Upload
enterprise-20-conference
View
690
Download
5
Tags:
Embed Size (px)
DESCRIPTION
Presenation given by Alice Wang and Mike Gotta of Burton Group at Enterprise 2.0 San Francisco 2009.
Citation preview
Social Networking and Identity – A g yCautionary Tale
November 5 2009Alice Wang
November 5, [email protected]
Mike [email protected]
All Contents © 2009 Burton Group. All rights reserved.
mikeg.typepad.com
Two Sides Of The Social Networking Coin 2
Why are we here…• Use of social networking tools and applications to improve
information sharing and collaboration will transform how information sharing and collaboration will transform how organizations think about, and manage, identities
• Profiles, social graphs, and activity streams enable employees to construct their own social identities across internal and external constituencies
• Participation in social networks and community contributions • Participation in social networks and community contributions enable employees to establish their own social roles and reputations
• However, what are the benefits, risks, and implications of more open collaboration and transparent knowledge sharing on identity management strategiesmanagement strategies
Two Sides Of The Social Networking Coin 3
[email protected]+1-234-567-9012
zxcvxvxcccb
[email protected]+1-234-567-9012
@
Source: Booz Allen Hamilton
Two Sides Of The Social Networking Coin 4
Benefits expected from social tools and applications• Connect people internally and externally
B k d i ti l b i d i f ti il• Break down organizational barriers and information silos• Promote employee innovation• Address generational shifts; meet technology expectations of • Address generational shifts; meet technology expectations of
younger workers• Support strategic talent and learning initiatives
However – open and transparent environments can raise identity and security concernsand security concerns
Use Case #1: Social Network Site 5
[email protected]+1-234-567-9012
[email protected]+1-234-567-9012zxcvxvxcccb
Trusted Identity Sources
Enterprise Identity HRMS Directory Other Systems-of-Record
Use Case #1: Social Network Site 6
[email protected]+1-234-567-9012
[email protected]+1-234-567-9012zxcvxvxcccb
Internal Social IdentityPersonalClaims
Use Case #2: Profile Proliferation 7
Employee Employee Women’s
A single profile? Multiple profiles? Federated profiles?Women
Returning To Profile #2Profile #2 Support
GroupWork After Extended
Leave
Employee Employee Employee Employee Outreach Internal Profile #3Profile #3
Employee Employee ProfileProfile
Outreach Network“Facebook
Site”
Community ProfessionalExchange of
Gay & Lesbian
CommunityEmployee Employee Profile #4Profile #4
Community Of PracticeExchange of
Best PracticesCommunity
Use Case #3: Activity Streams & Profiles 8
Over-sharing via social conversation and community actions
Employee Employee p yp yProfileProfile
Jane Doe: Joined Community:“Women Supporting Women”
J h D “W ki bi M&A d l
“Women Supporting Women”
John Doe: “Working on a big M&A deal,need to work late tonight… stay tuned!”
Fred Smith: &#%^%$* we just lost the Company ABC account…
“Gay & Lesbian Employees”Outreach
A t ti Company ABC account…
Jane Doe: Joined Community:“Gay & Lesbian Employees Outreach”
Betty Smith: @Bob Jones That patient
Automatic posting of community
actions y @ pID number is 123456789
Bob Jones: @SamJ I’ve changed the access controls so you can get into the workspace
Activity streams & “Enterprise Enterprise
Twitter” messages
Use Case #4: First Comes Aggregation 9
[email protected]+1-234-567-9012
[email protected]+1-234-567-9012zxcvxvxcccb
External Social Identities
PersonalClaims
Use Case #4: Followed By Correlation 10
Is it me? How much is being shared? Under what controls?
ProfileProfileStatus MessageA ti iti
ProfileGroupsContacts
ActivitiesPhotos
Following / Followers“Tweets”
Unification of an employee’s social Enterprise Identity
My politicsMy groupsemployee s social
structures
“The “The
Enterprise “Social Identity”y g p
My musicMy friends
WorkMe”
CitizenMe”
Use Case #5: Leveraging Consumer Tools 11
Enterprise roles and
“The
Enterprise roles and identities can collide with personal use of
social media“TheEmployee
Me”
social mediaCitizen
Me”
Use Case #6: Enterprise Roles 12
T t d Id tit S
HRMS Directory Other Systems-of-Record
Trusted Identity Sources
Role Sources
Authentication Role Management Applications
Authentication,Authorization,Provisioning,
[email protected]+1-234-567-9012
Business ProcessManagement (BPM)Systems
RBAC, etc.
[email protected]+1-234-567-9012zxcvxvxcccb
SystemsEnterprise Portals
My Roles• IT Architect• SME on “ABC”
Enterprise Roles• Approver for access to “XYZ”• Certified on “123”
Use Case #6: Emergence Of “Social Roles”13
“A P ” “Wiki G d ” “Id P ” “N Filt ”“Answer Person” “Wiki Gardener” “Idea Person” “News Filter”
Social Role Social Data Aggregation & Social Network
Social RolesAttributes Correlation Analysis
Use Case #6: Community Equity 14
From roles to reputation• Reputation is as aspect of someone’s identity; need a social value system
based on social activities• Analyze social data to derive community equity
• Aggregate social activities: edit, tag, bookmark, follow, comment, reply, post, attach subscribe joinattach, subscribe, join…
• Correlate patterns: participation, contributions, skills, reputation, social graph
ContributionsSkills
ReputationContributions
Social GraphParticipation
Reputation
Community Equity
Use Case #7: Analyzing Relationships 15
Social analytics• Assess, correlate, and visualize relationship structures
Di f l t t ti t l bl• Discovery of latent connections most valuable
Needs to figure out Needs to figure out how to help a
company deal with export / import l ti i t regulations in country
XYZNode 8To Node 10To Node 14
Has dealt with import / export problems in
country XYZ for
To Node 15
Source: Telligent
years in past job role
Use Case #7: Analyzing Relationships 16
Without proper controls, identity and security issues can arise• Evolution of tool capabilities can discover too much information on
organizational structures activities and relationshipsorganizational structures, activities, and relationships
Product B
Product C Person 4
Product BPerson 2 SCN Group1
Customer XProduct A Business Process 2Purchased
Marketing Campaign 1Person 5
Key talent in organization
developing new ideas and
Source: SAPPerson 3Sale Process 1 Part of
ideas and products
Awareness & Management Of Risks 17
General concerns relevant to identity and security teams• Identity
• Assuring profiles (identities) internal and external• Assuring profiles (identities) – internal and external• Populating profiles with trusted enterprise data • Assessing social identity attribute claims• Making sure that controls exist to satisfy privacy mandates
• Security• Applying policy-based management (including enforcement)• Applying policy-based management (including enforcement)• Inclusion of monitoring, discovery, and audit mechanisms• Validating "fine-grained” access controls and role modeling capabilities
S ti f i li di d l t d d t t ti t l • Satisfying compliance, discovery and related data-retention controls • Ensuring data loss protection
Awareness & Management Of Risks 18
Use Case concerns relevant to identity and security teams• Profiles And Profiling
• Credibility of profile and social claims• Credibility of profile and social claims• Possible bias against employees by co-workers based on race, diversity,
affiliation information made open and transparent via social media tools• Information Security
• Intellectual property, compliance, e-Discovery, monitoring…• Aggregation / correlation capabilitiesgg g / p s• Data management and data integration (profiles, roles, etc)
• Privacy• Adherence to regulatory statutes, level of employee controls, possible
stalking situations (hostile workplace)• Social Network Analysisy
• Makes relationships visible that perhaps should not (“connecting the dots”)• May lead to “befriend / defraud” situations, social engineering
Recommendations 19
Moving forward with social media and social networking efforts• Social media and social networking are strategic initiatives that are
here to stay saying “no” is not the right approachhere to stay – saying no is not the right approach• A decision-making framework and governance model is an
essential component of any strategy• Policies and procedures need to focus on the human element and
avoid technology as a panacea Id tit d it bj ti d t b i d th • Identity and security objectives need to be viewed on the same level as desires for openness and transparency
• IT teams that should be viewed as key stakeholders in social IT teams that should be viewed as key stakeholders in social media and social networking strategies include:
• Groups responsible for collaboration and community efforts Id tit t d it • Identity management and security groups
• Information management and data analysis groups
A Look Ahead 20
Do we someday reach a point where social networking, social roles, and community equity enable self-regulating systems?
EnterpriseRole
SocialRole
Social Role not associated with enterprise role or
No change
Enterprise SocialSocial role indicates synergies with enterprise
entitlement
Discovery of latent talent in the agency perhaps a Enterprise
RoleSocialRole
synergies with enterpriserole and entitlements
in the agency, perhaps a new subject matter expert
Social role becomessynonymous withenterprise role and
Provisioning and access controls adapt based level of community equity
EnterpriseRole
SocialRolep
entitlement performing social role
21
Q&AQ&A
All Contents © 2009 Burton Group. All rights reserved.