Privacy, Data Ownership and Identity in an Increasingly Social World

Cross-posted from CloudAve by Ben Kepes.In the past a large number of companies, when asked about instant messaging, claimed that they block it. Today, with a new generation coming into the workforce completely used to using many social sites, most companies have given up trying to block and have instead moved into moderating behaviour rather than outright blocking.IT managers positioning towards Web 2.0 is much more open than many people think contends Ambwani - he reports that across a couple of hundred thousand enterprise end users the average worksite had 95 different social networking sites used. They track over 900 social network platforms. On Facebook alone the average enterprise site will have 98 different Facebook applications within its site. People are looking for a free unimpeded flow of information and are going to the place where they feel they can get that - increasingly that''s not email or IM, it''s instead Twitter and Facebook.Two things are going on here - regulations are getting more strict while at the same time generational and technological change are making the separation of work and home somewhat artificial. Gen Y blurs the distinction between at work and at leisure - trying to force them into one way of working is impossible. Don''t look for a panacea to this problem, understand how things ebb and flow - work on mitigating risk.There is no longer one single repository - data is stored in myriad different places and people realise that - data storing and logging is increasingly difficult or even impossible.Separate accidental loss from intentional loss from external access loss. Accidental loss is more readily mitigated against. Intentional loss is more difficult. The mission should be to raise the cost of access for malicious parties to such a point that the risk is mitigated to a reasonable level - it''s a cost vs return discussion. Security/compliance done right should be transparent to end-users Everyone wants to know: How can you help me safeguard the data regardless of the platform? A comment at the height of "oh really?", a large financial services firm announced this morning that Facebook, Twitter, MySpace etc are all electronic communications and must therefore be monitored.A survey asked if the social generation "is networking or not working" - content leakage was the biggest issuefollowed by brand image.Surprisingly enough productivity was a very low concern within enterprise. Every action and inaction has a risk and a reward - organisations need to balance that when looking at security. Choosing not to adopt a social tool may have a negative impact on the business.Like all things this is a risk versus return decision and knee jerk reactions are unhelpful and potentially detrimental.