5 Security Tips for the Social Enterprise

by John Thielens, CSO of Axway

As a member of an enterprise, several things strike me when I think of the idea of creating a social enterprise, with its promise of new collaboration models. The very phrase “social enterprise” calls to mind the ways an enterprise connects with its business partners, and how it might use social technologies like collaborative documents and instant messaging to strengthen customer, supplier and community relationships. Still, the enterprise itself is a community.

When I look at my desktop, the idea of applying social techniques even within the enterprise is daunting. Yet our potential to engage external partners more effectively depends on our ability to engage internal partners effectively first.

This concept of internal social engagement is nothing new, of course.

Instant-messaging apps that give enterprise users the ability to internally share their status (“On the phone,” “BRB,” etc.), and create ad hoc Web conferences with ease, have been around for years. Their advocates are passionate about them, and quick to attest to how completely they can transform interactions between colleagues. Even so, those advocates are not as numerous as you would think.

The truth is that adoption of these technologies is relatively low. Everywhere, even internally, where IT and the CIO have the power to exercise unilateral control, push the same software out to everybody’s desktop, create rules for how it’s to be used, control the directory, and ensure that everyone is reasonably secure or well-authenticated.

So why the lousy adoption rate? What’s making us so reluctant to embrace the concepts of internal social interaction, apply them across the enterprise boundary, account for both the B2B context and the internal enterprise context, and make it all so transformative and useful that adoption will be high everywhere?

First, in order to adopt true multi-enterprise social technologies, we must establish trusted partnerships at a deeper level. Don’t require employees to create another login and password. Instead, establish a secure, professional enterprise framework that allows us to trust each other all the time, every time. Open standards for authorization, such as OAuth, look promising.

But for now, it’s enough to say that identity exchange and tighter integration and collaboration with our business partners must be built on a foundation of trusted identity, so that we are at least sure who we’re talking to. That kind of trust is a necessary prequel to making the leap into sharing content and collaborating across multi-enterprise business processes in ways that truly add value.

We must also consider supervisory surveillance and policy. When employees are instant messaging with business partners, sharing screens and doing much more than simply emailing, you may wonder, “How am I going to monitor all of this? How will I audit it?” This is especially important for organizations in heavily regulated industries, like financial services and healthcare, with specific data security requirements for everything from paper print-outs, to email and file transfers.

We must engage in a range of tough issues, for instance:

· What sort of retention, discovery, expiration and destruction requirements should we create in response to these social enterprise technologies?

· What’s my supervisory obligation to inspect, archive and record all that connectivity?

· What kind of policy framework can successfully govern all of this activity, since it involves people with multiple roles and levels of authority, and multiple types of communications?

Existing policy frameworks in most organizations are limited to a particular set of customers and roles. That’s something that will have to change. Policy will have to become both more flexible and more explicit, so that people across job functions can use social technologies more broadly in order to better collaborate with their business partners. Compliance is a hurdle almost every organization must contend with no matter their industry.

Without the right kind of supervisory surveillance and policy frameworks in place, the transformative potential of social enterprise technologies will be far outweighed by risk of compliance exposure to the business. Here are five ways to address these issues:

1. Integrate directly with your community of customers and partners: The social enterprise accelerates speed-to-delivery by establishing data connections that lead real-time business decisions and opportunities.

2. Insight into every interaction: End-to-end visibility provides IT teams with the tools to monitor information sharing whenever and however it’s happening.

3. Policy to support the “right” connections: Organizations must be able to customize policies and rules to business needs, using automated policy management to save the sanity of IT.

4. Direct connections to critical endpoints: Provide secure, direct lines of communication and information sharing — whether for files, instant messaging or email.

5. Meet compliance needs: Use reporting capabilities to meet the requirements of industry-specific watchdogs.

Is it a big challenge for IT, security and compliance officers to enable social technologies at least internally, while our external compliance and security framework continues to evolve? Yes, but these challenges are solvable. Let’s commit to protecting the enterprise while still enabling and embracing the transformative business value social collaboration will deliver.

John Thielens is CSO at Axway, a provider of business transaction software.