Jul 302007

I read a lot about Web 2.0/Enterprise 2.0–about how companies need to fully embrace the concept of “openness.” And I agree that Enterprise 2.0 offers companies an innovative way to foster significantly better collaboration. But the truth of the matter is that a lot more control is needed in the business/Enterprise 2.0 world (compared to the consumer/Web 2.0 world) due to the fact that companies have a lot of things they don’t want known or leaked for a lot of different reasons. Basically, finer control is necessary in the business world for all kinds of reasons ranging from you don’t want some employee saying something unflattering about a customer or the possibility of leaking confidential data to the need to eventually “lock down” a final version of a document, etc.

Consider, for example, a buddy of mine who works at a large financial services firm. He was all excited about using wikis and blogs, etc. to support his BPM group–thought it was a perfect fit to foster collaboration among team members as well as an excellent means to gather input from those employees actually affected by proposed changes in processes. But when he tried to do it, he found out that his company has a standing policy against the use of such “bulletin boarding” programs because they are afraid something might get said or some data might get leaked. His company even uses a smart system on the intranet that monitors and blocks users from accessing consumer blogs and social networking sites like MySpace and others.

It’s taken him a while to convince the appropriate people, but they are now just beginning to use blogs and wikis for his group. So, from talking with him and others who are encountering this issue at their companies, here’s some of the ways companies wanting to employ Web2.0/Enterprise 2.0 technologies are handling the matter.

First, some security-minded companies are using software designed for the enterprise that they license and install on the company intranet–as opposed to one of the many hosted Web 2.0 blogs or wikis, etc. that are available. This allows for tighter corporate control of the blog, wiki, etc. and helps avoid the scary idea that information is residing “out there” on some vendor’s server.

They’re also using wikis and blogs to support application development and research (in my buddy’s case, BPM) as opposed to operations. (Although I have read about a financial company using internal blogs in their call center to capture their CSR’s expertise.) They’re also limiting who gets to use it and they have a moderator. Some assign a moderator; others let one develop, as tends to be a case with blogs and wikis. The group(s) involved also tend to hold discussions and come up with lists and rules governing taboo subjects/postings, etc. Although this may somewhat put a damper on “openness”, this appears to be the trade off for using Web 2.0 in the enterprise.

I’m a huge advocate of Enterprise 2.0, and I think that many corporate security concerns are over inflated. Nevertheless, judging from the amount of e-mail I get on the matter–and the folks I’ve been talking with at companies–security is a giant concern with organizations (especially financial firms) wanting to implement these technologies. I also think that this issue has been too glossed over. Consequently, I plan to research the issue of “openness” vs. the need for security with Web/Enterprise 2.0 technologies.

In the meantime I welcome your input on this matter as well as the application of Web2.0/Enterprise 2.0 in general.


Curt Hall

Curt Hall is a Senior Consultant with Cutter Consortium's Data Insight & Social BI and Business & Enterprise Architecture practices. His expertise includes BI, data warehousing, data mining, and other analytical technologies and products.


  One Response to “Enterprise 2.0: Openness vs. Security”

  1. Hi Curt – you may want to take a look at the research I recently conducted and have published on my blog – http://pennyedwards.wordpress.com – regarding Managing Wikis in Business. From what you’ve reported above I would be really interested to see how the issue of ‘openness’ vs ‘the need for security’ differs depending on the company sector of the organisation. You will see from my research that the Financial Services sector comprised a small number of survey respondents (5.88%) compared to IT (37.26%) and Professional Services (15.69%). Further, in terms of perceived barriers wiki usage ‘concern about information security’ (4.74% of responses ) was perceived as one of the lowest barriers (the lowest being ‘lack of competence using the wiki – 3.42%). However, ‘culture’ was viewed as one of the key barriers to its use. That’s interesting especially in light of your article which seems to suggest that command-and-control culture issues are being masqueraded as information security concerns. This is particularly so since the wiki was being established for internal use (presumably there are chinese-walls which need to be respected) rather than for external collaborations with clients. I’d be really interested to see if your research covers the ‘culture’ vs ‘information security’ issue, and also more particularly, how security concerns differ through industry sectors.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>