Enterprise 2.0: Security, compliance come before collaboration

The greater your security and compliance burden, the more cautious your company should be about adopting Web 2.0 tools

Enterprise 2.0 strategies are becoming more popular among companies today, but there are serious logistical and legal challenges along with the expected benefits of using social collaboration tools.

This is especially true for companies like Vanguard, a mutual fund with roughly 12,500 employees and $1.3 trillion in assets under management, said Abha Kumar, principal in the information technology division, during a presentation at the Enterprise 2.0 conference in Boston this week.

[ Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. | Access InfoWorld from your iPhone or other mobile device at infoworldmobile.com. | Read Bill Snyder's Tech's Bottom Line blog for what the key business trends mean to you. ]

Due to the nature of its business, Vanguard must contend with a wide variety of regulatory guidelines and compliance matters, with scrutiny coming from government agencies such as the U.S. Securities & Exchange Commission, private auditing firms and foreign regulators, she said. "We can never, ever let our clients' data get outside our four walls."

Therefore, historically, Vanguard's IT department has behaved quite conservatively, she said. "We tend to lock it down first and then open it up as the need arises."

She offered one example: Until recently, GPS capabilities on corporate BlackBerries were disabled. That didn't change until an executive called and asked for GPS to be turned on, as he was lost in Ireland, she said.

But despite these constraints, Vanguard has begun adopting Web 2.0-style tools, through a three-tier strategy focused on mobility, collaboration and "enriching" communications. Employees have responded enthusiastically, said Andrew Lazzaro, a Vanguard IT manager who co-presented with Kumar. "They're dying for it."

Still, the pace of progress has been deliberate. Vanguard only recently gained instant-messaging capabilities, because just like emails, it had to first figure out a way to save each message in a non-rewriteable format. The same goes for content produced by the company's emerging set of wikis and blogs.

Vanguard remains extremely conservative with regard to non-corporate social applications. While company users can access Vanguard's own Facebook page, they can't post messages to it or access any other pages on the site.

But "only so much can be done on the IT side" to ensure social tools are used in a secure and compliant manner, Lazzaro said.

Businesses have to work on a sound governance strategy before turning on such systems, as without one, they risk having "a real mess on [their] hands," Lazzaro said.

For example, Vanguard has created an array of collaboration sites for teams around the company. A manager is assigned to each site and held responsible for monitoring the content constantly to ensure compliance, Kumar said.

Users from a wide variety of departments should be heavily involved in the planning and development of any new social system, as they can provide valuable insights into whether the project is meeting regulatory guidelines, Lazzaro said.

Meanwhile, IT staffs need to consider the operational impact certain Web 2.0 tools could have, he said. "From day one, you've got to start thinking. Videoconferencing? What's that going to do to my internal bandwidth? Is that going to start bringing down my business applications?"

Looking ahead, Vanguard is planning to expand its use of collaboration sites and pursue "device independence," he added. "These social tools ought to work no matter the device employees are using."

It also plans to work on better integrating its range of social software. "As an IT shop we've been throwing puzzle pieces out there all over the place," he said. "We've got to bring these all together so they don't feel like stand-alone tools."

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris's e-mail address is Chris_Kanaracus@idg.com

Copyright © 2010 IDG Communications, Inc.

How to choose a low-code development platform