Blogging and KM expert Bill Ives writes about Sneaking Enterprise 2.0 into the Office , a look at how IT departments are swamped by the pace of technology change on the consumer front and how employees are increasingly reliant on their IM, their Facebook and other social tools to stay productive. Ironically, managers often argue that what they are seeing doesn’t constitute work – yet blithely allow indiscriminate use of the most stressful application, email, because it looks like work. I read with great interest that communications technology pundit Jeff Pulver has shrugged off LinkedIn in favour of Facebook, the latest bogeyman for British business. As with any new communication medium, there is an exciting, bedding down period when a tool is used for what appears to be chit chat alone. And then we get on with our jobs, often finding innovative uses that IT departments are initially unaware of – until the desktops are once more locked down. Productivity may dip, but then it rapidly recovers as we build stronger bonds with employees, customers, suppliers and partners.
Security is the other major objection cited against the use of consumer social tools in the enterprise. It would be interesting to compare by sector and by country the extent to which desktops are locked down. Is, for example, the blue chip UK financial sector one of the most restrictive regimes, compared to its US counterpart? And if productivity is the issue, does that not put UK plc at competitive risk? Security is an elastic thing. It has tradeoffs. In emergencies, some aspects are tightened, and others are loosened for expediency. There are tradeoffs between security and productivity, cost, time and manpower. Security can be defined as keeping the bad stuff out, and the good stuff in. But what is in and what is out in the extended enterprise? To what extent are channel partners in or out? Collaborative R&D – what’s in and what’s out?
The answer, I believe, is a simple one but it requires a shift in the security approach from being top down and prescriptive, to being bottom up and selfish. By selfish, I mean it remains in the best interest of the individual to keep secrets. Authentication in Facebook stems from my knowledge of my friends, yet I’m reliant on Facebook for not allowing someone to spoof my identity or that of others. I’m reliant on Facebook to not divulge my password. Facebook has top down infrastructural responsibilities I depend upon, but I determine who is in or out of my friends and groups. Security in a business team requires that I know who to trust with what. I decide who sees what and who does what with it. It is not top down. Yet I’m reliant on my IT department to provide an infrastructure that can’t be snooped or email addresses that can’t be hijacked. They provide me with the infrastructural highways, not the keys to my car. This devolvement of security down to the individual requires a role based infrastructure, one that is too complicated to roll out and maintain in most larger organizations as a top down project. So it must be a self forming thing, stemming from how individuals work already. And given the pace of change of technology in the consumer and SMB areas, tools for secure teaming are more likely to be found there.