Securing Social Business for Compliant Collaboration

I'm at the massive Enteprise 2.0 Conference in Boston over the next two days.  This post is my notes from Sarah Carter's presentation on “Securing Social Business for Compliant Collaboration.”

She’s a British former taxi driver and provided an all-too brief (due to time limitations) and funny (!) overview of compliance issues related to social business tools.

Actiance has 260 employees and 3 U.S. offices. 

Technology is the easy part of social.  They work with 9 of 10 top US Banks, also IBM, Cisco, Jive.

Organizations have much more complicated communications channels.  They are using email, webex, unified communications; users bring in IM, BitTorrent, public social platforms. 

Enabling an enterprise social platform requires consideration of other communication platforms.

Social media has four key areas of risk:

1)      Data Leakage.  Sharing things such as personally identifiable information, the next board meeting minutes. 

2)      Inbound Threats.  We trust the people we’re connected to, but shouldn’t always trust the content from trusted sources.  Spoofing of LinkedIn and Facebook requests is rising.

3)      Compliance & eDiscovery.  Social is just another form of electronic communications.  If you’re recording customer compliance on email, you need to do the same on social channels.  10,000 US laws and regulation address electronic communications.

4)      User Behavior.  Are users using the bandwidth the enterprise need to pull down YouTube videos and the like?  Should people be sharing vacation plans on Facebook?

What’s Needed In Enterprise Social Solutions?

Compliance;  Monitoring, pre & post-review, archiving. 

Integration:  Social needs to be integrated with content management, marketing, workflow

Convenience:  People will use the most convenient tool.

Relevant:  The tool needs to allow people to find and share the most relevant content.

Requirements for Security & Compliance

1. Technical Components

·         Identity Management—link and understand integrations between different online identies such as Yammer, LinkedIn, Twitter

·         Activity Control / Granular Application Control

·         Ability to turn features on and off

·         Anti-Malware Controls

·         Protect Users from Themselves—Control where people share information

·         Moderation—ability to flag an objectionable comment and so forth

·         Logging/Archiving—Record everything a user said in all channels

·         Export of Data—Need to have data exportable regardless of which channel it was made in

2. Components of Effective Use of Social Business

Give users help with measuring who influences, help people understand when their network wants to have information shared.  She shares information with her British friends at 5 AM Pacific.

Help users focus on those people who are important to you today.