Balancing Social Fervor with Governance Concerns

While your end users may be clamoring for all things social, we need to not forgot one of the primary reasons we have SharePoint in the first place: its native, role-based security features. Most organizations go to great lengths to ensure only the right people have access to certain content, and that the content adheres to — in some cases — strict industry and regulatory standards. Unfortunately, social activities do not always comply with these strong security and governance standards, and organizations must take steps (sometimes very manual steps) to mitigate any risks and governance concerns.

In a recent InformationWeek article entitled “Is Yammer-SharePoint Integration Right For You?,” senior editor Kristin Burnham spoke with Rob Koplowitz, a VP and principal analyst at Forrester about the governance concerns of social capabilities within SharePoint hybrid deployments (with both cloud and on premises components), or pure cloud social using the Yammer platform. According to Koplowitz, “Human resources will be concerned about employee privacy. Legal will be concerned about compliance, and R&D will be concerned about intellectual capital. There’s a business value upside to a collaboration tool, but there’s also risk. Risk can be mitigated.”
(You can read the full article at http://ubm.io/177zIjj)

Historically, Microsoft has a strong record of mitigating security risks. In fact, as most cloud-based competitors have focused on rapid innovation, one of the chief criticisms of Microsoft’s slow release schedule has been due to their concerns about backwards compatibility, security, and integration across their product suites. But the way that Microsoft approaches product development is changing. With the $1.2 billion acquisition of Yammer last year, the changes inside the company are not just window dressing — the change has been rather dramatic, beginning with their move from a 3 year (at best) release schedule to quarterly, monthly, and in some cases even weekly releases of its cloud-based offerings, with a rumored 6 month release cycle for major on premises features. As for the governance and security concerns, its only a matter of time before Microsoft closes those gaps — either directly, or with the help of its partner ecosystem.

In my latest webinar, I walk through an overview of what governance means within a SharePoint world, and try to point out some of the gaps where there are not yet native solutions in place. From a SharePoint social perspective, you still have the benefit of sitting behind the SharePoint security model, but with Yammer, things are more limited. Security happens at two levels: access to the network, and access to the private group. And if you happen to be a paid Yammer user with the ability to push content from SharePoint to your corporate Yammer environment, be aware that you may have content moving from a secure space in SharePoint to a less secure location within Yammer — and there is no real visibility into what was moved, who moved it, and what happened to it after it was moved. That’s the gap today.

While there are some out-of-the-box metrics and reports, the best Microsoft can offer today is the ability to dig into the change logs and other social activities through the various content databases and User Profile Social Database. Just be aware that, for the most part, you are on your own, and the story of working across SharePoint and Yammer is incomplete, at best. This is a rapidly changing discussion — but the key is to be aware of your own security, compliance, and governance requirements, and understand (and mitigate) the risks inherent with social collaboration.

For now, your best defense is end user training. Within my own company, we use 4 different collaboration platforms: SharePoint as our system of record and platform for all structured collaboration, Yammer for ad hoc collaboration, Jira for engineering, and Chatter for customer relationship management. Key to training our team members is to know which platform to use for each task. People tend to come up to speed very quickly, and correct each other when, for example, someone shares a secure document in yammer that should go into SharePoint.

We have made the decision that the value we receive through social collaboration is greater than the risks of working without some of the security and governance safeguards. And we also recognize that Microsoft is aware of these gaps, and is listening to feedback from customers and the community about our concerns. With Microsoft’s more agile development cycle and release cadence, I anticipate that some of these gaps will be filled ahead of expectations.

If you’d like to watch my webinar on this topic, you can find it at http://bit.ly/17lv4MP. My slides are also available to view or download at http://slidesha.re/1544HPb.

If you have any questions or any futher ideas on managing goveranace across the social landscape, please leave a comment below.

Share this on...