Archive for category Web 2.0
It’s difficult to debate the value of installing enterprise social networks.
Richie Etwaru, a futurist and avid speaker, covered the current state, business value, and future thinking needed around the construct of what he phrases the #ENTSOCNET (an internal enterprise social network). Mr. Etwaru titled the piece Solving for building backlash of Enterprise Social Networks and covers the 1st, 2nd and 3rd generation of the #ENTSOCNET. Installing an internal social network, driving, adoption and extracting business value as Mr. Etwaru describes, is complicated and difficult work. Leaders must ensure that said complicated and difficult work is being done under the auspices of regulatory guidelines.
There are regulatory compliance, corporate governance, and legal requirements organizations must address before deploying social. There however, is an impedance mismatch and some amount of misinterpretation between what the regulators consider enterprise social media, and what leaders in the enterprise consider to be enterprise social media. The spirit of the regulations suggest that whether an enterprise in installing an internal social network (what Mr. Etwaru describes as the #ENTSOCNET) for its employees only, or leveraging external social networks such as Facebook, LinkedIn or Twitter; all communications, messages, inboxes, comments, endorsements, DMs, tweets retweets etc. are governed under the regulations.
What Regulators want
More than 2 years ago, regulators of the securities industries began to issue guidance on how to use social media. The Financial Industry Regulatory Authority (FINRA), The Securities and Exchange Commission (SEC), Investment Industry Regulatory Organization of Canada (IIROC), National Association of Insurance Commissioners (NAIC) and others view social media, whether it’s external or internal, as just another form of business communications, such as email or instant messages. They remind us that it’s the content that is determinative, not the platform. Regulators also expect that firms demonstrate that they are supervising, or reviewing, a pre-defined portion of these communications. Other more general legislation may also apply such as Sarbanes-Oxley (SOX) Gramm-Leach-Bliley Act, and the data breach notification laws (PCI, DSS).
What this all means
In short, whether internal or external, firms need to ensure that all business communications (or “business as such”) are captured, archived, supervised and made easily e-discoverable. There is nothing new here as this has been an evolution. First paper, then email, instant messages, now both internal and external social media, firms continue to be challenged to capture, retain and review a portion of all business records in whatever form they appear. As a first step, firms may use their existing email and instant message retention policies as a framework to develop policies for internal and external social media. Governing said policies is a separate and pronounced challenge.
Governance is key
Firms are increasingly committed to comprehensive corporate governance to avoid scandal and to comply with regulations. The development of sound policies and procedures before deployment is key, given the vast amount of data stored in most collaboration environments and the free ranging conversations among employees, contractors and even clients that can ensue, policies must be defined.
Specifically policies should address: records management (retention, litigation readiness, privacy), information management (making sure that records are tamper proof, and easily accessible), data deposition (disposal of data) and conflict management. Where possible, firms should automate policies with technology to protect their intellectual property, prevent the creation and distribution of inappropriate content and provide an audit trail of all activity to ensure accountability.
It’s a serious legal matter
When learning of pending litigation, firms must be able to preserve all records (“legal hold” or “ligation holds”) that may relate to legal action against the company, including records of social activity. According to the Federal Rules of Civil Procedures (FRCP), firms must meet discovery requests for paper as well as electronic documents (spreadsheets, slide decks), emails, posts, and conversations across social media in a timely fashion. Therefore, firms need plans and the means to retain and produce such data upon request. Email was new and difficult, social is not yet understood, complex and mindboggling.
Social, not my grandma’s email
Social media, due to its nature, adds complexity to these requirements as interactions occur over time. For example, a blog starts with an initial post, then readers may add comments, or change their minds and revise and delete their comments and the original author may respond. These interactions could go on for months in some cases. Firms should have the ability to produce all of these threads of posts, comments and replies “in context” to give meaning to the conversations. By providing context, firms may reduce litigation costs by reducing the number of hours required by attorneys to sort through records to determine the sequence of events and the true essence of the conversations. Preserving context requires intelligent software solutions.
Enterprise-wide “social business” tools were designed to facilitate collaboration, not necessarily to meet the legal and compliance requirements of regulated firms or public corporations. They offer basic functionality to capture and archive communications, but not the reporting, contextual view of information, nor granular policy setting that may be desired. Firms are therefore advised that before deploying enterprise wide collaboration tools, they look to third party vendors to ensure their compliance requirements are met.
Collaboration, no pun intended
I reached out to Mr. Etwaru (whom I met a few years ago at a conference in NYC) and shared this perspective. His response is below.
Your thoughts are spot on. From the regulators (who are doing a great job) point of view social, email, chat, etc. all carry similar risk and hence are metaphorically bucketed from a guidance standpoint. In the enterprise however, the risk with social is multiples higher for a multitude of reasons. One reason is employees learned of social in their personal lives where regulations are by and large absent. Hence, when using social in the enterprise (or in a commercial manner) employees (fallible as we are) tend to assume the same “free range” comes with social. The policy, governance and education you suggested is paramount, I could not agree more.
That being said …
However daunting all of this may be, the biggest risk is not using internal social media to break down silos and to unleash the intellectual power of the enterprise while driving innovation.
BTW, love your diagram, I can help you make it pretty
Hope this helps,
Diagram above rendered by Mr. Etwaru,
Although the Financial Services Bill is still going through the House of Lords, in less than nine months time the demise of the FSA will be complete. Its replacements, the PRA (Prudential Regulatory Authority) and the FCA (Financial Conduct Authority) have issued guidelines on their approach, but their current lack of detail on financial promotions has left many firms confused about the future.
The biggest initial change I think we are going to see is not new guidelines, but a stricter enforcement of the current ones with heavier fines for those that stretch the mark. One of the contentious issues around this is the proposed public “early warning” notices of firms that do not comply and the cutting of the right to reply from 28 to just 14 days.
The FCA guidelines state: The government intends that the FCA will have new powers in product intervention; to direct firms to withdraw or amend mis-leading financial promotions with immediate effect; and to publish the fact that a warning notice in relation to a disciplinary matter has been issued.
Besides the problem of drawing adverse attention to a potentially innocent firm, there are other issues to consider. Retrieving the evidence of a print or email-based marketing campaign to argue your case is relatively easy, but trying to collate proof around a social media campaign that’s taken place over several different platforms is time-consuming without an adequate contextual archive.
14 days is a long time if warning notices are issued and waiting that long to demonstrate publicly that it was within the regulation is not really an option for a firm looking at damage limitation and protecting its reputation. A successful, or indeed notorious, social media campaign that’s been running for just a week can produce a vast amount of content that will need to be reviewed. But working out who said what, who saw what, whether they were public messages or private DMs takes time if you’re doing it manually or using disparate databases. Not to mention the additional headache if the campaign actually ended months before.
In addition, the PRA outlines that it may even intervene in a financial institution’s business, citing the Japanese Financial Services Agency that in 2009 banned the retail division of a large financial institution from advertising and running sales campaigns for one month after it failed to maintain required standards to control money laundering.
We’ll have to wait until October when the House of Lords meets again to discuss the Financial Services Bill to see if the early warning notices will remain, but either way there are several things firms can do now in preparation for the final transition.
Review your risk within the current FSA guidelines, amended your policies and procedures if you find them lacking and starting thinking about using technology not just to enforce them, but to help you understand the situation and react quickly if something does go wrong. Even better, put a strategy in place that allows for real-time monitoring, compliant logging and archiving and content control that means that even if audited, you know you are safe when using Social Media as part of a marketing portfolio. The cost of implementing such an approach will always be significantly lower than the potential penalties for not doing so.
The last couple of weeks have seen UK newspapers filled with stories over UK Government plans to expand its monitoring activities to include email and social media. The two extreme ends of the point of view being it’s either the only way to stop criminal activity or one step away from a draconian privacy invasion something a kin to 1984.
Neither extreme is accurate. Obviously the more seriously criminally minded will start to use other methods of communication that are more secure, if indeed they are not already. In a humorous look of the proposed legislation comedian and presenter of the BBC’s Friday Night comedy, Sandi Toksvig recently conjured up the image of two terrorists in balaclavas talking to each other on Skype saying “Yes, I promise you it really is me under here.” However, with the right controls, it can play a significant role in the fight against crime.
At the same time, most people don’t have time to read their own email, let alone anyone else’s. If Government was planning on checking content, which incidentally it says it is not, then it would have to be using keyword or lexicon search.
Type “bomb site:twitter.com” into Google and it is easy to see that just the profile names of tweeters alone would keep someone busy for a long time let alone the messages, so it’s clear that some intelligence would need to be applied to make searching content worthwhile. It also highlights the challenges of scale, something that defeated the Labour government in its attempt to introduce similar legislation in 2009.
Perhaps one of the key issues is that of trust. With stories of local councils using RIPA (Regulatory Investigatory Powers Act) to accuse citizens of flouting the school catchment rules, it’s no wonder many people are wary of giving any government power to see who they call or chat to over the internet. If the TV programme Spooks is to be believed, the security services already have the technology anyway and are using it to listen in to every mundane conversation, text stream and email conversation anyway so what’s the difference? This of course is a long way from reality. However, the monitoring of suspicious traffic is a logical and more importantly, justifiable part of the crime-fighters armoury and with the massive strides being made in keyword and lexicon search and identification technology, also relatively easy to implement.
It is not the ability to listen-in to me telling the world what I am having for dinner on Facebook that is the issue, but how much control is in place to ensure we know who can listen to what.
The bottom line is that the growth of social and electronic media use by the criminal fraternity is a serious threat to our national security and well-being. Last summer’s riots grew at the pace they did because of the use of technology such as Blackberry Messaging, SMS and Twitter and monitoring will allow for the police and security organisations to react quickly and effectively to protect our safety. Terrorist communications have been proven to often be in the form of cleverly coded electronic communications.
“Ah”, I hear you say, “but what about human rights?”. Well, I think we have a decision to make – either we take the view that logically, there will be far too much traffic to allow for any investigator to focus on anything other than posts, tweets and blogs that trigger alarm bells OR we do nothing and run the risk of the criminal element enjoying unparalleled freedom of communication. The real issue is one of checks and balances to ensure responsible application of regulations around monitoring.
For this reason the UK Government, and indeed the others that are bound to follow suit, must ensure that the legislation protects society, whilst also protecting the rights of the individual.
When we look at most industry regulation today, that means implementing the technology to enforce a policy, archive it and provide a full audit trail to ensure that actions are accountable and that only authorised personnel have access. This technology is available today and its use needs to be factored into any policy discussion by government
Although we will have to wait until the full plan is revealed to truly analyse the consequences, I think it is inevitable that this type of legislation will eventually come into force. We live in a world where real-time communications is the norm, it is unrealistic to expect those we look to protect us to do so without the tools to combat others that use them for nefarious activities.
Recently, the SEC issued some guidance that potentially places an additional disclosure burden on public companies. Given technology’s influence in the world of finance and business operations in general, the SEC deemed it an opportune time to issue its thoughts on the role of cybersecurity. It hasn’t been codified yet as a rule, regulation, or statement, but it is indicative of SEC sentiment towards the topic.
With the proliferation of communications channels in use today (think email, instant messaging, Skype, social media, to name a few), this also increases the number of potential avenues for cybersecurity breaches to occur. The ability to easily post content, such as links, videos, podcasts, audio clips, etc., makes these new communications vehicles inviting targets for hackers and other folks with malicious objectives.
So, it makes sense indeed for the SEC to worry about the impact of security breaches on a company’s operations and ultimately its bottom line, which in turn, means it should be disclosed in a 10K. It could very well be that a significant part of a company’s business depends on protection against cyber attacks. For instance, a data center provider must ensure it has the highest levels of security in its buildings and IT infrastructure to ensure that its customers’ data and/or equipment is secure. A breach in the provider’s network will directly affect the performance and fortunes of its customers who rely on near 100% availability, if not 100%, to conduct their own businesses.
And the SEC took it one step further by saying that companies must be specific in their disclosures and not use such generalized language that it can apply to any company. 10Ks are already notorious for reading like soporific legal documents, filled with boilerplate language, but the challenges faced by e-commerce sites might differ from those encountered by social media sites. That’s just one example.
The complexity of cyberattacks and the sophistication of their perpetrators necessitate detailed information in disclosure reports. That’s not to say that a company should compromise its own cybersecurity, but it should at least provide enough information in the 10K to inform a prospective investor the unique security risks that company faces.
In light of the financial scandals and instabilities over the last ten years, investor protection should not be taken lightly. Thus, it’s commendable that the SEC is taking another step in ensuring investors are afforded all relevant data points to make informed decisions. Bravo.
You know that there’s been a seismic shift in the US Government’s communications strategy when guidelines are published by the government for agencies about how they can adopt social networks to deliver a better customer experience.
We can all applaud the good – when the magnitude 5.8 earthquake shook the East Coast in August, the Department of Homeland security was quick to tweet advice on getting in touch with loved ones via social networks, eschewing phone lines which were getting clogged.
But before we get carried away, we need to put this success in perspective.
Just last week, news was released that Air Force One’s flight plans were inadvertently leaked when a Japanese air traffic controller decided to post them on his blog to show off to his friends.
Who needs Wikileaks when you have to contend with the foibles of your own staff?
The threat of malware infection continues to loom large, as our own Jae found out to his chagrin.
There is no time to be complacent. This is why we’ve knuckled down and begun the process of testing our platform for federal government usage. We’ve kicked of with subjecting Vantage and Unified Security Gateway (USG) to the rigorous tests conducted by Science Applications International Corporation (SAIC) Labs.
It is with a mixture of post-exam relief, pleasure and pride that we can reveal that (drumroll please…) we have met the initial requirements for Common Criteria IA SL2 and The Federal Information Processing Standard (FIPS) 140-2.
The process is by no means over, but we’re certainly well on the way, but it’s another confirmation that Federal Agencies can rest assured that our solutions are robust, enterprise-ready and will do what they say on the ‘can’.
Regardless of media – it could be Jabber, Microsoft Lync or Facebook – we can monitor, track and archive content to protect against unsanctioned disclosures and security threats.
What is YOUR federal agency doing with regard to new communications modalities?
Wow, for you naysayers out there that think the government is slow, archaic, and behind-the-times, you may have to reconsider your position. The House of Representatives has OK’d the use of Skype and ooVoo within its hallowed halls. Up to now, security concerns had impeded adoption of these popular Internet phone and video conferencing tools, respectively, but now that those concerns have been addressed, the House is ready to move forward on its plan to improve communications and transparency with its constituents.
In these tough economic times where government budgets are strapped, leveraging technology solutions that tout cost efficiencies are gaining traction. Moreover, technological enhancements and plentiful bandwidth are driving the government to look at other real-time alternatives. Applications like Skype and ooVoo allow for virtual town hall meetings, facilitate responding to constituent inquiries, and obviate the need for travel in many instances. The net effect is a fluid, cost-effective communications channel between representatives and their constituents.
Now, the House had every right to take its time in blessing the use of Skype and ooVoo. Security concerns are justified, given the abundance of horror stories involving security breaches in government and other industries as well. The problem with social media and other Web 2.0 applications is that their ubiquity opens whole new vectors for malware and other types of evil to infiltrate the corporate or government network. The proliferation of content on these types of sites is mind-boggling – photos, videos, wikis, blogs, tweets, and the list goes on and on. But, each one of these types of content can be a springboard for malware.
Given the viral nature of social media and the breadth of the social graph, it doesn’t take much for a virus to spread. A simple, innocent click on a link to your friend’s supposed Morocco vacation pictures may not yield camel pictures, but rather, expletives flowing out of your mouth when you see the Blue Screen of Death.
That’s why you see so many security software and hardware vendors in the marketplace. They’re there for a reason. Not the sexiest technology, but definitely critical to your sanity and to the long-run viability of your company, or in the case of this blog entry, the House of Representatives. Having security systems and policies in place to control the glut of Web 2.0-type applications out there (Skype and ooVoo are just two of the thousands) is downright essential.
Without granular controls of social media, instant messaging, video conferencing, and the like, safely managing that fluid communications channel between government and the constituents becomes that much more difficult. Throw into the mix potential national security implications and one can see why security breaches aren’t taken lightly in government circles.
So, bravo to the House for giving the green light to Skype and ooVoo. Now, I can Skype my congresswoman to fix that pothole in front of my driveway.
Not long ago we blogged about the proliferation of mobile devices being used by the next generation of consumers to access the new Internet and its impact on financial services. This was the topic of a recent webinar and accompanying white paper from Forrester Research, and it’s a growing concern for all businesses – how to create safe, effective marketing programs using the latest social media platforms that drive business in a measureable way.
I recently chatted with Erin Traudt, Research Director at IDC and their resident guru on all things social (Michael Fauscette , you’ll have to forgive me, I’m not lessening your guruness with that comment ) , about the marketing capabilities we recently introduced in Socialite Engage. Erin pointed us to two public Insight reports on the IDC web site that define a new kind of Social Business Framework:
“The democratization and socialization of media through the social web has turned anyone into a publisher, reporter and/or critic – subsequently redefining influence. The social customer, employee, supplier and partner each have a voice and the means to use that voice at scale. And people are listening.”
IDC’s definition of social business is companies using emerging technologies (like Web 2.0 and social media) to make cultural and organizational changes to drive business. According to the IDC report, “Social Business Framework: Using People as a Platform to Enable Transformation,” there are four steps to implementing a social business:
- Identify the market factors driving the need for change to social business. Market factors can include such things as competition, brand awareness, customer behavior, and the economy,
- Recognize social objectives you want to accomplish and why they matter. Social objectives are linked to business goals and include such elements as customer engagement, employee empowerment, partner enablement, and supplier engagement.
- Establish social outputs to support those social objectives. These are the mechanisms you use to share, such as tweets and Facebook posts. Content creation democratizes the process so customers and partners can join the conversation, and you have to consider your community as part of social output, i.e. those individuals who are connected in some way, ideally around your brand.
- Determine the platforms and applications you need to achieve your desired social outputs. These are the software tools that you need to build, deploy, and manage social applications, such as Jive, Lotus Connections, and Facebook, and, of course, tools like Socialite Engage.
As part of your social business strategy, you need to adopt business tools that measure the impact of social output and social media platforms. According to the IDC Insight report Determining the Value of Social Business ROI: Myths Facts and Potentially High Returns, most organizations don’t even know how to calculate ROI for traditional projects, let alone for social business. Identifying metrics to monitor social media engagement allows companies to optimize customer acquisition, decrease customer churn, and create upsell and cross sell opportunities. But to do that, you need to be able to gain control of your social media program and measure the effectiveness and ROI of social media programs.
According to the latest Social Business Survey from IDC, there are five primary reasons that end users use social media as part of social business:
- Acquire knowledge and ask questions;
- Share knowledge and contribute ideas;
- Communicate with customers;
- Create awareness about company product or service; and
- Communicate with internal colleagues.
As part of your social business strategy, you need to think of the impact your social business program has on your social media audience in terms of:
- Reach: How extensive is your online footprint and are you being effective at building an online following?
- Impact: What part of your online community is active, pay attention to your products and messages, and influencing others?
- Yield: How much revenue or new business can you link to active members of your social media community?
These are all factors we took into consideration in when we designed Socialite Engage. We understand that for certain industries it’s essential to not only promote conversation with preapproved content, but to understand how that content performs in achieving social business goals, and which channels are yielding the desired results.
As a firm, as a business, to gauge the effectiveness of a social business initiative, you have to be able to track aggregated engagement across different social media platforms, determine who your key influencers are, and how those influencers are affecting your bottom line. And that’s what we’ve done with Socialite Engage. We’ve designed the means to identify and track key connections into Socialite Engage, and ways to track their influence. We’ve also built in analytics to determine how those connections are affecting business, which channels and messages are having the greatest impact on sales, lead generation, or whatever initiative you have determined will drive your social business.
Embracing social business isn’t just about improving customer relations and increasing sales, it’s about changing the very DNA of your people and the organization. Developing a social business strategy means empowering your people, your customers, your partners, and your suppliers with new tools that can impact your brand and reputation, as well as your bottom line. As a result, you need new tools to monitor the conversations and measure their impact. That’s what our next generation of social business engagement tools is all about.
Follow my experiences in beta testing Socialite Engage – as I endeavor to change the social behavior and the results of social collaboration of Actiance team members, partners and customers. You can watch it all here – at blog.actiance.com (or follow us on Twitter @SarahActiance and @Actiance)
|I may need to wear a shirt like this in the office.|
Most readers of this blog are savvy social media users. I would include myself in that category. Well, I would have until last Sunday.
Yes, I will come out and admit it for once. I got suckered into clicking on a Twitter malware link that was forwarded to me by one of my ‘trusted’ venture friends. Now that I got that off my chest (and demonstrated that I could be just as naive as thousands of users out in the Internet), I think I can talk about this incident somewhat objectively.
It turns out that this particular malware spreads by getting a Twitter user to click on the shortened t.co URL that’s sent via private message. When an unsuspecting recipient clicks on the link, it automatically sends the same tweet to all of the recipient’s followers as a private message. Very sneaky.
It was quite an embarrassing moment when I realized what just happened (I even had to update the new Twitter app to follow the link on my iPhone). Thanks to a couple of my co-workers and good Twitter citizen @DevonAlderton, I came to my senses only after a few hours had passed. Once a few seconds of disillusionment of my malware ‘detect-o-meter’ had passed, I regained my composure to delete all of my private tweets to all my followers (thank goodness I don’t have Kim Kardashian’s follower base) and took remedial action to shore up my defenses.
You are currently browsing the archives for the Web 2.0 category.
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- October 2010
- September 2010
- August 2010
- June 2010
- May 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- July 2009
- June 2009
- April 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- Application Filtering
- Electronically Stored Information (ESI)
- Employee Behavior
- Enterprise 2.0
- Enterprise IM
- Financial Services
- Guest Post
- New Internet
- personal v professional
- Product Announcements
- Public IM
- Retail banking
- RSA Conference
- Securities and Exchange Commission
- Social Networking
- Unified Communications
- Web 2.0
- Web Security