SECURITY NIGHTMARE
Social networks could become a security and regulatory compliance nightmare as communications most often occur outside the firewall, where an employer has no control over what's said. Employees chatting about their jobs could let slip information about projects that haven't been made public.

"We could be creating future risk," says Frank Lee, senior VP and chief systems architect for Wells Fargo. Lee worries about a company's ability to retract sensitive information that might get posted by an employee on a social network outside of the company's control.

The builders of enterprise social networks play to this fear. "We need enterprise level data and application security," says SelectMinds' Berkowitch. "We need to strike the balance between enough free interaction and fairly conservative enterprises, so they're not afraid that this is the Wild Wild West." That cautious approach has succeeded in getting large accounting and financial firms to sign on with SelectMinds. However, SelectMinds remains a hosted app, and some companies still shy away from applications that don't give administrators granular and physical control over their own security.

The security challenges of an effort like the National Intelligence Department's A-Space are staggering. That's in part why it's Web-based rather than a desktop client that has to get 16 different security waivers and move across 16 different firewalls. But all this sensitive data in the browser, even on the secure intelligence intranet, is bound to raise concerns.

One way A-Space will maintain security will be through observing traffic patterns, like looking for suspicious anomalous searches. "Let's not be Pollyannaish about this," says Wertheimer. "This is a counter-intelligence nightmare. You've got to ask yourself, if there's one bad apple here, how much can that bad apple learn?" Still, the returns should be greater than the risks, he says.

And apparently the risks aren't great enough for enterprise security vendors to jump in. E-mail compliance vendor MessageGate could extend its platform to social networking, but it's not seeing a need yet, says VP of marketing Robert Pease.

Not all social network tools follow the approach of Facebook and LinkedIn, with communities at their core. Using statistical techniques developed two decades ago, Visible Path's software can separate strong and weak relationships by peering into information sources, collecting and dissecting records of in-person appointments recorded in calendars, call records, e-mails, the ratios of incoming to outgoing messages, and the length of time spent communicating with individuals.

"We're very focused on the different business transactions that businesspeople are trying to get done," says Visible Path CEO Antony Brydon. Visible Path powers the "Hoover's Connect" Web site, operated by business research company Hoover's, which lets users know how they're connected to companies and people in the Hoover's database. It's the six degrees of separation concept. LinkedIn does something like it, recommending a friend of a friend as a potential contact.

Northrop Grumman has spent the better part of a decade putting together what's become a sort of social network to link the company's 120,000 employees, which are spread across every U.S. state and several countries.

Northrop has created what it calls "communities of practice," groups focused on a topic or technology, from the guts of systems engineering to a community of new hires. These communities contain documents associated with the community and a listing of group members with their professional profiles. Actual collaboration still requires an e-mail distribution list--not flashy, but it's the community that fosters such communications, says Scott Shaffar, Northrop's director of knowledge management.

The systems engineering group, for example, is standardizing engineering procedures and practices for job development and recruitment. The system found a translator for a group of Japanese visitors. New employees who told Northrop they were "lost in a sea of gray," Shaffar says, now have a place to congregate. Northrop was even able to avoid a $50,000-a-year new hire because it found, via its communities, a programmer who knew how to code in Ada, a language often used in Defense Department applications.

Teens and undergrads started the social networking trend; now business professionals and IT pros are coming up to speed. The pitfalls are obvious and mostly avoidable, while the benefits remain largely unexplored by most companies. Curious to know more? Knowledgeable peers are only a few clicks away.

Illustration by Viktor Koen

Continue to the sidebar:
Analysis: Social Networks May Become Interoperable