Social media was and will always create compliance headaches unless there is a way of monitoring its use. Autonomy has come up with a solution to do just that, while Laserfiche produces a governance framework for public sector workers.

Autonomy Tames Social Media Risk

Love ‘it or hate it, social media is part of the way we do business now. For enterprises concerned about compliance issues and the way employees use social media, Autonomy has just launched Social Media Governance, a solution designed to deal with these problems.

Extending Autonomy's (news, site) compliance platform it automatically identifies content and conversations on social networks that less sophisticated keyword search technology would miss, and enables a corporation to relate them to a its existing compliance infrastructure. Capabilities include:

  • Connectors and aggregation of thousands of feeds, blogs and social media sites
  • Enterprise defined conceptual search of content
  • Compliant archiving of content needed for regulatory purposes
  • Monitoring based on enterprise policies

It also includes workflows, trend analysis and dashboards which combine data from all customer-facing channels, including email, audio, video, IM, web content, as well as social media.

Probably worth a look for those who know their employees need to be out on the social web, but are not sure what risks they are exposing themselves to compliance-wise.

UK Companies Face Major Data Breaches

Here’s something you probably suspected, but didn’t have any hard evidence to back up. New research by Recommind (news, site) shows that in the UK there is a ‘stark disconnect between organizations’ awareness of the risks associated with electronically stored information (ESI) and their ability to address the situation with adequate budget’.

Somewhat of a mouthful, but it basically means that enterprises are not putting enough money into securing their electronically stored information.

Even worse, the research also shows that most still are not taking action to reflect these strategic information risk concerns, creating a situation ‘rife with danger in the current political and economic environment’.

While information risk, compliance and regulations were the most important consideration for 83% of organizations just 38% are focusing the majority of their information management budget for 2010 on compliance, the research showed.

There are some really surprising findings here given some of the high-profile risk and governance cases in recent years. For example:

  • 91% see data breaches are the biggest concern but only 55% use this to implement risk strategies.
  • Only 52% considered information compliance a major risk
  • 17% cited email management as a concern
  • 38% were focused on document management and enterprise search
  • 7% factor social media and Web 2.0 risks into their 2010 budgets.

The research was carried out by Vanson Bourne for Recommind and, a new project and website dedicated to raising awareness of information risk issues. It consisted of a survey of 200 CIOs within large UK organizations in April.

Laserfiche Offers Governance Framework

On the issue of information governance, Laserfiche (news, site) has just a launched a new framework for employees of municipal bodies that will plot the line between keeping too much information and creating e-discovery problems, and keeping too little, which could land your organization in compliance hot water. Laserfiche’s framework is built around four components:

  • People: Recognizing the need for information governance
  • Policies: Focuses on desired outcomes rather than limitations and limiting effects of governance
  • Technology: Implementing enterprise content management (ECM) for automating the organization’s approach to information management
  • Risk management: A well-vetted records management policy that ensures consistency of information

While it is designed with the public sector in mind, there are many issues in it that equally apply to the private sector. More on that later.

Symantec Continues Buying Spree

On the acquisition front, Symantec (news, site) is to buy VeriSign's data encryption and online security business for US$ 1.28bn, to support its continued expansion in the electronic transactional market and follows on last month’s announcement that Symantec will also be spending US$ 370m on buying data encryption firms PGP and GuardianEdge.

The deal will see it buy VeriSign’s identity and authentication business, which has five principal component areas:

  • Identity security
  • Securing mobile device information
  • Securing information from loss, attack, theft and misuse
  • Delivering information relevant to requests, people and their professional roles
  • Securing delivery of information from public and private clouds

Is Your Enterprise ISO27001 Compliant?

And back to the UK where IT Governance is launching an upgraded version of its risk assessment software tool vsRisk, which helps organisations achieve ISO27001 compliance -- ISO27001 being the international standard for information security management systems.

vsRisk is a wizard-based application that reduces the time and cost of undertaking an ISO27001-compliant risk assessment. The latest edition, v1.5, simplifies each step of an ISO27001 risk assessment, enabling compliance project managers to undertake a rapid appraisal of all enterprise key information security areas.

It can also look to the future and can record risk controls that are planned for future introduction, as well as those already deployed.

This means that, as well as producing audit reports, vsRisk can serve as a day-to-day operational tool, showing at a glance where an organisation stands in its progress towards ISO27001 compliance.