E L S U A ~ A KM Blog by Luis Suarez

From the blog

New Technology – The Threat to Our Corporate Information

Gran Canaria - La FortalezaIf you have been exposed to Social Computing within the enterprise for a little while now I bet most of you folks out there would probably be able to identify one or two of the main issues that every single corporation has got with regards to the wider adoption of social software tools, both inside and outside of the firewall. Those two issues are actually privacy and security. Oh, and perhaps risk management, too!

Well, let’s leave out privacy for now, and spend a few minutes going through security and risk management. Specially, in the context where some people keep postulating that social tools make things a whole lot easier with regards to sharing your company’s secrets across, as well as leaking confidential information out to competitors and whoever else. But do they really expose such threats? Are they the only ones creating this discomfort? Well, probably not. And here is why…

I love it when going through the various interactions from my social networks on a daily basis you keep bumping into a rather interesting resource that continues to pop up time and time again and you eventually go through it and you realise that the overall content put together is amazingly accurate (Perhaps, too scarily accurate!) today, even thought it was first published over two years ago! WOW! Yes, two years ago! I know that things happen incredibly fast on the world of the Internet, but to think that you bump into a specific piece of content that is incredibly accurate, even today!, but that it was written over two years ago, it surely is quite something!

Well, go and have a look into New Technology – The Threat to Our Corporate Information. A Slideshare presentation that has been making the rounds lately (once again) and which touches base on those interesting, and always relevant, topics of security and risk management. The deck was actually put together by Norman Lamont (?), like I said, over two years ago, and with a rather special sense of humour, and very much with tongue-in-cheek, trying to portrait, very faithfully, how using social software tools as business tools may well have the same risks, and pose the same security threats, as various other traditional collaboration and knowledge sharing tools. In this particular case, the telephone.

Yes, that lovely mobile device that I bet almost everyone of us has had at some point in time and whose usage continues to grow exponentially year in, year out. That mobile device through which, in multiple various occasions, I am sure!, more than once, twice, or even three times!, we have been hearing conversations from people around us that I bet we shouldn’t have been hearing in the first place! Whether waiting to take public transport on the way back home, whether waiting at the doctor for that appointment, whether we are doing shopping or whether we are having lunch or dinner at a restaurant, you know there have been multiple various conversations over the mobile phone that you realise should never have happened in the first place!

Ouchie! Yes, that’s the premise of this Slideshare presentation I mentioned above: New Technology – The Threat to Our Corporate Information. It’s funny. Actually, it’s hysterical! Hilariously entertaining, to put it in other words, just to see how Norman has put together, back then!, a couple of years ago, a bunch of rather simplistic slides, with very little text and visuals, trying to convey what the real problem for these issues of security and risk management are all about: it’s never been about the technology, nor the tools, like some people keep claiming over and over again, but eventually it’s down to the people themselves, the knowledge workers. Those who always have got a unique and unprecedented opportunity to mess things up pretty badly, unless they are careful enough…

And that’s exactly what Norman talks about in his Slideshare deck. That social software tools are not going to get businesses in more trouble with leaking confidential information out there, because if employees would really want to share that critical information with the wrong kind of crowd, they probably wouldn’t care about social tools to do that. They would eventually use anything within their reach! Email, Instant Messaging, phone calls, informal face to face conversations, etc. You name it! Even if they are not fully aware of what they have been doing!

Like I said, if a knowledge worker decides to leak that paramount to the company information, knowledge and / or resources, believe me, the last thing they are going to make use of is social software tools! Ironic, eh? Why, you may be wondering, right? Well, like Norman said, mainly because "wikis, blogs and forums are the tried and tested ways. Every entry is named and attributable, and can be corrected if wrong. All corporate communication should take place this way!"

Because "How do you update and correct a telephone conversation when it’s done?" (You will have to go through the slide deck to find out… not going to reveal the answer just yet! You will have to find out for yourself this time around! One thing for sure is that as you go through the presentation I’m pretty certain you will be nodding in agreement with Norman, at the same time that you are going to find the slides rather entertaining, if not hilariously funny! Yes, this is one of those blog posts referencing a rather nice, simple, but effective presentation with plenty of tongue-in-cheek all around. Or… well … maybe not!

Maybe we are over-exaggerating a bit, or perhaps over-reacting more than we should; after all, wouldn’t we trust our knowledge workers to be those hard working professionals we hired in the first place, working on a rather healthy, content, satisfying, highly motivating innovative, knowledge sharing prone and collaborative environment, who keep revalidating their commitment to the business every year by complying with those business conduct guidelines you encourage them to live by? Yeah, who knows, perhaps we are freaking out a bit too much. Shouldn’t we trust them more to do the right thing?

Maybe we should. Why not? What would we have to lose? Most importantly, what would they have to lose? Probably a whole lot more than we all think…

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Worth while sharing it along?
0 votes

5 comments

  1. Fun presentation ๐Ÿ™‚

    Of course, there is a big difference between a person slipping some important information over the phone with a friend, and a person slipping some inportant information in a Twitter comment read by 2,000+ people (and that is easily searchable, not deletable etc).

    Most people don’t leak important information *on purpose*, but by accident. And the “accident” can be much more severe if done through Twitter or Facebook than the phone.I don’t think that businesses don’t trust their employees, but they know that *people make mistakes*, and social media makes it much easier to make mistakes (and makes the mistakes much bigger by reaching many more people).

    Thanks for the interesting post.

  2. Certainly Atle’s point is valid, but I do see far too often that security people and other officers understandably concerned with these topics become rather myopic even when the social interaction proposed via new technology is ONLY with a limited group of people, the same people one is working with via email and phone. For example, I have seen closed workgroup technology criticized as a potential “data leak” source when the members of this closed community already trade emails and talk on the phone, and when the closed workgroup technology is a project tool that doesn’t require (and should NOT be used for) sensitive content. Sure, it’s VERY good that security people warn us of this, absolutely! Without that warning, we do risk being too casual. But that warning suddenly and too often becomes a “do not use” mandate, which is rather absurd. If 10 officers of the company entrusted to work with an external agency or some-such can’t be trusted to take an easy-to-follow direction for a new technology in a closed workgroup (“use this tool for xyz, do not use it for abc”) when they are already entrusted to work in that workgroup, well, then something is much more deeply wrong than the technology.

    My beef here is larger and general, too. Far too often all of us folks entrusted to safeguard the enterprise in some manner say “DO NOT” when instead we should engage in more of a dialogue, understand the business purpose, and define BOUNDARIES that are mutually useful to the business goals and the conduct of the work. Sure, simple mandates are useful and necessary in many situation, and sometimes even a valuable idea has to be nixed for its too-great risks, but too often we are sticking our head in the sand, perpetuating our siloed and anti-collaborative styles.

Leave a Reply

Your email address will not be published. Required fields are marked *