How to Develop a Social Computing Policy

By Elizabeth Wasserman

Businesses and other large organizations can potentially harness the technology tools associated with social computing, or Web 2.0, which have altered how people use information and interact with one another over the Internet. Wikis can be used inside an organization to encourage employee collaboration. Blogs have the potential for disseminating important information to the workforce. Podcasting can be utilized for employee training. And social networks stand to allow the exchange of ideas and information across the enterprise based on common problems or areas of interest.

However, as with other "disruptive" technologies -- such as the Internet, email, and instant messaging (IM) -- CIOs and other IT managers need to assess the potential risks that these technologies pose to the organization. CIOs can learn from how they dealt with other disruptive technologies in order to better react to this next generation of digital data usage. While many large organizations first tried to suppress widespread Internet or IM usage among employees, many found that if employees weren't provided company-sanctioned technology tools, then they would bring in or download consumer-grade IM programs or browsers. Consumer-grade technologies are often more rife with security vulnerabilities.

Many organizations responded by providing employees with browsers and IM tools that had better security. They then devised "acceptable use" policies that outlined what should and should not be done using these technologies while on company time and company computers.

Experts say there are parallels with social computing technologies.

"In a lot of ways, Web 2.0 is just a fancy name for the Web of today," says David Mitchell Smith, a vice president and fellow at Gartner. "There have been advances and capabilities added over the past few years. And whenever you add new functionality, you open up new security holes. But a lot of what people have been doing by creating acceptable use policies -- for what you allow and what you don't allow -- is applicable here."

Developing a social computing strategy
An online survey of IT decision-makers by Gartner, published in July, found that many organizations did not know how to assess the implications of Web 2.0 and develop a strategy for business use. The survey found that only about 13% of organizations have a Web 2.0 strategy, but nearly 16% believe the technologies are irrelevant to their organizations. About 70% of respondents acknowledge that they need or are devising a strategy.

Many CIOs and IT managers are starting to recognize that social computing tools can be helpful to employees for business purposes, rather than merely creating new ways for malicious code to enter the organization's computers and network. A Forrester Research survey in June found that respondents estimate that 15% of employees in their organizations use podcasting for business purposes, 16% use blogs, 13% use social networking, 16% use RSS syndication tools and 14% use wikis -- either on their own or as part of a corporate initiative.

"It's harder to shut these tools down. There are more of them, they're easier to access, and there is business value in them," says Roy Koplowitz, a co-author of the Forrester report, Web 2.0 Social Computing Dresses Up for Business. "You shouldn't be thinking in terms of shutting them down. You should be thinking in terms of embracing and controlling them."

CIOs and other technology-decision makers need to take the following steps to understand the spread of social computing within their organization and devise and implement a policy for usage:

• Audit employee use of Web 2.0 tools  Koplowitz recommends surveying the workforce to determine how social computing is being used already inside your organization. This includes use of both sanctioned and unsanctioned tools.
• Recognize the value of these technologies  While much of the public focus on Web 2.0 has been on consumer use of social networks, such as Facebook, or wikis such as Wikipedia, there is potential business value in letting employees in branch offices exchange ideas over an internal social network or collaborate on large documents or files using wiki technology.
• Test the tools   These technologies can be tested on a small scale for a very low cost. Unlike other organization-wide applications, such as enterprise resource planning (ERP) or customer relationship management (CRM), Web 2.0 tools don't cost a fortune for a large organization. "There are a half-dozen vendors who will get a trial group started for about $20 a month" in a large organization, Koplowitz says. There are also vendors who provide Web 2.0 technologies on the basis of software-as-a-service (SaaS), which has a "low-cost entry point," he says.
• Set up acceptable usage policies  Look at your organization's existing acceptable use policies for Internet and email usage. Many such policies may be applicable for Web 2.0 tools. If not, devise new policies covering what sensitive company or personal information is acceptable or unacceptable to disseminate with social computing tools. Draw a distinction between interior wikis, blogs and social networks versus public wikis, blogs and social networks. Make sure these policies are communicated to employees.

When developing policies and strategies for using social computing, IT managers should include counterparts from other divisions of the organization.

"You need to include human resources and legal and all the folks who are going to make sure that it meets the standards for compliance," Koplowitz says. "You also need a line of business people involved. We want these things to be used. We want them to be adding business value."

Elizabeth Wasserman is the editor of the CIO Strategy Center. She has been writing about technology for more than 10 years for such publications as the San Jose Mercury News, CIO Insight, and Inc magazine, among other news outlets.