Social business made its official debut as a key business driver in AIIM’s State of the ECM Industry Report, 2011 ( Before you send that celebratory tweet, this milestone is more of an acknowledgement of what we already knew: social media and E2.0 collaboration tools like blogs, wikis, instant messaging, message boards and micro-blogging are used in business environments to facilitate collaboration and information sharing. Hardly shocking. The state of social business is ultimately characterized as concerning and chaotic and in need of immediate social governance.

The Stats

According to AIIM, 53% of companies with over 5,000 employees utilize social business, and 29% of those with less.

In my experience, I haven’t come across a company (in the last few years) where its employees did not find ways to utilize consumer-based and/or Web 2.0 programs for social business purposes. Many employers can block access, but savvy employees still manage to bypass the network, notably when using smartphones or tablets/iPads. If this is true, that means that social media and collaboration usage policies may be necessary for ALL companies -- even those NOT “officially” utilizing social business.

The Gaps

AIIM highlights the lack of usage and retention polices, poor audit trails, and inability to monitor or retain mobile activities, which are further exacerbated when employees are not adequately trained on usage policies. The gap between creating the usage policy and the active practice of that policy among employees is not well documented. Creating the policy is one thing; distributing the policy to employees is another, but how do you know -- and monitor -- that it met its intended objective? Other gaps from AIIM:


New Traps: Coffee Compliance?

In this social, E2.0, Web 2.0, uber-connected wifi’d mobile world, grabbing an afternoon coffee could place social governance on Defcon Level 1. Does your social business usage policy educate employees on how innocuous activities -- such as going to a Starbucks -- could inadvertently create an eDiscovery nightmare?

For example:

Jill makes a late afternoon run to Starbucks. As she orders a latte, her work Blackberry automatically connects to the store’s wifi network. (Jill is a cost conscious corporate citizen and realizes that she can save on data costs using wifi). As her email is downloading over the unsecure network, she’s on Blackberry Messenger and IMs her co-worker the final approval for the pricing proposal. Her latte now in hand, Jill heads for the door when her smartphone vibrates: it’s an email from the design team with the new product brand logo.

She forwards the message to her personal email so she can view it on her iPad (bigger screen). Thrilled to have these last details sorted, she calls the creative director and signs off that the logo is approved for production. Feeling triumphant -- it’s been a productive coffee break -- Jill walks back to the car -- but not before firing off a tweet informing the Twitterverse how happy she is: the new brand icons look amazing for the product launch next week.

Given each activity Jill made in this scenario introduces some form of risk -- for starters, the considerable lack of continuity and poor audit trail comes to mind. No surprise that McAfee's report on Web 2.0, “A Complex Balancing Act,” estimates that over $1.1 billion was lost due to security incidents among the 1,000 companies surveyed. The report highlights that large organizations paid even steeper costs for security breaches, with average losses for a large organization around $4.5 million, an average reported loss around $10 million in Japan and Singapore, and more than $8.5 million in Canada. Large organizations in the United States have managed their security risks better and reported a relatively lower average loss of $1.7 million.

Where Do We Go From Here?

Whether your company embraces or blocks social business, the consequences of not planning for it (and even NOT having it) are mandatory. Utilizing social business and applying good governance practices with ongoing education, training, communication and monitoring are proving to have upside. Blocking it and not knowing what employees are doing on their mobile devices and consumer sites while representing the company add risk and real cost as noted in the McAfee report above. Like all enterprise content management practices, it takes people, processes (including policy) and content that fosters collaboration and knowledge-sharing but within a secure, governed environment.

I reached out to an industry expert to get the “environment” point of view and to understand if this utopia -- the state of governed social business -- could be realized. Kimberly Edwards, senior product marketing manager at OpenText, has an extensive background in ECM, social business, E2.0, Web 2.0 and even compliance. I asked her to comment on the state of social business and social governance:

It’s a balance: how to remain productive and connected while ensuring that I do not expose the business to risk when I step outside of the firewall. The business must be adaptive and equip users with the right tools at the right time -- accessible from the right device that is safe, secure and compliant. Social business will continue to evolve and the enterprise needs to have in place an infrastructure that can grow and evolve with social business. This means supporting multiple devices such as a PC, smartphone and iPad, and equipping employees with social, immersive and collaborative tools such as real-time messaging, access to community spaces and micro-blogging to support all channels of conversation which reside in both systems of engagement (“social”) and systems of record (“governance”). It’s easier for us because we have both systems within a single platform which ensures information governance easily extends and supports all the social and collaborative elements both inside and outside the firewall. My advice is that while there are risks that need to be considered when cultivating a social business, the risk of ignoring it will always be higher. The enterprise that does not adopt a social business will be left behind.

Social Governance: It’s Time!

Here’s the good news: there’s a wealth of information, resources and best practices available for free online that can help to fill the gaps and bring awareness to the traps. Here are some recommendations:


Social business usage strategy and policy There are 178 Social media, community, blogging and related usage policies that you can download and review at
Educating and training employees Great Slideshare on “Social Media and Corporate Governance” from Filtrbox and also has many reports and best practices posted online.

Social governance: monitoring, managing and updating policies, procedures and processes as required As usual, AIIM has a comprehensive report online, Social Business Roadmap.

 [Editor's Note: You may be interested in reading: