Enterprise 2.0 Fear Factor: Overcoming Risks, Uncertainties and Doubts

futurelab default header

by: Christian Smagg

There are risks associated with adopting any new technology, and Enterprise 2.0 is no different. Enterprise 2.0 holds the promise of dramatically increasing business productivity, stimulating greater innovation, and creating tighter connections between employees, as well as with partners, suppliers and customers.

While these technologies and other social networking softwares are facilitating knowledge sharing, accelerating team communications, fostering increased collaboration and online communities creation, many executives are recognising their value but worry about losing control of information, compromising sensitive data, opening  their networks to security breaches or even exposing employees to time-killing "network noise". 

Liability for potentially illegal activity involving workers, risk of malware infections, bandwidth constraints and other drop-offs in employee productivity are obvious reasons why the "open social Internet" just goes against the instincts of many Chief Information Officers. 

It is also true that employees using these systems for group collaboration, usually operate outside the approved IT applications, meaning they aren’t actually subject to enterprise policies governing compliance and information protection. It is obviously a challenge for any IT professional to give up control over the IT systems they depend on. As Enterprise 2.0 is decentralised and ad hoc, control is in the hands of users rather than the IT department. 

Security risk – either incoming, as malware, or outgoing, as data leakage – is probably the biggest issue with Enterprise 2.0 technology since opening up your company to share information and allowing users to upload files to your system – while a laudable idea for improved collaboration- surely expose your infrastructure to related threats. An open social system makes it a challenge to maintain security. 

Additionally, many managers may be concerned about the risks associated with bad publicity or confidential data disseminated due to employees potentially sharing information on blogs or other social networking sites. Lots of companies are spending large lump of money creating their message, maintaining its consistency and build a brand. Opening up the conversation means, for better or worse, that you will be losing control of that message, at least in ways it was previously defined. While there are benefits related to opening up the conversation, not all content or opinions are created equal and some may be more valuable than others. Community policing are therefore also required to provide the necessary checks and balances to potentially eliminate noise. 

Some concerns could be addressed by providing tools and dashboards, giving control over these conversations as well as which employees can access and use which tools. While this could help allay IT fears, it may still be difficult for some to accept this cultural shift without some assurance that critical business systems will keep operating. The first rule of thumb for improving security protection and securing risks is considering people and process alongside with technologies including "next-generation" capabilities such as web filtering technologies, reputation services, blended threat protection and behaviour-based detection. IT professionals are highly required to think about security implications and ensure appropriate safeguards are taken as their companies adopt Enterprise 2.0 techniques. These technologies are indeed enabling information to move in new faster ways, with users being so much more involved, putting networks, employees, and customers at risk. 

As businesses rush to get involved in Web 2.0, a Forrester research study recently revealed that the vast majority of organisations adopt Enterprise 2.0 technologies without even preparing to fend off the related threats and dealing with the security risks that come along with it. The report indeed found that 97 percent of companies surveyed considered themselves prepared, though 68 percent conceded there was room for improvement. Even scarier, a full 90% of surveyed IT professionals and security decision makers reported that they are at the least "very concerned" about related threats and may have made the leap into these technologies without thinking about the security consequences. The study further notes a lack of risk awareness, user training and consistent policies, making essential for organisations to re-examine the adequacy of security policies and protection mechanisms together with implementing systematic and comprehensive training to communicate the magnitude and extent of web threats to users. 

Finally, as with any disruptive technology, a critical success factor resides in the fact that companies will need to assess the strategic value and implementation plans with an eye toward enterprise requirements including reliability, security, governance, compliance, and privacy. As companies dive into Enterprise 2.0, associated risks such as security, infrastructure stability, data loss or reliability, just to name a few, are increasingly important to secure. Nevertheless, in most cases, the benefits provided to enterprises considering the new social media technologies as a collaboration platform, may outweigh the risks, especially if some precautions are taken to mitigate these.

Original Post: http://www.saastream.com/my_weblog/2008/02/enterprise-20-f.html