Farming at work: social media in the enterprise

How do you make social networks safe for work? Also some key risks and strategies for tracking productivity. Joins my recent article on the Twitter virus and previous article on Data loss prevention

Options for social networks in the enterprise

Can social networks enhance productivity?

Absolutely! There are plenty of case studies from Mashable et al that show how social network tools can enhance productivity. Even as a thought experiment encouraging microblogging, sharing and liking of content as a news distribution and ideas generation engine - how could it not improve collaboration and productivity?

Wiki's are an older example where collaborative social technologies are far superior e.g. to policies and standards and procedures which sit stale in PDF's and are updated at maximum once a year.  There is a healthy demand for social media tools both inside and outside the workplace. Effective enterprises encourage collaboration and diversity of thinking - especially as workforces are increasingly globalized. Social media tools can be a lot better than the existing collaboration tools such as Sharepoint at doing this. Where I have seen tools like Yammer deployed it is the business users not the technical IT users who are the first to jump on board

The best option for gaining the benefits of a social networks while minimizing risks is to run a private social network within your enterprise that is controlled and managed by your IT e.g. Yammer. If you have some coders or innovators in the IT team give them a 20% project to get a Dispora instance up and running.

Could Dispora be more secure? sure - but it is a very early release and guess what being open source you can fix the bugs yourself, on join the community that does. Also while I would not endorse it, it would hardly be the first application that IT departments and IT security departments would have accepted with security holes because it is "Internal". It really depends what you use it for and what information you put on the extent of the risks involved

If you do invest in enterprise social media tools, make sure you promote it and give your users some incentives to use it like:
  • It is now the collaboration tool of choice and we will shut down Sharepoint and share drives in 3 months time 
  • Allow them to create personal groups around interests and Communities of Practice e.g. The java cop or lady gaga cop
  • Allow them to sell and buy stuff on it
  • Moderate and maintain it - make it someone's official 20% responsibility to care and feed. 
  • Encourage corporate comms and the social clubs to use it
  • Encourage the PMO to setup new project groups on it
  • Enroll everyone by default - it is the company corporate directory and business contact info so there are no privacy problems. 
However even this does defeat some of the point of social networks to be fully social including outside the company, besides Yammer does not have Farmville. Also simply banning them is not very effective when they can simply bring in their tablet or phone with 3G and access the sites but at least those are not connected to the corporate network. You could use a hybrid approach of banning the time sinks like Facebook and allowing Linked in and maybe Twitter.

Key risks

Some of the key risks of social networks are
  1. Data loss - files and information can be uploaded to Facebook for example
  2. Malware - e.g. twitter worm
  3. Reputation - ex and disgruntled employees posting damaging material
  4. Productivity loss
Some mitigations
1. For number one, you can run some dataloss prevention tools that monitor all internet use for upload of sensitive data eg Symantec Vontu or RSA DLP.  You can use your proxy to block the upload of any files to these sites

2. Is difficult -  running up-to-date anti-malware and having browsers and the OS fully patched including extensions and plugins will help. Using something like Firefox such as the official browser with the no script addon installed will also help as long as it does not kill your legacy corporate applications

3. Really tough because even without corporate network access they can use it on personal devices. Like Chris Rock said people just want to get high.... Or build farms in this instance. You can hire someone or pay for a service that monitors for this activity and if someone is identified ensure that appropriate HR actions are taken. Publishing an occasional email and something in the rest room that big brother is what you say on Facebook may also act as a deterrent.

4.  You can track and shame. The best ways to track employee use of social media is:

A. Via the proxy server. The proxy server keeps a lot of all usage and with a bit of light scripting the connecting IP addresses can be mapped back via Active Directory to the individual user. Make sure your proxy server is terminating the SSL connections so that you can examine the data.

From this you can collect stats such as
  • usage
  • time spent on average
  • subsites visited eg facebook apps and games
  • when used eg lunch and after-hours or work day
You can then combine with any productivity or other HR issues if you need evidence to put on performance improvement plan or terminate. Also name and shame walls of top 10 Facebook users is effective

2. Data loss prevention tools such as Symantec vontu or RSA DLP can  allow you much more fine grained control over what information users post to Facebook et al. If they upload company confidential documents
or information again you can either block or investigate and take remedial action.

No comments:

Post a Comment


Written by