Secure Enterprise 2.0 Blog

What does your bank have in common with Facebook? Nothing spectacular just yet, but if the latest analyst report from Celent is right on the money, then you will soon be able to pay that credit card bill or get a loan while chatting things up with your Facebook friends or checking out sports news on iGoogle.

That’s right, Web 2.0 is coming to your local bank, which makes a lot of sense for both banks and customers. Ever since the explosion of online retail banking, the market has been saturated with similar limited-capabilities websites. So much so, that there is really not much differentiation between the different websites out there.

Meanwhile, customers want full control of their personal finances - to be able to access account information when, how and wherever they want to.

And so, as banks try to find meaningful ways to engage customers, tools such as an iGoogle or MyYahoo personal banking gadget will soon be available at your fingertips.

In fact, financial research firm Celent has recently issued a report on the state of Banking with Web 2.0, reaching some very interesting conclusions -

• 12-18 months before Web 2.0 Banking is reality - banks are already trying to figure out the right technology to offer these tools to consumers, though there is still much work to be done especially as the banking industry continues to experience a downturn.
• Security is critical - an absolute prerogative for any financial institution implementing a new technology, which often brings with it emerging security issues. One industry forum that’s tackling this problem is the Secure Enterprise 2.0 Forum.
• Advanced banking web 2.0 tools to hit the market in late 2008 - which means that some vendors have already had a head start (shameless self-promotion).

(Get the full report here.)

So if Web 2.0 has anything to do with it, you’ll likely be reaching for your mouse, instead of your wallet, sooner than you know it.

IT and business executives are looking for the real business value behind Web 2.0.  In fact, a recently released Forrester survey of 262 enterprise IT professionals reveals that 63 % expect to see Web 2.0 technologies have a moderate or substantial impact on the business.

So what do tools such as Facebook, iGoogle, secure RSS, desktop gadgets, social bookmarking and tagging and other Web 2.0 services bring to the corporate table?

Simply put, they provide companies with the ability to engage customers, channels and partners where they spend their time online. Customers can manage accounts and transactions on their own personal online turf, customized as they see fit. Business channels and distributors can keep track of upcoming marketing activities and business opportunities by easily and securely tapping into corporate databases. Likewise, partners can exchange business-critical info through secure social networks that are intuitive and rife with new ideas and connections.

The Financial Times just published an interesting piece about the business potential in this approach, penned by WorkLight’s very own David Lavenda. -

Think about it this way – enterprise applications contain information that runs the business, while Web 2.0 tools provide the “looking glass” to see the information that is timely, relevant, and critical for business. The key lies in connecting these two worlds to drive more business, securely.

Read more here.

Just came back from the wonderful city of Varese, Italy, where the International Forum on Enterprise 2.0 tackled some of the major issues in the space.

It was great to see an interesting collection of people from across the world at the show - Thomas Vander Wal, Stewart Mader, Laurence Lock Lee, Luis Suarez, Norman Lewis, Ran Shribman and David Terrar. You can catch some of the tweets and off-beat discussion on Summize.

Even more interesting was the high turnout of top business professionals looking to learn how to utilize Web 2.0 tools for business benefit. The Italian business ecosystem is normally characterized by a traditional business culture. Yet, interestingly enough, at the event, the first of its kind in Italy, there were representatives of top companies across a range of industries (auto, pharma, etc). These are companies that typically have a very closed-conservative corporate culture, not your typical early-adopter types.

This may very well be a sign of good things to come.

If you are contemplating incorporating Web 2.0 into your workflow or corporate environment, you should have been yesterday at the Enterprise 2.0 Conference in Boston . In one of the more exciting sessions of the day, Andrew McAfee of Harvard Business School, tackled Web 2.0 issues in the enterprise together with people who have “been there, done it and doing it tomorrow”.

Besides driving home the general message behind the new technology, and how it is affecting business, each one of the panel members provided a simple tip to keep in mind, following their own successful implentation of Web 2.0 tools and solutions in the organization:

• “Follow the JFDI methodology - Just Fricking Do It. If you try Web 2.0 you’ll realize it’s not that scary after all” - Simon Revell, Manager of Enterprise 2.0 Technology Development, Pfizer Ltd.
• “Go big and audacious in Web 2.0 deployments beyond small targeted deployments of specific tools” - Pete Fields, Senior Vice President, eCommerce Division, Wachovia
• “Get the right people to develop the Web 2.0 tools you are planning on using” - Ned Lerner, Director of Tools and Technology, Sony Computer Entertainment
• “The hardest thing to do is give up control, but you should fight for your life against closed spaces” - Don Burke, Intellipedia Doyen, CIA
• “Social me first - pick up Web 2.0 tools to try on your own and then gradually people in the organization will start to see the light” - Sean Dennehy, Intellipedia Evangelist, CIA

Read more about the dialogue that ensued between these Web 2.0 mavericks in this InformationWeek article.

I just read a(nother) great post on ReadWriteWeb, where Sarah Perez says business adoption of web 2.0 is happening right now. Her conclusion echoes Forrester’s message - any business which has failed to get in line, will lose out.

Interestingly enough she points to a recent 60 Minutes story that focuses on how Millennials are changing the corporate culture –

It’s fascinating to watch, and bit quirky to see how “old media” tries to cover a “new-media” phenomenon. In my opinion, the report slightly exaggerates when describing parents’ involvement in their kids’ professional world. But the underlining message is spot-on – the Millennials are coming!

It’s great to finally see that businesses are coming to the same conclusion – in order to retain and attract the incoming tech savvy workforce, and encourage collaboration and increased productivity, Web 2.0 should be shown through the coveted corporate front doors.

In fact, Gartner has just announced the top ten disruptive technologies to affect business over the next five years, and guess what? Social software and social networking, which are just a couple of elements in Enterprise 2.0 toolbox, are on the list.

Like it or not, it’s primetime for Enterprise 2.0

eWEEK just came out with an interesting survey on how and why businesses are “diving into Web 2.0 Waters“.

Over half of survey respondents said their companies are allowing access to social networks at work. Granted, with a pool of some 282 IT professionals, we can’t claim victory just yet. But this is still an important indicator of how enterprises are gravitating towards social consumer technology.

There is good news and bad news that arise out of this survey:

Want the good news first? - When asked what are the drivers for implementing Web 2.0 tools at work, over 70 percent said they are looking for improved communications and collaboration internally and 49 percent said they are looking to reach consumers. In other words, Enterprise 2.0 tools (social networks, RSS, social bookmarking, blogs, etc) are becoming valid business tools.

The bad news? Wherever access is blocked, workers are using these tools unsanctioned by IT or management, putting enterprise data at risk. Nearly half of respondents revealed at least one rogue Web 2.0 app at their company. The security risks are considerable if companies do not provide a secure environment for their employees.

And how are companies dealing with the groundswell? Not very effectively. When asked whether their companies had implemented policies regulating the use of Web 2.0 technologies by employees, only 28 percent said yes.

So there is still much more work to be done, though the benefits of using Web 2.0 to get things done at work are already stepping into the limelight.

Gartner is reporting on how enterprise 2.0 solutions and social applications can actually drive business.

“The opportunity for social software in enterprise or “Enterprise 2.0 technologies” lies in capturing informal customer comments about products, said David Cearley, research fellow at Gartner.”

Socialprise, as it has also been called, is a catalyst for both internal and external innovation. Internally, Web 2.0 is lowering the fences between employees, business units, teams and organization branches, allowing some to jump right over to collaborate or seek advice and expertise. And when it comes to reaching consumers, the same corporate fences open up doorways for fruitful dialogue between businesses and customers.

Out of these discussions arise innovative thinking and novel solutions.

One pathway for this change is of course the social network, be it MySpace, Facebook, Hi5, or any other popular services. The appeal for these consumer technologies is growing rapidly, with IDC revealing a 191 percent growth rate for social networks in the US in 2007.

Of course, when such powerful social tools make their way to the enterprise, into the “walled garden”, security and privacy concerns often arise. Some organizations prefer to “lock out and lock down“, but social networks are a force that must be reckoned with inside the organization. People simply find ways around these policies - as Stephen Collins says - “If you want to find out what tools your staff are finding most useful at the moment, just go and see what your IT department is blocking.”

Companies need to establish secure environments for Web 2.0 tools in the workplace, and the industry needs to pull together some good minds to address security challenges. One initiative is already under way - The Secure Enterprise 2.0 Forum.

Just keep in mind that at the end of the day it all adds up -

“Enterprise 2.0/Web 2.0 tools aren’t about the technology,” Collins says. “These tools provide an easy-to-use platform for staff, clients and other stakeholders to engage with each other, to share information and collaborate. Failing to allow staff to do their jobs properly with the best tools can cost a big company millions of dollars.”

Think about it.

Yonni

Hi, my name is Shahar, and I am a Web 2.0 CEO.

Don’t worry, this is not a “Web 2.0 Anonymous” 12-step declaration… just the best way to describe how I approach my business.

Web 2.0 drills deep into the organization, affecting employees and managers alike. I have heard critics warn that managers relinquish control when employees are allowed to use consumer tools to get things done at work, but I see it as just a better way to drive innovation and creativity.

Remember how difficult it was to get team members to offer real input on your projects, moreover from colleagues across business units and locations? Or how you had to prepare a presentation on a topic you knew nothing about in 15 minutes for the big boys on the top floor? …Of course the next day you realized that a coworker down the hall had done these presentations just about a million times, and could have lent a hand.

As a manager, your team members can share their expertise and work together in new ways, whether sharing information securely on Facebook, or tracking social bookmarks posted by colleagues through del.icio.us. If you give them the tools, or better yet, allow them to pick their own tools – they will surprise you.

So here’s what I recommend –

• Don’t block technology, embrace it if it can bring you closer to your business goals
• Breed an open corporate culture, one that allows you to hear different and sometimes opposing views from your employees

Simple as that, and you will soon see marked improvement in your team’s performance.

Shahar

With usage of public Web 2.0 services such as personalized homepages and social networks growing daily, these services become an increasingly significant tool in the information worker’s toolbox. They are used to network, collaborate, research and stay up-to-date on the latest news and trends.

At the same time, concern arises for the potential security risks involved. In many organizations, the knee-jerk reaction of the information security organization is “block out and lock down” – block the services at the web access layer and make sure all workstations are locked down.

Even if such locks and blocks could be implemented effectively, which is questionable, CISOs should reexamine whether such a strategy is best in the long term. Keeping the latest Web technologies out of the workplace can have a detrimental effect on productivity, as well as employee moral and retention. Ultimately, organizations that decide to lock out the Web today may find themselves left behind.

All that said, security challenges are real, and the intuitive reaction of many organizations is not unjustified. New technologies provide new capabilities but also present new risks like an employee publishing proprietary information on a public blog or using a public bookmarking site as a research tool. Other security breaches may be more elaborate and malicious in nature, such as phishing attempts or newfangled attacks against the latest Web technologies in use within the organization (e.g. JavaScript hijacking and script injection in RSS feeds).

For information security professionals, a balance needs to be struck between providing employees with the tools they need to be productive and maintaining sufficient control to keep security incidents at an acceptable level.

First and foremost, it is critical to define and implement clear use policies for Web 2.0 tools both inside and outside the organization.

In addition to defining policies, there are technical measures that can be taken to reduce the risk of using Web 2.0 technologies in the enterprise:

• Place a middle tier between information back-end systems and Web 2.0 front-ends – Web 2.0 front-ends such as RSS and AJAX gadgets tend to generate many requests. It is therefore advisable to include a middle tier that is optimized for Web 2.0 front-ends and capable of communicating efficiently with back-ends.
• Leverage existing security mechanisms – even when accessing data from Web 2.0 front ends, there is no reason not to leverage existing enterprise single-sign-on or centralized access management.
• Provisioning is critical – maintain full control of application and data provisioning, regardless of how data is consumed or where applications run.
• Address ‘Attacks 2.0’ from the get-go – train developers on the risks specific to Web 2.0 technologies and the accepted best practices to handle them.

The benefits of using Web 2.0 tools in the enterprise are many, ranging from increased productivity to improved employee retention. As with all new technologies, with new capabilities come new risks. While mitigating these risks is challenging, preventing the use of such tools altogether is, in the long term, a much more risky strategy.

Yuval

6:00AM – Bzzzzz. My cell phone alarm clock throws me off the bed, subtly reminding me that I need to get myself in gear. I tune in online to the 101FM website for local news, and learn that today is going to be a nice, bright, sunny day. Yay, that means I can snap on my iPod and peddle to the office on my 10-speed.

6:35AM – Just got out of the shower, and couldn’t resist - going through my Facebook profile. Apparently a friend from the London office just changed his status to “Engaged”. I send him a quick Congrat’s… and throw a sheep at him. He is online, not happy about the sheep, and reminds me that today our group needs to send him the Momo Project presentation. I log into my company’s enterprise social network, WorkBook, and send him the latest draft just to calm him down.

7:30AM – After a nice ride through downtown, I lockup my bike near the sandwich place. Got to get some coffee. As I wait for the morning’s caffeine intake, I twitter a quick “anyone for coffee?” using my cell to see if anyone following me at the office is also craving some Java. Surprisingly enough, two people from the Java team respond with a resounding yes. I should have seen that one coming.

9:45AM - Just got out of the weekly meeting. There’s some good stuff happening and more to come in the pipeline. I get on my laptop, and see on SharePoint that someone from the New Delhi office had formed a new group on the secure WorkBook social network focused on Marketing Initiatives. That’s interesting, I don’t know him personally, but apparently he is looking into similar things. I join up and we brainstorm some new ideas on the upcoming product release. I need to show my boss some of this stuff.

10:30AM – My boss is excited my the del.icio.us bookmarks I shared with her, following my discussion with the New Delhi contact (aka @asiamarketman on twitter. From now on I follow him). She’s going to bring it up in the next management meeting. Cool.

12:10PM – I go down to the sandwich place for a quick bite. Nothing fancy, but worth a Facebook status update – “..is eating. This time no MSG.”

2:07PM – I log into LinkedIn and see that one of our competitors has posted a Q&A about SEO. I need to read up on it, so I open up my RSS reader and skim the techy blogs. ReadWriteWeb has some nice info that I share with some people at R&D, and quickly set up a specialized RSS feed on the topic. Immediately three people from R&D ask to get access to the feed, so I give them permission.

4:26PM – Just got off the phone with some potential partners. There is good chemistry there and I like their attitude. There is something to be said about setting up strategic partnerships at this stage of our company’s growth, and I plan to post a quick entry about it on my blog later tonight.

6:15PM – Kept busy writing up the new proposals on the wiki and finally posted them to our network. Sweet, I see that my buddy at the L.A. office just downloaded it through the secure Facebook overlay.

7:23PM – Before packing up, I remember I need to get approval for my business trip expenses, so I post a request on my iGoogle gadget. I see that my manager has already approved my upcoming vacation request. That was fast. I go downstairs, get on my bike and head home. Another good day at the office.

10:25PM – Changed Facebook status to “…Zzzzzzz :-)”