Jaime Gesswein says it's his job to be paranoid.
So when doctors and staff at Children's Hospital of the King's Daughters in Norfolk, Va., began requesting access to YouTube to view medical videos and Facebook for monitoring patients' comments, Gesswein, who's in charge of network security, was more than a little skeptical.
"I can look at all the disadvantages," including overuse of bandwidth, security risks and patient privacy issues, Gesswein says. "But if [social networks] are providing [hospital employees] with the information they need to give better care, you have to figure out how to balance access to these sites." He now grants access to about two-dozen workers -- less than 1% of more than 2,500 IT-using employees -- through a proxy server.
What concerns him more is the recent discovery that a few employees -- without IT's involvement -- have been using social networking tools to communicate with other facilities, doctors and administrators to share medical information.
"If it were [solely] up to me, I would say no way," Gesswein says, noting that medical staffers are often more influential than the IT employees in a hospital setting. "But it's the wave of the future. Those people who fight it are fighting a losing battle."
It's a common dilemma facing many forward-thinking organizations. Social networking and microblogging are changing the way people communicate, and they're starting to bleed into the enterprise -- with or without the IT department's knowledge or control.
In a survey of more than 2,000 U.S. employees and executives by Deloitte LLP in April, some 23% of the executives polled said their companies use social networking as an internal communications tool. The report on social networking and reputation risk in the workplace also found that one-third of respondents were using social networking tools to manage and build their brands, and 22% of executives said they would like to use social networking tools at their companies but hadn't figured out how to do so.
Can you trust the public cloud with company information? Or are you ready to start using a customized internal social network controlled by the IT department? Users discuss the pros and cons of each option.
Public social networking
Public sites such as Facebook, YouTube, Twitter, MySpace and others have infiltrated all facets of employees' lives. It's only natural that people are going to go with what they know when it comes to communicating with co-workers and clients. But public sites lack the security and controls that organizations require -- not to mention safeguards against the snooping eyes of competitors.
"Social networking tools are great for reaching out to customers, but employees sometimes overstep their boundaries," says Oliver Young, an analyst at Forrester Research Inc. He recently spoke with a hospital manager whose nurses were "friending" patients on Facebook and providing medical advice outside of the hospital's legal purview. "It's a huge risk for them," says Young, and the hospital wanted to prevent it from happening again. Employee education was the answer.
"If you're doing anything other than customer support or marketing on a public social network, then it's risky in terms of data retention," says Jevon MacDonald, a senior partner at Dachis Group, which develops custom social networks for businesses. "Consumer [social networking] services aren't safe enough. I've heard about companies creating private groups on Facebook, but there's just no security capability strong enough for an enterprise to use," he adds.
Internal social networking
Dozens of boutique vendors offer customized software services for internal social networks. Microsoft Corp. and IBM are also upgrading their document collaboration tools to add social-networking-type features. Internal social networking tools provide the same kind of interpersonal collaboration as the popular public sites, but they also include document collaboration and even interaction with back-end office systems -- all behind the firewall.
"The biggest advantage is that you can integrate ERP and CRM systems into the stream and leverage those processes -- making them actionable," MacDonald says.
"There are real successes with the inward-facing [social networks]," says William Zachmann, senior enterprise social networking analyst at Wainhouse Research in Duxbury, Mass. He points to big multinational companies that use them to identify employees with expertise in certain areas, which helps staffers easily find the go-to people when they need them.
But collaboration on a massive scale has its challenges. "It's a tricky thing to do. You're not just installing software, you're trying to deal with the social structure of the company and the psychology of people," says Zachmann.
What's more, internal social networks can fall victim to the same massive information overload as public sites and e-mail. "They don't inherently reduce information," Zachmann adds. Companies must develop filters for determining what information goes to each employee.
Services such as Yammer, Socialcast and Huddle -- and software-as-a-service-based offerings like Socialtext -- provide a middle ground between public social networking sites and customized, behind-the-firewall setups.
At these sites, any employee can start a free network feed and invite other colleagues to discuss ideas, post news, ask questions, and share links and other information. Employee profiles and conversation threads are also easily summoned. Access to these conversations is restricted to employees with valid company e-mail addresses.
But because they are free and easy to set up, these networks can pop up without IT's knowledge, and gaining control after the company's information is out there will cost you. At Yammer.com, for instance, companies can pay to administer their own networks.
Also, employees who leave a company will still be able to access the company's network unless an administrator removes them. "That mixture of present and past employees can be a dangerous mix," Young says.
Another concern -- especially for companies in highly regulated industries such as financial services and pharmaceuticals -- is the risk of having social networking conversations summoned into a legal proceeding. Without control over archiving, it would be difficult to produce documentation, Young warns.
Right now, Yammer is a relatively techie-oriented tool used mostly by technology firms and companies with a lot of engineers. But it could also appeal to small organizations or departments that are "hive-minded" and already like to share information, MacDonald says.
"There is no question you can get some genuine benefits if you use the right platform and do it right. But identifying what the right platform is and doing it right is not all that easy," Zachmann says.
Start with a project or small group and apply one of the social network strategies. If it adds value, begin thinking about the entire business as an ecosystem that could potentially be redesigned to utilize these tools, says MacDonald.
On the flip side, "if it's not productive -- if employees don't say 'I really want to work this way' after the initial frustration people always have with changing to any technology -- then you shouldn't be using these tools," says Young.
Eventually, social networking features will probably be integrated with the document collaboration tools that companies are already using, and they'll be included with software upgrades, industry watchers say.
But enterprise social networking is at a very early stage, and whether it achieves widespread adoption or is just a flash in the pan remains to be seen, Zachmann says. "It looks like it will continue to gain traction," he says, "but we're not talking about something that's going to take over the world tomorrow."
Collett is a Computerworld contributing writer. Contact her at email@example.com.
This story, "Public cloud vs. internal social networks" was originally published by Computerworld.