Social business made its official debut as a key business driver in AIIM’s State of the ECM Industry Report, 2011 (AIIM.org). Before you send that celebratory tweet, this milestone is more of an acknowledgement of what we already knew: social media and E2.0 collaboration tools like blogs, wikis, instant messaging, message boards and micro-blogging are used in business environments to facilitate collaboration and information sharing. Hardly shocking. The state of social business is ultimately characterized as concerning and chaotic and in need of immediate social governance.
According to AIIM, 53% of companies with over 5,000 employees utilize social business, and 29% of those with less.
In my experience, I haven’t come across a company (in the last few years) where its employees did not find ways to utilize consumer-based and/or Web 2.0 programs for social business purposes. Many employers can block access, but savvy employees still manage to bypass the network, notably when using smartphones or tablets/iPads. If this is true, that means that social media and collaboration usage policies may be necessary for ALL companies — even those NOT “officially” utilizing social business.
AIIM highlights the lack of usage and retention polices, poor audit trails, and inability to monitor or retain mobile activities, which are further exacerbated when employees are not adequately trained on usage policies. The gap between creating the usage policy and the active practice of that policy among employees is not well documented. Creating the policy is one thing; distributing the policy to employees is another, but how do you know — and monitor — that it met its intended objective? Other gaps from AIIM:
New Traps: Coffee Compliance?
In this social, E2.0, Web 2.0, uber-connected wifi’d mobile world, grabbing an afternoon coffee could place social governance on Defcon Level 1. Does your social business usage policy educate employees on how innocuous activities — such as going to a Starbucks — could inadvertently create an eDiscovery nightmare?
Jill makes a late afternoon run to Starbucks. As she orders a latte, her work Blackberry automatically connects to the store’s wifi network. (Jill is a cost conscious corporate citizen and realizes that she can save on data costs using wifi). As her email is downloading over the unsecure network, she’s on Blackberry Messenger and IMs her co-worker the final approval for the pricing proposal. Her latte now in hand, Jill heads for the door when her smartphone vibrates: it’s an email from the design team with the new product brand logo.
She forwards the message to her personal email so she can view it on her iPad (bigger screen). Thrilled to have these last details sorted, she calls the creative director and signs off that the logo is approved for production. Feeling triumphant — it’s been a productive coffee break — Jill walks back to the car — but not before firing off a tweet informing the Twitterverse how happy she is: the new brand icons look amazing for the product launch next week.
Given each activity Jill made in this scenario introduces some form of risk — for starters, the considerable lack of continuity and poor audit trail comes to mind. No surprise that McAfee's report on Web 2.0, “A Complex Balancing Act,” estimates that over $1.1 billion was lost due to security incidents among the 1,000 companies surveyed. The report highlights that large organizations paid even steeper costs for security breaches, with average losses for a large organization around $4.5 million, an average reported loss around $10 million in Japan and Singapore, and more than $8.5 million in Canada. Large organizations in the United States have managed their security risks better and reported a relatively lower average loss of $1.7 million.
Where Do We Go From Here?
Whether your company embraces or blocks social business, the consequences of not planning for it (and even NOT having it) are mandatory. Utilizing social business and applying good governance practices with ongoing education, training, communication and monitoring are proving to have upside. Blocking it and not knowing what employees are doing on their mobile devices and consumer sites while representing the company add risk and real cost as noted in the McAfee report above. Like all enterprise content management practices, it takes people, processes (including policy) and content that fosters collaboration and knowledge-sharing but within a secure, governed environment.
I reached out to an industry expert to get the “environment” point of view and to understand if this utopia — the state of governed social business — could be realized. Kimberly Edwards, senior product marketing manager at OpenText, has an extensive background in ECM, social business, E2.0, Web 2.0 and even compliance. I asked her to comment on the state of social business and social governance: