Social Media & Governance

Enterprise 2.0 - Required governance when using social

software

Atle SkjekkelandVice President, AIIM

Q1 2008, 441 respondents

2

www.aiim.org/research

Q2 2009, 789 respondents

AIIM Certificate Programs

3aiim.org/training

Objectives› Defining ECM and Enterprise 2.0› Why Enterprise 2.0?› Business drivers for ECM and Enterprise 2.0› E2.0 technology compliments and alternatives› Adoption of Enterprise 2.0› Governance and control

6

Defining Enterprise 2.0

7© AIIM | All rights reserved

Technology that enables people to collaborate and/or form online communities

The application of Web 2.0 to the enterprise A new set of technologies, models and methods used to develop

and deliver business software The next generation of knowledge management The ability to snap together software services to enable business

agility The next generation of collaboration The democratization of information and content-centric systems The use of emergent social software platforms within companies,

or between companies and their partners or customers A user-centric approach to working with enterprise-focused

content systems The next generation of enterprise content management (ECM) Exposing the collective wisdom of a networked workforce,

partner and customer base Leveraging metatags to tap into collective wisdom

Re-Defining Enterprise 2.0

AIIM› Enterprise 2.0 is a system of web-based

technologies that provide rapid and agile collaboration, information sharing, emergence and integration capabilities in the extended enterprise”

Andrew McAfee, MIT› Enterprise 2.0 is the use of emergent social

software platforms by organizations in pursuit of their goals

8

What is ECM?

AIIM› The strategies, methods and tools used to

capture, store, manage, preserve, and deliver content in support of business processes

Gartner› “Umbrella” term for collection of CM technologies

› Document Management / Imaging› Electronic Records Management› Workflow› Document-Centric Collaboration› Web Content Management


IsolatedFully Engaged

Islands of Me One-way Me Team Me Proactive Me Two-way Me Islands of We Extended Me

1.0

1.5

2.0

Evolution of Federal Technology

The New Administration

Internal


ECM is often about content control

Compliance = legal requirements + industry standards + organisational policies and guidelines, and more...› Finding and retrieving information on demand› Controlling access and confidentiality› Monitoring and reporting for enforcement› Comprehensive auditing› Secure retention and destruction

Source: Ovum

When you consider document and records management technologies, what is the most significant business driver ?

All respondents (476)

Which THREE of the following benefits would most likely justify a spend on collaboration tools within your organization?

Knowledge sharing

Efficiency

Timelines

Travel costs

10+ employees (656)

In your view, how critical is Enterprise 2.0 to your organization’s overall business goals and success?

Importance of Enterprise 2.0

10+ employees (656)

54% of organisations

considerEnterprise 2.0to be important

Cf: 44% in 2008

Which THREE of the following would you say are the key drivers for Enterprise 2.0 in your organisation?

Knowledge share

Collaboration

Responsiveness

10+ employees (656)

Which group is the PRIMARY driver of Enterprise 2.0 in your organization?

Driven from bottom up not

top down

10+ employees (656)


Source: Dion Hinchliffe, ZDNethttp://blogs.zdnet.com/Hinchcliffe/?p=143

Overview of 1.0 Technologies & FLATNESSES

Directly ProvidesPartially ProvidesDoes Not Provide


29© AIIM | All rights reserved




The Integrated Value• Why do I need non-

Enterprise 2.0 Technologies?– Consider that the

creation of Wikis has caused a resurgence in chat rooms and e-mail based alerts


Positioning Technology Alternatives To Business Needs

32

Directly Provides

Partially Provides

Does Not Provide


33

Which THREE of the following document collaboration tools would you say are the most used by your team or within your business unit?

Most of us are still playing

email ping-pong

10+ employees (656)

What is the current level of involvement with the following Enterprise 2.0 technologies in your organization?

50% have committed to main E 2.0

technologies

10+ employees (656)

How would you describe the understanding of Enterprise 2.0 in your organization?

All respondents (785)

25% of organisations

are doing something about

it

up from 13%


37

Operations and regulatory environment

› Every organization operates within its society and sector

› The three key factors that determine the regulatory environment are:› Geography› Industry or sector› Nature of operation

For each type of content, evaluate the degree of control that exists in your organization in managing it.

Does your organization have a specific policy or guidance on the USAGE and/or CONTENT of the following technologies?

70% have no policies on Web 2.0 or Enterprise

2.0

– although 45% limit access

10+ employees (656)

Emails - recorded, complete, and retrievable

› 34% of organizations never delete emails, 31% have no policy, 8% delete when running out of storage space, 27% delete after 1- 24 months

› Some 45% of organizations do not have a policy on Outlook “Archive settings” so most users will likely create .pst archive files on local drives.

› 33% of organizations have no policy to deal with legal discovery, 40% would likely have to search back-up tapes, and 23% feel they would have gaps from deleted emails.

› 18% had been exposed to a legal challenge in the last 12 months and a further 15% in the last 3 years – a one-in-three chance.

Which of the following best describes your organization’s policy as regards PUBLIC-FACING Blogs and Forums?

47% discourage staff from public

blogs

- although 13% have official

CEO or Marketing blogs

10+ employees (656)

Which of the following apply as regards internal STAFF-FACING Blogs?

57% take an encouraging attitude to

internal blogs

10+ employees (656)

No single security answer

› The needs of departments, regions, partners, customers, etc. will have their own unique security needs – requiring that your ECM architecture support a variety of changing circumstances

WebIM

Meta Data Management

Records Management

Shared Drives

E-mail Data

ID Extraction

Enterprise Digital Rights Mgmt

BPM/

Workflow

Digital Asset Management

ContextualFiltering

Authentication

Portal/Web

Content Analytics

Search

Taxonomy/Facets

Document

Management

Visualization

Collaboration

Social Network Analysis

Content Management

Information Architecture

Multimedia

How important is it (or would it be) to you that your ECM suite offers a full range of Enterprise 2.0 capabilities?

40% want to see it as part of their

ECM suite

10+ employees (656)

UsersUsers

Information Governance Framework

AdminAdminSpecialist- Security- Web

ExploitExploitBusiness & IM

Own Own CIO IT, RM

Not all separate roles – may be combined or delegated

Information Governance

1. Prevent

• Risk assessments

• Training

• Policies & procedures

• Executive commitment

2. Detect

• Audit

• Ombudsman

• Monitoring

3. Respond

• Investigation

• Communication

• Improvements

• Employee discipline

ECM 'Best Practices'

Examples:• Team-working across Functions• Re-using, not re-inventing• Proactive sharing of knowledge

Su

pport

ECM Procedures

Examples:• Procedure for requesting a new

Team Site

• Procedure for declaring a recordto the ECM Repository

ECM Rules

Examples:• Information must be stored in the

appropriate location• Information with corporate value

is stored to the ECM Repository

Drive

Drive

ECM Principles

Examples:• Duty to Share• Information as a Corporate

Resource• Collaborative Working

Em

bodie

din

› Spear Phishing is an attack targeting a specific user or group of users, and attempts to deceive the user into performing an action that launches an attack, such as opening a document or clicking a link

› The second concern regarding social media use by federal employees is Social Engineering, which relies on exploiting the human element of trust

› Advances in web application technologies allow attackers to use new techniques against social media websites not previously possible in email.

› Policy Control› The safe use of social media is fundamentally a behavioral

issue, not a technology issue.

› Acquisition Controls › Ensure some level of risk management, mitigation, and

acceptance of residual risk.

› Training Controls› Provide periodic awareness and training of policy, guidance,

and best practices

› Network Controls› Use technologies to secure a department’s infrastructure

› Host Controls › Just as important to securing the network is securing the

host.

The Air Force’s Rules of Engagement for Blogging

Conclusion?

How important is…› Knowledge capture and sharing?› Open innovation?› Collective Intelligence?› Expertise location?› Control?

Get educated in ECM and Enterprise 2.0!

58aiim.org/training

Thank You!

Atle Skjekkeland

Vice President

AIIM

Email: [email protected]

Twitter: Skjekkeland

Don't get left behind, - join the AIIM community of experts by becoming an AIIM Practitioner, Specialist or Master.