Information on how NPR and fact checking site Politifact check facts during the US presidential election.
When asked whether the faltering economy will mean that businesses are cutting back on this largely unproven field of social media for marketing or customer relations, Sarner said he didn't think so, and that many businesses will turn to the Web to stay in touch with consumers during a difficult financial climate.
Suw: Nice little app to help you track conversations between people you don't necessarily follow. Could come in handy!
Social media: use/challenge
Works for an accountancy company, which always sounds really boring. There’s a process mentality, things have to work with the way someone does stuff. Met Euan Semple a few years ago and he was talking about social media, but Andrew didn’t really quite see it. Put it to the side and about six months later, and it dawned on him was that they could do more. Was like the people who was trying to convince others to try new things. Euan set him on this road.
People at company are all worker bees, they want to do things, they don’t want to think about things and work out how things might be done. So have to get their teams working with whatever’s been put in place. So regardless of the fact that blogs and wikis are strange words and odd to say, eventually find out that the word ‘blog’ has become acceptable, ‘wiki’ maybe not so much.
How do we start working with them. Have to capture the imagination within the partnership and to use people who have a perspective. It’s not always the man at the top, could be anyone. Capture their interest and sponsorship and help their people do things. Point is that you can’t do everything for everyone. To do everything you have to go into mainstream IT, and IT is all about security and authentication. To do anything you have to be thoughtful about where you’re doing to do it. Look at points that are flowering.
Tax is one area – it depends upon information being passed quickly around the business, so that they can get an advantage from that knowledge. Soon as it’s public domain then it loses value. Big debate about competition and change, and where the Big Four are going to be, and where the second tier companies are going to be. BDO wants to be able to be apart fro the Big Four, and figuring this out is something social media can do.
In tax area, Daniel Dover, had written series of books to bring tax to life. Had an idea he wanted to do a series of movies. Marketing team were not keen on it. But he carried on and they took his idea, managed to find the money to do a YouTube channel, not a full one because that’s expensive. So started to do video and put that up.
Convinced CEO that blogs are a good way to converse with journalists, audience, all sorts of people. Had something to say and had a good style to say it with. Because of external blog, now have internal blogs too.
How to respond to generational studies, looking at the graduates coming in. Even if you’re 21, though, many of them still have the minds of a 40 year old, they don’t automatically use all the tools. But Facebook is cross-generational. Students coming in had misrepresented the acronym BDO (humorously).
HR Director things that Facebook is about dating; IT thinks that if someone wants to block it, they’ll block it; business leaders don’t know what to do – but normal business rules apply, if someone’s not working they’re not working.
Got to point with Facebook where it becomes intrinsic. Stop Facebook, then you also have to stop phone, email, text…. There is no work/life balance, there’s just life. It’s not fun is fun, work is work, there are elements of fun in work. And CEO said, “Myself, I prefer to trust people”. Write a policy about fair, sensible use. If they want to abuse that, then you have the management ability to do something so why do you need to put an electronic filter in there saying “Don’t do this”. You don’t recruit lazy, stupid people; you recruit smart people who are the leaders of the future, you don’t stop them networking.
Values of the business underpin all that. Have a Facebook group now.
People want to do stuff. Bought an island in Second Life. Wasn’t about the PR side of things, early adopters were all already there, so their entering Second Life wasn’t a story. They wanted to do something, wanted to tie that in to everything else. Have to take a view that thinks about how we look at 3D worlds and virtual solutions, and SL seemed ready made to do that.
Took the tax movie from YouTube and then carried out a session, invited tax clients to SL and premier the movie in SL. Bring a little imagination and play into what BDO is about. If we say we are entrepreneurial, different, then that’s an easy way to show it.
The idea is to take that island and rent it out to member firms. They wouldn’t have thought of that and you can give value back to them by doing it.
How do we do this? Imagination. It’s important to be yourself and to be imaginative. Support form the top. Recruit creatively.
Radio Beyond the Phone-in: Social media and broadcasting
iPM is a radio programme that grew out of the PM programme, tagline: share what you know. If you’re broadcasting on R4, you’re broadcasting to people who know a lot, and to try to harness some of that information. Blog and a podcast, broadcast on the weekend.
iPM: try to go beyond the audience, try to harness knowledge outside of the audience, because not everyone listens. So look for interesting stories, try to involve audience in production of show. What ideas have you got? Do you have expertise that might help us produce that?
The blog is central to iPM. The audience can coalesce around it, people can comment, suggest ideas to look at, or suggest info for things they are working on. Not a replacement for traditional journalism, but is us listening and getting ideas for doing our job.
Approach is collaborative. Why? If you look at news there’s a mainstream agenda that everyone is doing. Want to try and find stories that are original, that haven’t been reported or have the attention they deserve, that the audience care about. Inviting people to contribute, helps us find those stories. Audience get a chance to participate. Helps build a community around the programme.
What we don’t want to be: There’s lots of talk around interactivity, and it would be easy to be tokenistic.
Don’t want to be gratuitous, “Tell us what you think” with no purpose. We think there is a purpose, want people with tips and info to contact us, and there are plenty of experts, smart people, who aren’t listeners, and we want to bring them in.
Web can bring people in from places that are quite hard to get to. One extraordinary experience was a group of doctors blogging during an Ebola outbreak in the Congo.
Blogs – myths. Blog is a way of publishing stuff, not a way to lump people together. Tremendous diversity in blogging. People from all sorts backgrounds.
Blogs are everything from ICanHasCheezburger to What I Killed Today – a blog from a vet. Economics – The Becker-Posner Blog, judge who blogs. An Iraqi dentist.
iPM interviewed the Iraqi dentist, then spoke to the US forces spokesman, and a journalist. Iraqis were saying that Suni militia were turning on Al Qaeda, and were organising Awakening Councils. The dentist emailed some audio, describing his experiences, in one case of a suicide bomb going on.
One example of how the blogs helped.
Also done a lot of crowdsourcing. Try to go beyond the traditional BBC areas. So have a map mash-up where people can say what the credit crunch means for them. 22k participants. Outside London, people worry about fuel, inside London it’s house and food prices. Map didn’t lead to the biggest story, but got that from email – turns out heating oil has gone up way more than petrol, and that story really connected with the audience.
Fraudband Britain, before changes in advertising, when people were buying fast broadband and getting very bad speeds. had an online test up, had people test their connection speed, then talked to various indrustry people.
Tips and suggestion. Sometimes ask for direct things, sometimes don’t. Do talk about the sort of things they are interested in. Couple of weeks back they talked about mobile phone location data, apps to track people. Someone came back to them with a story about how he’d been made aware of changes in the way the police can monitor communications data, and that became a big story. Later on, Information Commissioner came on, on another news programme, to say that if the changes went through it would be a step too far. Then newspapers picked up on it.
[Plays audio clip]
So a suggestion from a listener helped form the wider news agenda.
Another example: AQA (exam board) axed a poem by Carole Anne Duffy from an English exam, which is about a psychopath and knife crime after an invigilator complained. Teacher who was a bit upset about this called them. They blogged it, told the guys at BBC News Online, they write a story, gets picked up by Press Association, then the papers. That Saturday, have a programme but the Guardian got a poem from the poet attacking the invigilator and had to change their programme.
You have to give your stories away if you work collaboratively, but this reaps rewards.
Benefit of engaging with the web is a way of sharing what you do with the wider community, and working collaboratively with that community. And different places treat a story differently.
Did an interview with Clive Sinclair. Press organiser said he doesn’t use the internet, so did an interview, talked about computing, and where he say things going, and his feelings about the internet. In the course of the interview he said is “Always been fascinated with flying cars”. Everyone remembers the C5, so did a bit on iPM about flying cars, and his thoughts on the internet. Newspapers of course pick up the flying cars. BoingBoing posted the whole interview and picked out the computing stuff. Very different approaches, and it’s good to have stuff picked up by them, rather than it goingn the other way.
Friends online will help you produce the programme. A podcaster called Dean Whitbread who also produces John Cleese’s podcast, and John agreed to talk with Dean for iPM.
Why have a dedicated programme? Could do this with any programme. All we’re doing is engaging with the online community, and increasingly news programmes are doing that. But having a dedicated programme creates a community, it’s a place to get something a bit different, and helps develop expertise.
Big question is the 133m blog question – there’s a lot of content out there. How do you monitor it? Built a Yahoo pipe to help do that, and its’ very complex. Add it all together it’s a lot of information to process. Very hard challenge and one there’s scope for improvement in.
Engaging Social Networks
This isn’t just about technology. 18 months ago, no one would have believed Twitter was going to be a big deal, but now it is.
Throughout human history we formed communities based on our proximity to each other. Technology has changed that in a profound way. Groups are now formed around shared interest. Geography isn’t important any more.
Examples: Carrieoke’s Knitting Blog – very vibrant community. Knitters in US or Egypt or anywhere around the world swapping patterns and tips.
In-n-Out Burger. Only in the west US, kept a local spirit. But food is higher quality, organic, local, all the things other places are criticised for not being. Very simple menu, but staff will make anything for you, great choice if you ask. Word of mouth driven business. People are very loyal. Facebook fan page about what you can get at this place.
Sometimes groups form for a short time. Rathergate.com, OhGizmo, and the ‘ad hoc working group’ that sprung up to get a guy out of jail when he was arrested on holiday in Egypt, after he Twittered “Arrested”.
Community around ‘old stuff’ in the UK, Google Maps. 43,000 sites of ‘old stuff’ on the map.
People form groups in different ways. Management is no longer needed for group forming. What’s the thing that we as institutions need to do differently about that. Need to act differently. Talks to a lot of PR people, but people hate press releases – not a useful mechanism for communicating, except for in the context of a management structure that has to sign of on it. How can we be more human in the way that we communicate. Don’t need a big institutional voice.
Share information in real time, info comes from everywhere, people trust people like themselves. Institutions are full of “people like me” so how do we free them?
Principles: Be authentic. Fish where the fish are – the audience is out there don’t need to build new ones.
[Then goes through some case studies.]
Rewiring relationships: Collaborative councils and cyber citizens
Working with Barnet Council. At vanguard of local council. They’ve thrown open their doors and said what do you want to do? Hopefully we can role model for the other 400 LAs in the country. Embraced idea of moving from system thinking to live world thinking, i.e. previously a word of surveys and statistics, ‘best value performance indicator’ reports. Trying to get away from that into the lived experience of place by people. How do you understand people? Their real lives, their real needs.
Previously it was all about “communications”, corporate message. Trying to tackle that. In terms of the past, what we have tended to do is to use communications as a spotlight, not a laser beam – put stuff out there and hope people read it.
Have had some successes already. It’s not all old = bad, new = good. Newsletters can be useful as there are still issues around access to the internet so a mixed model is important. But right now, online is almost absent, yet at least 70% of people in Barnet access the internet once a week.
Are trying to be more visible. Barnet is quite good with traditional methods of engagement: civic network, citizens panel, service user groups, area forums etc. But it’s not enough to expect people to come to us, they don’t have time, physically can’t access the buildings.
Have done over 80 consultations, costing £200k, but that’s about have the budget for talking to customers.
Listening is pretty static – don’t do a lot of listening. Don’t really involve people in decision making. Need to make the case for change in Barnet, why they need to move towards social media. Video on YouTube about why social media is important.
Trained up half comms team in video – feel it’s very important aspect. Dominic has been brought in to blur the edges of the council. Atm, are just a rigid, bureaucratic structure that has little impact. Gov’t used to think that it could do everything, but that’s not the case. Need to provide tools for people to support each other, and to do things that gov’t can’t.
Need to get out into the world and do things that people think are important.
We Feel Fine, search engine of emotions on the internet, so when people feel something it’s dragged into that tool. Can analyse by feeling, emotion, gender, age group, location.
Would love a tool like this for Barnet. But Barnet means ‘haircut’ as much as anything else, so have to be intelligent about search. Barnet Football Club is very active and controversial.
But all these stuff is out there already, people are already putting out emotions about Barnet, how they feel, what they want change. So need to collate that.
Atm, we’re at basic level, we use Technorati and Google alerts. Found a blog called “I pay Barnet Council tax for this?”, blog about a private alleyway being used as a dump – it’s not really a council problem because it’s private, but engaged anyway. So commented on the blog and invited them to get in touch, organised a cross-org team to go down to the ally. Talking to the residents, and got the problem solved.
LeaderListens.com – opportunity to meet the council leaders at the church hall. Videoing the meetings, posting it on YouTube, letting the people in the area know about the event and the video, and inviting them to get involved. Conversation’s not over just because you missed 6pm – 8pm on Wednesday.
Live streaming of council meetings – lots of councils do this but does anyone care? Live chats also not valuable. More about longer-term conversations.
WhereILive.org – half started when Dominic arrived. Prefers open networks, but ended up having to develop a bit of a walled garden – multimedia consultation, rather than full-on social site. People can post comments about where they live, can upload videos, try to get the conversation going so they have different opportunities to get engaged.
Are now on Facebook, YouTube, Flickr, Twitter.
Are trying to walk the walk internally too. Got an internal wiki, Got the opportunity internally to talk. (Although they’re not allowed to call blogs blogs!) Filmed a meeting recently with senior members of the council, and put it on YouTube – you’d never see this, but now anyone could watch it.
Perfect future would be more engagement, conversation. Been approaching this strategy in interesting ways. Had a BarnetCamp to collaborate on the strategy around engagement. It was a first try – they hated the wikis. They don’t like editing. Had lots of views but not much contribution, but it did raise the profile and get things working.
We need to engage with people, understand what they are saying, and then turn that into policy, then action, then communicate that change back to the people. Organisation needs to be much more fluid and responsive. Getting closer but not there yet. Change management issue is huge. But are getting more interest from people internally.
Things are far more open and transparent – this is going to happen anyway, on people’s mobile phones. So why not just do it anyway? Need to accept complexity – difficult for gov’t to accept they are one node in a huge network and that there are other people they are going to have to work with. Move away from broadcast, top down,a nd empower people. Embrace social media as an enabler of change. FixMyStreet – from MySociety nothing to do with the councils, but it allows people to communicate with their council without even having to know who in their council their email is going to. Has been very successful, for people, but the council’s rather dislike it!
Need to involve more people, have more conversations. Big problem is understanding of stuff, understanding people’s wants or needs. Moving into an unstructured information world, and it’s hard to know how to deal with all this stuff, but have to get into it.
The Email Problem and How To Solve It
I want to talk to you about email, the psychology of email
It is a vital part of business, we all depend on it and we don’t even think about how we use it despite the fact that it’s really very new – only had it in business for the last 10 years or so. As email spreads it tendrils and becomes more and more common – it’s ubiquitous now, there was a time when you had to make a business case for email, now its the first thing you get. And it’s starting to become a problem.
Clear Context: 38% of people get more than 100 emails a day, 13% get more than 250 a day. 22% spend more than 4hrs a day in email. For some people email is an intrinsic part of their job but 4hrs a day is mind numbing.
I worry that people underreport how much email they get.
A study recently said that some people claimed they checked email every hour, 35% said every 15 minutes. But when observed they were actually checking email every 5 minutes. Who hasn’t had a moment when before they know it you’re checking your email again, even though you only checked it a moment ago?
There is an assumption that email doesn’t interrupt us because we chose to go to our inbox and check, but this is false because people don’t chose when to check. We tend to have alerts set up – I actually heard someone who had an alert that said ‘you’ve got mail’ – every time an alert comes through, people respond. People take an average of 1 minute 44 seconds to respond and 70% of people respond within 6 seconds of getting the alert.
It’s well known that phone calls interrupt us and it takes time to get back to what we were doing. It takes an average of 64 seconds to recover your train of thought after you have checked your email and get back to work.
So if some people are checking their email every five minutes and it takes 64 seconds to recover, they are taking 8hrs a week just to remember what they were doing… this is a big problem! We don’t really know how big a problem because there has been little observational research done.
There are two problems here – they’re different and they require two different approaches.
The first is to do with the tool, more particularly the way we use the tool. The second is to do with culture, the way that culture shapes the way we behave with certain tools.
A few questions:
– how many used to check your email occasionally but now you check all the time, it’s compulsive?
– how many feel you don’t really have control over when you check your email?
– how many feel pre-occupied by email i when separated you wonder if anything interesting has come in?
– how many have lots of emails in your inbox?
– how many feel anxious that something has happened when separated from your email?
– how many did not you put your hand up at one point or another?
Ignoring Luis, it’s just two.
Unfortunately those questions aren’t about email at all, they’re about gambling addiction.
I did this at a large company and despite answering positively to these questions, they said ‘we don’t have a problem, we have smart people.’
But the last symptom of addiction is denial – we are all in denial. The tool is so widespread it is hard to believe we have a problem with it. But the reason that email is an issue is the same reason that gambling is an issue – it’s called operant conditioning. If you do something and you get a reward for doing it you are more likely to do it again in the future – this is how training dogs (and cats) works.
Operant conditioning was discovered by BF Skinner who experimented with rats – in a cage with a lever, when they pressed the lever they’d get a food pellet. They’d press the lever to get a pellet until they were sated. Then he changed the schedule, first to five presses, which they learned, and then to random. When it changed to random the rats became obsessed with the lever, pressing and pressing, and stockpiling food that they didn’t need and continuing to press even when the food reward was no longer forthcoming.
This is like us with email – we get nice emails from people, but randomly. We like these nice emails, so we check our inbox over and over just in case those nice emails turn up… and we become obsessed, like Skinners rats.
Not all email is created equal, most of it we find boring – we’re looking for that nice email.
So we have to deal with this in a way that deals with this – just quitting email is not the answer (except for Luis). Will power isn’t enough to do this. But what can we do?
We could remove the random component – we can try to ensure there is always a nice email waiting for us. It’s very difficult to ensure this though.
We can try to break the link between the behaviour and the reward (eg a five minute delay), but it’s not really feasible in a business context – some businesses have tried this and failed.
We can remove the reward completely – stop using email altogether – this is very difficult though.
We can, and should, remove stimulus to check – get rid of the alerts.
We can remove free will – remove the choice to check email – for example, we schedule our email usage (most common times: first thing in the morning, just before lunch, just after lunch, and just before you go home). This is a good time for you to check email because you can be more responsive to others and get more response from others because everyone is more active at the same time. [Leisa correctly adds: “Assuming you are in the same time zone”.]
Reinforce incompatible behaviour – bird training – you can’t train animals to NOT do something you can only train an alternate behaviour – instead of trying to train a bird NOT to land on your head, train it to land on the green mat instead. We need to try to positively reinforce behaviours, like using instant messenger or other social tools.
What we need to do in order to achieve this is to determine how we use email on a day to day basis. So, in a business context, there is what’s called Bacn – like spam but tastier – information that come to you that you’ve probably signed up for (notifications) but are not all that interesting. We could do this much better via RSS than email.
We can move broadcast email to blogs – eg. where is the new expense form – you don’t need this in your in box because it’s not an action, and when you do need it the last place you will look is your inbox.
Move collaboration to a wiki – ref: Common Craft video of wikis. The number of emails we send around asking people to review and comment on stuff – this would all be done much more effectively on a Wiki. Ask yourself where would this discussion be done more effectively.
Real time conversation – this can be had much better on instant messenger or chat rather than in an email conversation or – heaven forbid, picking up the phone and talking, or walking over to someone’s desk.
No email days don’t work – all they do is push it to one side – people email more on either side of ‘No Email Wednesday’ – it doesn’t deal with the underlying cause so it’s not effective.
There’s also a cultural side to this and this is the thing that is really hard to deal with. If 13% of people are getting 250 emails a day somebody somewhere is sending lots of email. It has become a proxy for work. In the manufacturing age we could tell how productive someone was by how many spanners they made. In a knowledge economy it is hard to know what work is, let alone how productive they are. Other proxies are time spent in meetings, distance travelled to meetings, time spent at desk.
Because these have become proxies for work they have become a point of pride. There is a martyrdom complex – the more email you get the more productive you are. Lots of email = status. The more email you get the more important you are – this is a social reward for getting/sending lots of email.
There is a lot of CYA email being sent – they don’t think you need to know, but they need to know that they have seen your email. It is a defence ‘didn’t you see my email?’ a lot of this is driven by job insecurity. They are defensive about their position – they think ‘I cannot afford to be the person who takes the fall if something goes wrong’ – email becomes an audit trail in case something goes wrong.
There is lots of corporate spam and this creates bad email culture – broadcast email sends a message that is is ok to bombard people in the company with useless email. We hit reply to all rather than reply to sender with no thought at all. If I could get rid of one button it would be the reply to all button.
It is about changing behaviour, changing norms. It takes a long time and it’s difficult. We need to discourage reply to all, and the expectation of instant reply – pick up the phone, use IM, walk over to them. No one states their expectation in an email re: whether they need a reply at all – eg this is just FYI and I don’t need a response, or this is v urgent and I need a response in an hour, or this is not urgent you can respond by 20 October.
Example: my husband checked his email on a Friday night, and he got an email saying that there was a problem at work and spent time fixing the problem on the Friday night. Then got into work on the Monday and they were surprised that he’d done anything – but his expectation was that he needed to sort it out immediately.
Email is fundamental to business – if you took away email tomorrow the economy would collapse, it’s our key way of exchanging information and communicating, but we know very little about email, and we assume far too much.
After today bear two questions in mind as you get back to work and settle into your routine: How many of us truly understand email? And how many are really in control of our email?
Key learning from Wikipedia for business
Has a cat on her desktop to encourage people at Yahoo! to stop and talk to her.
How does the internet create a new way to communicate and therefore to learn? Also interested in trolls and spammers.
User needs and support. What is your passion?
Shows a number of websites and people have to shout out what the site is for. Ikea Hacker – modifying Ikea stuff.
User journey. People need to know what a site is for right away, and the site has to answer their user needs straight away.
If something’s not working, you go and try to find help – support.
Community support model.
Open resolution of user needs
Most Wikipedia users are lurkers – they go, get info, and leave. Community portal, provide support to each other. What are the frequently asked questions? How to have live chat on IRC with other Wikipedians.
Flickr has API, so have a special blog to support developer community. But for real users, there’s the help forum, where people post their problems. Also have a forum for Flickr ideas where users can suggest things.
Yahoo Developer Network. Yahoo has a lot of resources they want to give back to the community so upload it to the internet. Number of APIs, developer kits, etc. so great for developers. Have a support model – mailing lists.
Community support: users help each other, then if that doesn’t fix it they go to customer care. Open support. 24/7 real time.
Infrastructure. How open or closed to you want to it to be? Openness: how much do you want your user to contribute to the content? For Flickr it’s photos, Delicious its’ bookmarks. The more open it is, the more important peer review is. Delicious is quite closed, you can only submit bookmarks. Flickr you can upload photos. WordPress is more open, because you can do all sorts of things with customisation. Wikipedia is on MediaWiki, so both content and platform are developing.
Delicious doesn’t need much peer review, but Wikipedia does. You can’t spam people in Delicious but you can vandalise Wikipedia. Need a peer system to review.
Trust. People define trust differently. But trust is social capital – relationship with someone who can allow you to access resources.
Human capital: skills, knowledge, creativity. Need to know the right people.
Networks on Wikipedia.
1. general users
– causal contributors
– recurrent contributors
– sysops (admins) – 1,565 in English
– stewards – 36
Wikipedia is huge but not as big as you think.
In business, linear network – if you want to influence things, you need to talk to your manager, who may or may not talk to their manager who may or may not get back to you. On a wiki, if you have an idea you just put it out there.
Core policies on Wikpedia – only 3.
1. Be bold
2. Assume good faith
3. Neutral point of view
Rewards – social reinforcements. How do you get respect from the community? Community recognition.
Wikipedia Arbitration Committee – deal with revert wars.
Secure Web 2.0, an opportunity not an oxymoron
Standard Chartered Bank, big bank, not much presence in UK though. Very diverse, and also very spread out around the world. Have globalised, used to have each country with its own network etc. But still hard to communicate.
Eternal pursuit of more efficiency, noticed that workforce have gone out there and found ways of communicating, forming communities. going to focus on Facebook, but could say same for LinkedIn and MySpace. Have >1000 SCB users in Facebook, including senior middle management. But Facebook was banned on official laptops, so forcing people to work less efficiently. Compelling case to use social tools, but a problem is security.
Want people to help people to work on new products, but that’s very sensitive, and you don’t want it on Facebook. Firstly, needed to check that you’re not completely mad, and looked at their peers. Many other businesses felt there was an efficiency gain to be had.
Used to work on a network that had various applications available, and around mid 90s, businesses realised that you could allow stuff to go across that network boundary, such as email. In meantime, businesses started to use more third party networks, e.g. outsourcing some services, and these are mediated over these networks. But your network becomes everyone’s network. As a result of this, there are some security issues, so you end up adding sticking plaster, so you’re always running to keep things secure. You can’t patch all the holes.
Net results is that you have a very hole-y boundary, because you’re putting so much info over your network boundary, you’re pumping info through firewalls that were designed to restrict information to a few types over a few channels. Firewall is becoming increasingly unusable. If you have a third party datacentre, you have a third party network within yours.
Am not the boy with the finger in the dyke trying to hold that back, because hits is driven by good business needs. Efficiency,productivity.
Network begins to Balkanise, to shrink into islands, sometimes to individual application servers. Begin to de-emphasis the security that is given to you by virtue of being put on the network boundary and shrink the security mechanisms down to the PCs to the servers. Endpoint is to shrink protection down to the info itself, which is maybe 5 years ahead. When you do that, you don’t care where the information is, so long as it’s protected.
We are beginning to lose control of our data. Lots of leakage stories. Have a mindset back in yesterday’s network, still allow information to spread without protection that’s credible. Don’t know where the information is, or what that information is. Once you take data out of an application, how do you know what it is?
How do we react to this? To begin to solve this problem we look at two things – encryption. We all use encryption every day without thinking about it, e.g. buying things from Amazon, using an ATM, payment transaction within the banking system. So old tech.
SSL – secure socket layer. Good, powerful.
Encryption is the ultimate solution. If we could protect everything with it.
IRM – information rights management. Protects any information, available to anyone using MS Office 2003 or 07. Has IRM built in. Can make it work if you use a central key management server.
We’re not using it because it’s not user friendly. Too difficult for end user. No good interface. Yet if we want to let SCB managers using Facebook we need to stop them from posting information that they shouldn’t. Right now, it’s too difficult for the end user.
How do we solve that problem?
The user problem: A survey should that 25% of Britons have disclosed their PINs to someone else. We give away the information that is supposed to protect us. People struggle with more than one password, but the advice is to use a different pin for each one. How realistic is it to say that you should always keep hard of your bank card? We are trying to make the browser to be secure, but it was never designed to be secure, so how can we expect the user to take responsibility for that?
The solution should be flexible to the user.
Have mapped where their info is. Need to know where the sensitive information. It’s concentrated in places like call centres where they talk to customers on the phone. Mapping the org can also tell you where you might want to blog access to Facebook as a potential leakage route for this information.
Strategy says, discover where the info is, then interact with user to let them know when they re using valuable information. That’s different to saying “If this is confidential”, this actually has a dialogue with the user to draw their attention to what they are doing.
What about this opportunity? Can’t afford to wait til big solution comes along. In meantime, use WorkLight. Takes interim approach. if you are going to allow social networking, rather than have your data go out into the jungle, put in an intermediate point. Make Facebook available, but keep all info on that server. WorkLight goes further, you can keep your enterprise applications exposed on a Facebook homepage through a gadget running on your network. Exposes your information but retains it at home. No point trying to remake Facebook as they have don’t it themselves already.
So when you use WorkLight, all the information stays within the business’ own servers. Manages access rights to prevent some people seeing some things. Allows you to ensure that it’s only your own people who can join your Facebook so you can tie it into your own security systems.
WorkLight doesn’t secure everything, though. It can’t.
Piloted this, but you can’t predict how people are going to use it. Started off with three communities that they thought really needed it. Make it available to everyone, why try to predict how people are going to use it, just let them do it.