Social networking: the business case
Spread the word: social networks do have the potential to become business enablers if you get to know them well enough. E&T explains how.
The tangible fruit of Web 2.0's rather nebulous branches, online social networking - epitomised by websites Facebook, LinkedIn, MySpace and Twitter - is becoming increasingly pervasive in the enterprise workplace; this is a development that's causing repercussive reactions in the minds of many chief information officers (CIOs).
For some, social networks are a new bête noire that epitomise all that's frothy, ephemeral, and irrelevant about the Web 2.0 concept, with the added effrontery to represent potential malware threats, and to nab enterprise network bandwidth. To others, social networks are a business opportunity to be approached cautiously but optimistically, that offer new avenues for extending sales, marketing, recruitment, research, and technical support, which complement traditional working practices.
With 50 per cent of the UK's Internet users predicted to visit social networks at least once a month by 2013 (according to analyst eMarketer), and some office workers claiming to spend at least 30 minutes a day on such sites (according to Global Secure Systems/Infosecurity Europe), the need for IT professionals to engage with the phenomenon is unavoidable.
In February 2009, social network usage exceeded Web-based email usage for the first time; indeed, according to Sophos senior technology consultant Graham Cluley, social network sites are "just email, only quicker". In an obliquely ominous remark, Charles Buchwalter, senior vice-president, research and analytics, Nielsen Online, opines that "the Internet remains a place of continuing innovation, with users finding new ways to integrate online usage into their daily lives". It is this user-driven integration that's become of increasing issue for the IT function.
Evidence suggests that CIOs' principle worries in respect to social networks centres around five areas of concern: perceived loss in staff productivity; data leakage from staff gossiping freely in an open environment; malware and phishing scams practised by cyber-crooks; the open access potentially offered to the company servers by lax and outdated attitudes towards passwords.
Blocking staff access to sites has been a primary knee-jerk response to managing the issue, but this creates additional management overhead for the IT administrators, and keeping abreast of the scale of the phenomenon is another ongoing challenge. There are nearly 900 Internet applications and websites classed as 'social networking', with more appearing each week. For every Twitter, there's a Twine; for every LinkedIn, there's a Friend Of A Friend (FOAF); for every MySpace, there's a Bebo.
Block staff access to one site, and savvy employees will likely find an overlooked alternative, or they will employ a handy workaround for their blacklisted favourite. "The danger is that by completely denying staff access to their favourite social networking site, organisations will drive their employees to find a way round the ban," notes Sophos's Cluley. "This could potentially open-up even greater holes in corporate defences."
This has not deterred many organisations from implementing this tactic. NHS Waltham Forest blocks access to popular streaming and download sites. The United Arab Emirates government shut down access to Google's Orkut social network in July 2007, on the grounds that the site contained sexually explicit material and was being used for 'immoral activities'. Flickr, Hi5, MySpace and YouTube were also under review.
The government of Montenegro banned Facebook in all its offices, while at the US Department of Homeland Security, employees are even forbidden from viewing the Department's own Facebook page at work. Similarly, the US military banned access to YouTube, setting-up a special alternative called TroopTube: access to this site was subsequently also blocked.
In many cases, however, with thousands of active user groups already set-up on social networks, companies almost have no choice but to adapt to their use; after all, it is far easier to monitor staff activity if you know where they all are.
Also, for every page that purports to be the official company page, there may be dozens that lay false claim to that title. Companies have to be proactive in directing users to the preferred location: maintaining a public list on the company website of all its various social networking activities will ensure that employees and customers know what, who, and where to trust.
Rules of engagement
The alternative to clamping-down is ramping-up. Organisations would be best advised to cautiously engage with social networking services, formulating a multilevel approach as part of an acceptable usage policy. Granularity is key: if only certain aspects of a social networking service trouble you, can you disable access to those aspects alone?
"Access control in a Web 2.0 environment has to take into account the application itself," says Iftach Ian Amit, Aladdin Systems' director of security research, "and the level of granularity that should be reached."
It's an approach endorsed by Nick Sears, VP EMEA at FaceTime: "Measures should be taken to provide granular control over the myriad of applications and widgets within each social networking site."
This loosening of corporate controls should certainly be tempered by an appreciation of the nefarious activity on social networks, with the majority of malware and scams today now perpetrated via these services: they are easy to program, easy to deploy, platform-agnostic, and offer appreciable returns for the cybercriminal.
"The initial productivity concerns that many organisations harboured when Facebook first shot to popularity are giving way to the realisation that there are more deliberate and malicious risks associated with social networking," says Sophos's Graham Cluley. In a February 2009 Sophos survey of IT professionals, 20 per cent cited the threat from malware as the main reason for restricting access.
"Organisations need to incorporate defences into their IT security policy," Cluley continues, "and a key part of this is to educate individuals to choose strong passwords to prevent cybercriminals taking over online accounts which could provide an entry point to the IT infrastructure."
However, social networks are here to stay, Cluley believes, so it is important for businesses to find a practical way to work with these sites and not against them: "By adopting a more holistic approach - including investment in greater security and control solutions, as well as offering comprehensive user education - organisations will be better-equipped to deal with social networking risks."
Social network positives
There are also examples of commercial incentives for investigating and experimenting with social networks as business enablers. Market-leading companies like Gibson Musical Instruments, for instance, are not afraid to go all out: it has dedicated areas at Twitter, YouTube and MySpace, along with a special version of its entire website optimised for Apple's iPhone and iPod Touch.
In the UK, Team Woolies is relaunching Woolworths as an online-only retailer, seeding the populace with a stream of 'tweets' and blog updates on its own website, which is laden with the trappings of Web 2.0: blogs, videos, podcasts.
Outside the UK, organsations are actively leveraging the power of social networks to find new business opportunities, new groups of like-minded individuals and companies, and new sources of industry-specific wisdom, advice and expertise. Many companies are also investigating social networking sites' potential to recruit new employees, including the UK Secret Intelligence Service.
Concomitant with the social networking sites come third-party analytical tools that can transform a micro-blogging site like Twitter into a valuable mine of market research information. An application like Tweetscan allows users to mine the Twitter archives, studying conversations, picking up trends and producing a wealth of information about how customers engage with products and services - or those of competitors. This kind of market intelligence was very difficult or expensive to acquire before.
Savvy managers recognise the benefits of social networking and implement a reasoned policy that allows monitored access. A logical extension of this is to employ people to act as Web 2.0 ambassadors. Such people spend their entire day maintaining the sanctioned company presence on various social network sites, acting as a company's 'voice'. Such roles are arguably not that different from methods employed by more traditional marketing and sales operatives.