1 / 24

The Risks of Social Media: A Cautionary Tale

Explore the benefits and risks of using social media tools in an enterprise setting, including the lack of management capabilities, identity and privacy concerns, and the need for oversight and control.

Download Presentation

The Risks of Social Media: A Cautionary Tale

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Social Media: A Cautionary TaleWednesday – May 5, 2010 Michael Gotta Principal Analyst mgotta@burtongroup.com mikeg.typepad.com Alice Wang Director alice.wang@gartner.com www.burtongroup.com

  2. Testing • Testing • Testing 3000 friends 100 fan pages 50 groups Has Own Channel Blogs Daily Following 325 Followers 915 Social tools enable employee self-expression

  3. Benefits of Social Tools • Social tools are often associated with “Enterprise 2.0” and CRM strategies • Benefits expected from social media • Connect people internally and externally (e.g., expertise location) • Build community across different function areas (e.g., best practices) • Improve external relationships and “brand” reputation • Break down organizational barriers and information silos • Promote broader participation in innovation (ideation) efforts • Address generational shifts (e.g., aging workforce) • Meet technology expectations of younger workers • Support strategic talent and learning initiatives

  4. At times, we want to control what is revealed

  5. Risks of Social Tools • Social tools generally lack management capabilities that help support identity, security, privacy, and compliance needs • Risks associated with social media • Poor support for policy-based management • Inability to support identity assurance needs • Inadequate access controls at granular levels • Privacy concerns (such as racial and diversity profiling) • Compliance demands • E-Discovery and data retention • Data loss prevention • Increase risk due to correlation / social engineering capabilities

  6. Saying “no” is not the answer photo by *smiling pug*: http://www.flickr.com/photos/bugbunnybambam/2171798309

  7. Listen to people Construct use case scenarios from those stories Identify points where risks can be mitigated

  8. Use Case #1: Social Claims +1-234-567-9012 zxcvbcvxvxcccb@bah.com zxcvxvxcccb +1-234-567-9012 zxcvbcvxvxcccb@bah.com Source: Booz Allen Hamilton

  9. Use Case #1: Social Claims Trusted Identity Sources HRMS Directory Other Systems-of-Record +1-234-567-9012 zxcvbcvxvxcccb@bah.com zxcvxvxcccb +1-234-567-9012 zxcvbcvxvxcccb@bah.com Enterprise Identity Source: Booz Allen Hamilton

  10. Use Case #1: Social Claims +1-234-567-9012 zxcvbcvxvxcccb@bah.com zxcvxvxcccb +1-234-567-9012 zxcvbcvxvxcccb@bah.com PersonalClaims Internal Social Identity Source: Booz Allen Hamilton

  11. Use Case #2: Profile Proliferation • A single profile? Multiple profiles? Federated profiles? Women Returning To Work After Extended Leave Employee Profile #2 Employee Profile #3 DiversityCommunity Professional Exchange of Best Practices Employee Profile #4

  12. Use Case #3: Over-Sharing • Activity streams reveal conversation and community actions Employee Profile Jane Doe: Joined Community: “Women Supporting Women” John Doe: “Working on a big M&A deal,need to work late tonight… stay tuned!” Fred Smith: &#%^%$* we just lost the Company ABC account… Jane Doe: Joined Community: “Diversity Appreciation Community” Betty Smith: @Bob Jones That patientID number is 123456789 Bob Jones: @SamJ I’ve changed the access controls so you can get into the workspace “Women Supporting Women” Automatic posting of community actions “Diversity Appreciation Community” Activity streams & “Enterprise Twitter” messages

  13. Use Case #4: Connected Identities +1-234-567-9012 zxcvbcvxvxcccb@bah.com zxcvxvxcccb +1-234-567-9012 zxcvbcvxvxcccb@bah.com External social data can be “plugged into” social network sites, e-mail clients, and other application contexts PersonalClaims

  14. Use Case #4: Connected Identities • Is it me? How much is being shared? Under what controls? Profile Status Message Activities Photos Profile Groups Contacts Profile Following / Followers “Tweets” My politics My groups My music My friends Unification of an employee’s work and non-work social structures Enterprise Identity + Enterprise “Social Identity” “TheCitizenMe” “TheWorkMe”

  15. Use Case #5: Oversight: Approved Use • Regulatory policies can define use/non-use of capabilities • Identity (brand and individual) • Content • Communications • Collaboration • Connections • Applications • Notifications • 3rd parties • Correspondence, recordkeeping, and supervision requirements Source: http://twitter.com/bofa_help

  16. Use Case #5: Oversight: Personal Use • Ad-hoc business use can cause enterprise risk

  17. Use Case #6: Deciphering Relationships Trusted Identity Sources HRMS Directory Other Systems-of-Record Authentication, Authorization, Provisioning, RBAC, etc. Role Sources +1-234-567-9012 zxcvbcvxvxcccb@bah.com Role Management Applications Business ProcessManagement (BPM) Systems Enterprise Portals zxcvxvxcccb +1-234-567-9012 zxcvbcvxvxcccb@bah.com • My Roles • IT Architect • SME on “ABC” • Approver for access to “XYZ” • Certified on “123” Enterprise Roles

  18. Use Case #6: Deciphering Relationships Social Roles “Answer Person” “Wiki Gardener” “Idea Person” “News Filter” Social Role Attributes Social Data Aggregation & Correlation Social Network Analysis

  19. Use Case #6: Deciphering Relationships • Social analytics • Assess, correlate, and visualize relationship structures • Within the enterprise, discovery of latent connections most valuable • Evolution of tool capabilities can discover too much information on organizational structures, activities, and relationships Needs to figure out how to help a company deal with export / import regulations in country XYZ Members Of Investigation Unit Node 8 To Node 10 To Node 14 To Node 15 Has dealt with import / export problems in country XYZ for years in past job role Source: Telligent

  20. Identify Control Points To Mitigate Risks A mix of strategies and tactics to produce results • People • Effective policies • Balanced privacy considerations (enterprise and employee) • Adequate training • Visible enforcement • Relevant social feedback • Process • Assessing social media risks • Handling social information • Delivery social applications • Technology • Support for access control and entitlement management • Effective monitoring, auditing, and logging

  21. Awareness & Management Of Risks • Use Case concerns relevant to identity and security teams • Profiles And Profiling • Credibility of profile and social claims • Possible bias against employees by co-workers based on race, diversity, affiliation information made open and transparent via social media tools • Information Security • Intellectual property, compliance, e-Discovery, monitoring… • Aggregation / correlation capabilities • Data management and data integration (profiles, roles, etc) • Privacy • Adherence to regulatory statutes, level of employee controls, possible stalking situations (hostile workplace) • Social Network Analysis • Makes relationships visible that perhaps should not (“connecting the dots”) • May lead to “befriend / defraud” situations, social engineering

  22. Recommendations • Moving forward with social media and social networking efforts • Social media and social networking are strategic initiatives that are here to stay – saying “no” is not the right approach • A decision-making framework and governance model is an essential component of any strategy • Policies and procedures need to focus on the human element and avoid technology as a panacea • Identity and security objectives need to be viewed on the same level as desires for openness and transparency • IT teams that should be viewed as key stakeholders in social media and social networking strategies include: • Groups responsible for collaboration and community efforts • Identity management and security groups • Information management and data analysis groups

  23. Social Media: A Cautionary Tale • References Collaboration and Content Strategies • Social Media & FINRA: Twitter and LinkedIn Considerations • Social Media: Identity, Privacy, and Security Considerations • Field Research Study: Social Networking Within the Enterprise • Field Research Study: Getting Started with Enterprise Social Networks • Field Research Study: Addressing Business and Cultural Needs • Field Research Study: Facilitating Social Participation • Field Research Study: Enabling Social Platforms • Field Research Study: Actions To Take Identity and Privacy Strategies • The Emerging Architecture of Identity Management • Barbarians at the Gate: Identity Proofing and Assurance • Privacy • A Relationship Layer for the Web . . . and for Enterprises, Too • Blogs • Collaboration and Content Strategies blog (http://ccsblog.burtongroup.com/) • Identity and Privacy Strategies blog http://identityblog.burtongroup.com/

  24. Q&A

More Related