Information leaks on social networks : that’s not the problem

January 27, 2012 By Leave a Comment

Summary : businesses see social networks as possible channels for information leaks caused by negligence. What is right. But their retort, that is mainly technological, does not solve anything because social networks are only one of the many channels that can make risks become true, not the cause of the risk. As a matter of fact the largest social network in the world is the street. If a global approach through awareness and accountability will help to deal with the whole risk, solutions that are being currently implemented are only window-dressing regarding to the many channels information can use to leak. Human issues can’t be solved by technology only and firewalls will never replace trust.

It’s obvious that information leaks is a sensitive point for businesses and the risk of employees being negligent on social networks has to be taken seriously. Hence the need for limiting this risk. Most of time the response relies on technology. That solves a part of the problem but is far from being enough.

As a matter of fact, prohibiting any connection to these sites or filtering outgoing information may limit the risk. But such an approach has weaknesses. It only works on corporate devices. At the moment people use their mobile or connect from home the risk is here gain. Making employees aware of the risks caused by their own behaviors is more useful because, in some ways, tools are only the vehicle behaviors use to make information flow. Adopting this approach helps dealing with some of the consequences but none of the causes.

The largest social network is not Facebook or Twitter but…the world, life, the street. And no technology will prevent anyone to do anything there except accountability. The good side of this approach is that, when it’s successful, it works with any device, anytime, anywhere.

We all have examples to tell. This group of coworkers of Bank xxxxxx having a drink and talking about their employer’s solvency, not being conscious everyone was listening to them. These two executives discussing their secret new corporate strategy at lunch. Everyone around appreciated. This group of employees of YYYYY vacationing together and discussing, around the pool, of lay-off program they were secretly working on. The problem that, even if they were on the middle of the Indian Ocean there were lots of french people in the hotel. One more thing. I would like to thank the sales rep of ZZZZ that were discussing their plan to sign with a customer in the plane….since I was meeting the same client a couple of years later my colleagues and I make the best possible use of it. I also think about all the people that can’t prevent from working in trains or planes, making it easy for anyone to see what’s on their beautiful HD screen.

Of course such things never happen. I’m even sure that in the above mentioned companies, social networks are filtered or blocked. Human issues won’t be solved by technology and firewalls will never replace trust.

 

 

Filed Under: Software & Tools, Web & Usages Tagged With: , , , , , ,

And the best enterprise social network platform on the market is…

November 5, 2010 By Leave a Comment

Summary : at a given moment in any enterprise 2.0 project, a choice has to be made about the tools that will be used. And,, the “specialist” is often asked the same question : “Tell me what’s the best tool on the market”. That’s a tough question regarding to the number of parameters to take into account and, in fact, there’s no “best tool on the market” but rather “tools that fit the most a given context. However, with hindsight and as organization’s maturity is increasing, the criterias that are used to define such a tool are evolving. For a perenial, scalable and coherent project that will avoid the “social bubble syndrome, I came to the conclusion that businesses should  qualify an environment and application services rather than an application as such.

I can’t remember how many times I was asked what social platform to chose, what was the “best one” in my opinion. That’s a question I’ve never been able to answer.

First, because it’s impossible to suggest a tool regardless to its purpose. Do you want a tool to screw or hammer ? Both a hammer and a screwdriver are excellent tools to do DIY but if the objective is not known there’s a real risk of suggesting to buy a hammer while there’s a screw issue.

Then, because many factors hav to be taken into account. Its functional richness, its ergonomy (very subjective), how easy it is to implement it quickly, the need or aversion for Saas, its ability to integrate with existing tools, its coherence with the prevailing technologies in the organization…not mentionning a lot of factors that may sound surprising but may be essential in a given context. Depending on the need, each of these points will weight differently what will lead the organization to make a choice that will be theirs.

Last, because it will always be a matter of compromise rather than a matter of choice. Anyone who have ever tried to conduct an exhaustive researche on social tools or, like me, has to know and work with a lot of platforms will tell you the same thing : there’s no perfect tool on the market and even if some are marking themselves out, a given need will make us chose a tool that we would never have considered as a possible first choice before. Even worse : by dint of trying more and more platforms, we are often disappointed with the one that’s chosen, whatever its name is. Everyting being a matter of compromise, we chose the one that is 70%, 80%, 90% like the “ideal tool” as we could dream it but does not exist. And we spend our time saying “xxx software does it better”…knowing that if we have chosen xxx software we would have regreted something from yyyy soft that was the other option.

What’s wrong with compromises is that, by chosing something that averagely meets all the needs, you can end with something that specifically meet no need at all and see all business departments launch pirate projects and go to find an alternative platform for their own needs.

So my answer used to be “try to fing the tools that fits your needs the best and avoid tools that are so neutral that despite they won’t raise any issue they won’t solve anything either”. And once done “learn to love what you have since you can’t have what you love”. Far from being satisfying.

I don’t even mention the cases when businesses have to chose two tools because any couldn’t do the job alone.

Now I’ve refined my criterias. [Read more...]

Filed Under: Enterprise 2.0 & Social Business, Management & HR, Software & Tools, Web & Usages Tagged With: , , , , , , ,

Information security is too serious to be entrusted to IT people

September 24, 2010 By Leave a Comment

Summary : I recently read a survey about the dangerosity of social networks regarding to information leak, relying on the observation of a representative group of people. That’s a hasity concusion : it only proves that information security is not only a matter of technology but of usages, behaviors, a dimension that IT departements still barely master because they consider the issue from a technological standpoint. As an evidence, it seems that IT people are those who are the most likely to have dangerous behaviors, maybe because they only consider the technological side of the problem and overlook the behavioral one.

Recently I found a study about the dangerosity of some tools considering information leak. It says that email is the first cause of leaks (but is it a surprise) and that social networks are becoming a growing cause of such issues, what is not surprising because as they’re becoming more and more popular the risk is growing proportionally.

When I’m asked my opinion, my answer is always the same : no tool is dangerous by itself. It’s usage can be. Said differently : an irresponsible person is dangerous with any communication tool, even a homing pigeon. And the best way to fight irresponsibily is education, not interdiction. As a matter of fact when people are prohibited doing something without being educated, they send their time cheating with the system what may cause even more problems.

This study won’t make me change my mind. The way it was conducted is quite interesting :

The study sample group included 2,000 users from all over the world registered on one of the most popular social networks. These users were randomly chosen in order to cover different aspects: sex (1,000 females, 1,000 males), age (the sample ranged from 17 to 65 years with a mean age of 27.3 years), professional affiliation, interests etc. In the first step, the users were only requested to add the unknown test profile as their friend, while in the second step several conversations with randomly selected users aimed to determine what kind of details they would disclose.

The study showed:

  • More than 86 percent of the users who accepted the test-profile’s friend request work in the IT industry, of which 31 percent work in IT Security
  • The most frequent reason for accepting the test profile’s friend request was her “lovely face” (53 percent)
  • After a half an hour conversation, 10 percent disclosed personal sensitive information, such as: address, phone number, mother’s and father’s name, etc – information usually requested as answers to password recovery questions
  • Two hours later, 73 percent siphoned what appears to be confidential information from their workplace, such as future strategies, plans, as well as unreleased technologies/software

Some points to notice.

- some people accept a friend reques from an unknown person. It confirms my assumption. The problem is about people and the way their awareness about this kind of issue has been raised. There are two options. Either they would do exactly the same if they bumped into this nice looking girl in a bar and a full education program has to be implemented across the orgation or the fact they are online makes them lose their common sense and they have to be taught than the web is like real life : don’t follow a stranger.

Let me add that we already have more dangerous tools than social networks : familiy lunches, parties with friends and colleagues have been perfect situations for information leak for ages. I don’t even mention discussions in trains, people you can read their laptop screen when seated next to them etc…

- IT people are even more dangerous than others. Of course because they only see things through a technological point of view and only consider technological responses. A secured tool can be real strainer if people don’t use it well. Non IT people perceive the risk through a behavioral point of view, they analyze the nature of the context and of the relationship and may be more mistrustful.

Conclusion : anything that has to do with information security is not only a matter of technology and IT people may not be the best to handle the whole problem. Security is about technology and behaviors, this second point needing a specific program to be approached.

A last example. What’s better ? An employee who’s aware of dangers and uses Facebook or a non aware employee that can’t use facebook at work but uses it on mobile and at home ? The second is made harmless while he’s in the office but will be dangerous when he’s outside unless he’s educated.

Of course, pushing the “off” buttion is easier than implementing an awareness program. But it doesn’t solve everything.

Filed Under: Management & HR, Software & Tools Tagged With: , , , , , ,

Empowered : the service marketing (and even economy) manifesto

September 1, 2010 By Leave a Comment

I just finished the reading of Empowered, by Josh Bernoff and Ted Schadler, that is in some ways the sequel of Groundswell which was a must read when it was published. To be honest, I have been quite deceived by Groundswell. Of course that’s a lucid, accurate and comprehensive photography of what the web is today and is still worth reading for many execs because there’s still an impressive gap between the usages of the web and how decision makers gets it. But something was missing in the conclusions : businesses must, of course, go on the web and join the groundswell, ok there are identified best practices about than? And so what ? Flirting with internauts is useless if it doesn’t create any kind of value for both the business and the customer.

That’s the new dimension brought by “empowered” : the book goes far beyond the nice discussions on the web to tackle what’s core in business :realigning the whole company with customer satisfaction. Everything starts with one assumption : facing a customer that can talk, compare, and impact the reputation of the company, there’s a need for employees able to fight with the same weapons, to join the customer on his own field. What means : use the same tools as the customer, meet him where he his and take any initiative to meet his expectations. The answer to customer’s needs will result more and for from an individual initiative from an employee, taylored and designed “on demand” that from the general and standardized corporate discours that aims at addressing anything without addressing anyone.

To do so, not only the employee has to want to engage in such a process but also the company must not prevent him from acting this way and, ideally, must provide him with the right tools and policies to achieve a good customer service. Saying that, the issue appears to be about management and IT policied that the book tackles in a pragmatic and lucid way. Some organizations that are comfortable with their good old practices from another century may not be comfortable with that but the arguments are clear and indisputable. That’s not about giving up control and let anybody do anything but facilitating things with a framework that’s secured at both the legal and IT level. Moreover, and that adds to the credibility ot the book, the authors admit that employees may be a danger to themselves and the organization and some risks have to be mitigated. That’s the first fundamental contribution of the book : for once, marketing is not considered as an isolated bubble but as a part of a global chain that involves the whole company and has to be perfectly aligned. The book is full of wise advices, best practices, examples and means to self-evaluate and compare with one’s industry leaders.

Second contribution, that is the logical consequence of the first : the concept of service. Marketing becomes service. Understand : instead of saying “look at how great my product is”, say “How can I help ?”. Of course it applies to people who are already customers to make them stay and spread the word, but it’s also an exemplary attitude towards those who may become customers in the future. In fact some companies already got it. And if I come back to my last dummy case, AirSocial would be a company that empowers its employees, not AirShy. That said, the question of knowing if service is replacing marketing or marketing has to learn service is still open.

Enough reasons to buy a book that, for onces, tackle the customer relationship issue from another standpoint than futile and lovely conversations in isolation.

That said, it makes us wonder about many things. The assumption is that there are HEROs (Highly Empowered and Ressourceful Operatives), or people who want to become HEROs, in organizations, and that they need to be supported by the management, by IT ect.. But it’s obisous than any HERO may need some help from his no-HERO colleagues, those who only want to do their job as they were told to do it, without taking initatives and risk. What to doin this case ? The non written conclusion of “Empower” is that service is not only about customers but that anyone in the company is an internal customer that needs empowered colleagues, and that, in the end, the very notion of collaboration in the workplace may be replaced by service too.

Months ago, John Chambers was talking (among other) about “Everything as a service”. Here we are, and “Empowered” indirectly lays the first brick of the concept of Service Economy. Not the way it’s been thought for decades, but the way it should be.

Get it on the “empowered” micro-site : http://www.forrester.com/empowered

Filed Under: Books I read, Customer Relationship & Marketing, Management & HR, Software & Tools, Web & Usages Tagged With: , , , , , , , , , , , , , , , , , ,

Is Saas the future of your corporate IT ?

September 25, 2009 By 1 Comment

This is one more question that haunts many people’s night. More serioulsy, if it doesn’t make people stay awakened all nights long, it creates debates and brings some confusion that doesn’t help businesses to move forward. As a matter of fact deploying any solution is not that easy when one still have many infrastructure related concerns.

So, let’s try to get cleared idead about what’s going on.

Which debate ?

To make it short,  while companies have been used to host their information system on their own infrastructure are facing the emergence of an alternative solution, called Software as a Service, that makes possible to deliver applications through the internet, using services that are not hosted by its IT dept anymore but by external providers. The debate could be simple (I manage everything by myself vs I let others dealing with the issues and I pay for for service) but there are security and privacy concerns that are not trivial. Concerns that are legitimate even if, sometimes, the answer is simple, in a world where old habits have a very heavy weight.

[Read more...]

Filed Under: Software & Tools, Web & Usages Tagged With: , , , , , , ,

Does enterprise 2.0 threaten your security ?

August 25, 2009 By 1 Comment

Among the many questions businesses have about enterprise 2.0,  this one has an important place. Not because enterprise 2.0 is necessarily dangerous but because any new thing brings a change in a situation that’s supposed to be secured. So the principle of precaution plays its part in organization where risk aversion is more important than anything else.

The purpose here is not to discuss the fact this risk aversion causes (or not) a form of phobia toward any kind of novelty that would be a barrier to any kind of evolution, of improvement. It’s about assessing if enterprise 2.0 brings a new security risk in organizations and, if so, how to deal with it.

What security ?

Security is a legitimate concern that, in fact, has to do with lots of different things to such an extent that when someone broaches this subject it(s hard to really know what he has in mind. With hindsight, businesses have to main concerns about security : the one is about structure security, the other is about information security.

By structural security I mean protection againt attacks toward the IT system itself. By information security I mean concerns about unauthorized information broadcasting or disclosure.

[Read more...]

Filed Under: Enterprise 2.0 & Social Business, Software & Tools, Web & Usages Tagged With: , , , , , , ,

Story of a professional disconnection

March 14, 2009 By Leave a Comment

This little story I’m going to tell you is purely imaginary. It’s neither mine nor anybody’s in particular. But it may become ours, one day.

January 2009 :Back to the office after a few days off. I take five minutes to send my greetings to all my friends. Nothing’s like Facebook to do that. I realize that the access is blocked. It doesn’t matter, I can live without facebook at work. Finally I decide to use email but I take care not to use my corporate email but my personal one, through the webmail.

February  2009 : bad news, linkedIn is blocked too. I have to hire two new people this month…awkward. I think that my colleague Rob, who is a salesperson, will be very angry. There’s no one like him to take the most of a network to pass the more insuperable barriers to get in touch with the right people and close incredible deals. He doesn’t have the best results in the company just by luck. I’m sure he must be in a very bad mood.

March 2009 : I’ve heard that the sparks really flew during the individual evaluation meetings. Robert was accused of dilettantism. That’s true that he had to do all his network things in the evening at home since linkedIn is blocked…so he spent hours waiting for the workday to end. I can understand how frustrated he is. The context is difficult and he feels like his employer is playing against him.
April 2009 : Impossible to find a meeting room on my floor and it’s really starting to get me out of my nerves. I can’t undersand why it started a weeks ago. We are not more that before, the activity is rather decreasing… I have to investigate.

[Read more...]

Filed Under: Management & HR, Misc. Tagged With: , , , , , , ,

Do not mistake tab keeping for stupidness. Responsability is needed on the web

February 8, 2009 By Leave a Comment

In my “web and society” series, I can’t prevent from saying a few words about the tab keeping theory which is put forward by many people as we leave many traces on the web.

Assumption :we leave traces on the web, anyone can use it and not only to help us. We leave traces, the web stores them and it’s dangerous.

I repeat what I’ve already wrote many teams : the web is the world, there are the same people that are not better or worst than in real life and thinking the same social rules may apply is everything but stupid.

Imagine you’re the hero of the following story…

[Read more...]

Filed Under: Society, Web & Usages Tagged With: , , , ,

Can we identify good managers by the way their team uses the net ?

October 1, 2008 By Leave a Comment

A very common discourse within companies is : “our people waste their time on social networks and, more globally, on the web. We have to restrict access to it”.

If, when talking about social networks, it depends on the way people use them, so its important to grant access to what useful for business, I find it very damageable when companies come to restrict access to the whole web.

What are the motives for that ?

First comes security. I think it’s more a convenient motive than a relevant one and is an excuse for the next point I’ll mention. Second, it’s IT depts job to ensure security without blocking everything. Did we remove doors and windows from houses and offices in order to prevent to struggle against burglars ? No, because we need to go outside, to see what’s happening by the window,
The second point is abiut productivity. It’s a waste of time and people are not here to do that during work hours. But what does companies mean by “doing that” ?

[Read more...]

Filed Under: Economy & New Models, Knowledge & Information management, Management & HR Tagged With: , , , , , , , , , , ,