business hours, reading or creating content, texting, or multi-tasking we need a governance model and guidelines to deal with this. Ignoring social networking is not a plan. As I have stated before, not fully in jest, is that if we in IT do not provide a plan , the end users will provide one for us that we will have to support.
I would be as always interested in your perspectives.
By the way, I am glad baseball season has started (go Red Sox) and I just ate a sausage pizza for dinner.
I have seen a trend in the field where the concept of employees using their own PC's at work, based upon a set of corporate standards has become under consideration. The concept is BYOC (Bring Your Own PC) . The recession and resulting tight economics have likely brought this concept to the forefront. As I have mentioned in all of my previous postings, there are no right or wrong answers in client lifecycle management, only conscious and unconscious decisions,and that is true in this case. However, in this case I admit I have a stronger opinion regarding this point than other topics we have discussed, so I will do my best to be even handed in this dialog, by presenting as many sides to the positions as I can.
I need to point out as always that the opinions expressed on this blog are mine and mine alone, they do not represent the opinions of my employer.
Many highly respected and well known businesses are comtemplating , implementing or otherwise considering BYOC. Among the arguments positioned is that end users would receive a stipend and could literally buy any thing from a defined configurations or standards list vetted by the business. A stipend or other method of benefit would acrue to the employee. The employee is then responsible for all non- business licensing and usage. The flexibility and benefits allow the end users to have much latitude in make, model, aging, and brand among other decisions.The idea is to empower the end users, which would result in increased usage and a lower cost.
On the surface, the idea seems sound and well thought out. Supporters of BYOC frequently point out that higher education has had this approach for quite a while with very few problems and issues raised.
As a future stated direction, I think that BYOC will be one of the approaches to be taken in many industries. However, my opinion (and I emphasize my opinion) is that given where client technology is today and the challenges and issues which exist to separate business persona from personal persona, my perception is that there is so much risk associated with the approach as defined today, that the rationale may be flawed. I continue to believe that businesses who are considering the approach have a particular perspective - that BYOC at the end of the day will cost less than the existing IT infrastructure. The fact that BYOC has risen into prominant discussion in the midst of the recession perhaps is a clue.
Business may believe that passing the acquisition to the end user may permit an exit from the managing of the diverse supplier base. Moreover, we all know that there is more and more convergence of consumer and business PC's, so perhaps BYOC will create even more synergy.
The BYOC also reduces noise. End users who are not satisfied with IT or the business decisions in client computing will undoubtedy be pleased with BYOC, and usually those who are not satisfied are far more vocal than those who are satisfied.
Being a lifecycle practitioner, my focus is not on the PC itself, but the environment that the device resides in, and because of this, it seems to me that the focus of BYOC may be on the device itself and not to reduce cost or complexity (let alone transform a corporation into an institution of high education). Cynical comments aside, let's look at the associated business practices.
It would seem that if a business is virtualized in its application suite and the desktop or laptop is appropriately secured so that unintended printing and USB memory can be managed, then BYOC could work and likely work well. Leveraging a net book could accomplish the security aspect equally well.
Short of the above, how can the corporation avoid being fully responsible for the device. Let's look at security, software, and disposal as examples. I could provide deeper examples, but being a blog we are limited to highlights, but if the demand is there from your comments, I may continue research to develop a more formal white paper on this subject.
Security, BYOC would suggest that a business be very high at the practice level on hardware asset management. Regardless of who owns the device, the discussion is about the access to corporate information and the PC is the key to the access. Knowing who has that responsibility ultimately will clarify the issue- IT does. If the end user leaves the PC on at home, as an example, friends and family may well have a level of access if the device remains on or if printed material is on a table or desk. Security also implies that access is contolled and manageable. In certain highly regulated industries such as health care, financial services, or pharmaceutical it would seem on the surface that security would be a primary concern in BYOC.
Software on BYOC co-mingles business applications with personal applications. From the business side the argument is " We only pay for the business application". This implies that the tools exists for a business to check each PC to determine that all are in compliance. What if personal applications are on the device, and employees acquire non-sanctioned software that creates driver issues with existing applications, or introduces viruses or other malware. More importantly, if personal applications are used in the business arena, approved verbally by management or acquired through a P card or other permission with Active Directory, as an example, then the business just signed up for more risk and responsibility not less.
From a disposition viewpoint, once BYOC happens , we do care about how employees dispose of their devices and cleanse their machines. There may be a belief that liability has been passed on to the employee from the business, but that does not seem likely. What information may be on this quasi-business ans quasi -personal device should revert back to the business. The business is the enabler.
Lastly, without really going into the weeds with detail, is the following closing point, if the BYOC PC has any consumer information (even emails that could relate to customers), intellectual property, or even social networking software that can discuss a wide range of topics as we all know, I would care as a customer of a business who adopts BYOC to disclose the strategy (as many have publicly) since I could then make a decision if I am comfortable with that governance model to protect my identity, consumer information, and commentary. Having the end user stewardship be the front line of defense for consumer information protection may not be the best governance case.
You would think by reading this blog that I am not supportive , truth is I am supportive, in the right circumstances with the right governance and controls. Innovation in this area will likely change my opinion in the short term given the rapid pace of innovation cycles, but now it would seem that virtualizing and net books hold the best promise in this area with the right level of managebility.