4. Risk Knowledge
Management Management
Control & Secure Collaborate & Innovate
Information Architecture / Sourcing Strategy
BPM Portals Search Visualization
Workflow Websites
Authentication Taxonomy
IRM/ERM Facets Collaboration
ID Contextual Content Social
Network
Extraction Filtering Analytics Computing
Document DRM Tagging &
Management DAM ePublishing Voting
Records Content Community
Management Management COLD Analytics
Email IM Shared Drives html Multimedia DBs …
5. “Enterprise 2.0 platforms, are by their nature more
open, transparent, and visible than
communication channels like email. Most of my
work has stressed the benefits of using these
platforms, but there are also potential
drawbacks…
Perhaps the most obvious of
these goes by the label
‘security.’ It's the fear that
the wrong content will show up
on the platform, and/or that it
will be viewed by the wrong
people.” - Prof. Andrew McAfee
6.
7. “You have to deal with
this. Times have
changed. “
“This is the biggest
unspoken hurdle
companies will face in
this area.”
8. 2 General Findings
• Very few best practices exist
• There is no single “approach” or
perspective
17. Piloting
• Not Universally Used
• Introduction to E2.0 and Security
• Scale and Scope are Critical to Value
• Start in areas where content is not
confidential
18. Automated Tracking &
Reporting
• Not reliable or always permitted
• Can constitute a violation in itself
• Exceptions
•“Having our solution provide abuse reports was a huge
win. These tools make it easier for employees to create
anything, We can see if an employee posts something
inappropriate.”
21. Policy Guidelines
• KISS
• High level
• Formally “informal”
• Allow for interpretation
• Stress individual accountability / ethics
22. Other Words of Advice
• Know how/where your software gathers
personal data
• Understand user concerns
• Bring all parties to the table as early as
possible
• Don’t own the content
• Policy policy policy ... evolve, evolve, evolve
• Remember these concerns are solvable
23. CIO: ...Does the Enterprise 2.0 industry need
to do something to improve security?
McAfee: ... very little, if anything, needs to be
done with it. I ask for horror stories all the time
when I talk to groups, especially compliance or
security-related horror stories. My collection is
empty. People know how to
do their jobs. By this point,
none of these tools are a
week old, so the rules for
using them aren't unclear. ...
24. Jane Doe v. Norwalk
Community College
EFF v US
TEKsystems
Souvalian v. Google
Crispin v. Audigier
25. Risk Knowledge
Management Management
Control & Secure Collaborate & Innovate
Information Architecture / Sourcing Strategy
BPM Portals Search Visualization
Workflow Websites
Authentication Taxonomy
IRM/ERM Facets Collaboration
ID Contextual Content Social
Network
Extraction Filtering Analytics Computing
Document DRM Tagging &
Management DAM ePublishing Voting
Records Content Community
Management Management COLD Analytics
Email IM Shared Drives html Multimedia DBs …
26. “Ask what is the lost potential value if
compliance is strictly enforced.”
“If we do this then what can go wrong? What is
the potential damage if that happens?”
“Our goal was to enable usage of technology to
the highest degree PRACTICAL”
27. “For us the local laws have been trumped by
the greater good of the business.”
“The business models and advantages offered
by E2.0 are compelling and so you have to
work through the risk issues.”
“How we balance the legitimate demand for
appropriate privacy and security against the
need for knowledge exchange to support an
effective and efficient community is the
defining issue of the 21st century.”
29. Let’s Get 2.0
www.informationarchitected.com
Facebook: Information Architected
Text
Twitter: @IAI
cf@informationarchitected.com
Facebook: Carl Frappaolo
Twitter: @carlfrappaolo