I read a lot about Web 2.0/Enterprise 2.0–about how companies need to fully embrace the concept of “openness.” And I agree that Enterprise 2.0 offers companies an innovative way to foster significantly better collaboration. But the truth of the matter is that a lot more control is needed in the business/Enterprise 2.0 world (compared to the consumer/Web 2.0 world) due to the fact that companies have a lot of things they don’t want known or leaked for a lot of different reasons. Basically, finer control is necessary in the business world for all kinds of reasons ranging from you don’t want some employee saying something unflattering about a customer or the possibility of leaking confidential data to the need to eventually “lock down” a final version of a document, etc.
Consider, for example, a buddy of mine who works at a large financial services firm. He was all excited about using wikis and blogs, etc. to support his BPM group–thought it was a perfect fit to foster collaboration among team members as well as an excellent means to gather input from those employees actually affected by proposed changes in processes. But when he tried to do it, he found out that his company has a standing policy against the use of such “bulletin boarding” programs because they are afraid something might get said or some data might get leaked. His company even uses a smart system on the intranet that monitors and blocks users from accessing consumer blogs and social networking sites like MySpace and others.
It’s taken him a while to convince the appropriate people, but they are now just beginning to use blogs and wikis for his group. So, from talking with him and others who are encountering this issue at their companies, here’s some of the ways companies wanting to employ Web2.0/Enterprise 2.0 technologies are handling the matter.
First, some security-minded companies are using software designed for the enterprise that they license and install on the company intranet–as opposed to one of the many hosted Web 2.0 blogs or wikis, etc. that are available. This allows for tighter corporate control of the blog, wiki, etc. and helps avoid the scary idea that information is residing “out there” on some vendor’s server.
They’re also using wikis and blogs to support application development and research (in my buddy’s case, BPM) as opposed to operations. (Although I have read about a financial company using internal blogs in their call center to capture their CSR’s expertise.) They’re also limiting who gets to use it and they have a moderator. Some assign a moderator; others let one develop, as tends to be a case with blogs and wikis. The group(s) involved also tend to hold discussions and come up with lists and rules governing taboo subjects/postings, etc. Although this may somewhat put a damper on “openness”, this appears to be the trade off for using Web 2.0 in the enterprise.
I’m a huge advocate of Enterprise 2.0, and I think that many corporate security concerns are over inflated. Nevertheless, judging from the amount of e-mail I get on the matter–and the folks I’ve been talking with at companies–security is a giant concern with organizations (especially financial firms) wanting to implement these technologies. I also think that this issue has been too glossed over. Consequently, I plan to research the issue of “openness” vs. the need for security with Web/Enterprise 2.0 technologies.
In the meantime I welcome your input on this matter as well as the application of Web2.0/Enterprise 2.0 in general.