IT Business Edge has just published an interview with me on IT governance for Web 2.0 technologies, a topic I’m spending considerable time on in my consulting work with major organizations. The complete article, Set Policies to Unleash Creativity with Web 2.0 Tools, is available on their website, and the interview is reproduced below.
Hall: Just to make sure we’re on the same page, how do you define Web 2.0 technologies?
Dawson: Basically, they’re technologies that use mass participation to create value for the business. They can be wikis, blogs, social networking, social bookmarking, mashups and other tools, but [the term] also involves the underlying architecture behind those tools.
Hall: So what would IT governance for those tools look like?
Dawson: I look at governance in a broader context as having a full understanding of potential risks, potential benefits and having set-off structured policies and procedures where any risks are minimized and benefits are maximized, with a high degree of transparency and accountability for executives and other people in the organization.
Hall: So we’re looking at security issues, compliance issues, anything else?
Dawson: To run through the core areas of value and of risk, the issue of risk is more prominent in executives’ minds than the business benefits. And because the risks are not clearly understood, these tend to be inflated and given more impact than they should be. But many of the risks, which can be very real, are also on the business side, not just on the technology side. I think there’s a minority of issues that are purely technological around implementation of the tools. “There are, very crudely, three categories of information: proprietary, which you maintain inside your organization; there’s some that you share with trusted business partners, clients, suppliers or alliance members; and there information that you actively disseminate to the public at large. And it’s not always immediately clear into which category information falls.”
Hall: Can you give me an example about how the risk might be more in the business side than the technical side?
Dawson: One of the biggest things on the minds in the business side is productivity. If you start talking about Facebook to a non-technology business executive, they’ll say, “I see people goofing off on Facebook all the time. That must be a waste of time. We don’t want that.” …
Another is information loss. There are certainly network risks and information loss is a more prominent one. You may be concerned about any information on internal projects being disclosed externally, or a more gray area, information on your employees, should it leak out. … There are, very crudely, three categories of information: proprietary, which you maintain inside your organization; there’s some that you share with trusted business partners, clients, suppliers or alliance members; and there information that you actively disseminate to the public at large. And it’s not always immediately clear into which category information falls. It’s sometimes a business-strategy issue into which category information falls.
Hall: If your company is developing a policy for wikis, blogs and other Web. 2.0 tools, how would that policy be any different than the policy you have for instant messaging, e-mail, that sort of thing?
Dawson: In many ways, it won’t be. That’s one of the things that’s not well understood. That fact is that most, if not all the issues related to these technologies, are addressed by existing policies. In some cases, though, those policies have not been developed with the detail in which the issues from these new technologies are fully addressed.
Hall: I’ve been told that if you put these tools in a peer situation, a lot of problems don’t exist because the peers are monitoring use. Do you find that to be true?
Dawson: I think that’s true, not just for these technologies, but generally inside organizations. … Rather than banning or censoring comments, you get other people inside the organization giving their own view on it themselves. On external blogs, you might need to moderate, but generally there are a lot of large groups that function together very well.
Hall: You say the tools must be implemented effectively. Can you give some guidelines to prevent either that the tools are not used at all or are detrimental to the company?
Dawson: It’s difficult to give you a sound bite on that because there’s a lot of issues surrounding it. I do think it’s critical to allow experimentation. Most of the value for most organizations comes from things that are not quite what they planned. But also having clarity in the policies and procedures up front. That’s why having the governance is so critical. But by having clarity in the policies, everything should flow from that. While it might not be necessary to add to or further refine your policies and procedures, maybe a communication of them or a re-communication of them might be appropriate. Just saying, “Here’s some basic things about appropriate commentary, disclosing information, enhancing productivity and avoiding network risk.” Communicating that early in the process is just fundamental.
I think some forms of pilots are appropriate. You set up pilots likely to succeed, likely to add value, that allow you to move on to a broader scope. But you must also have a very high tolerance for failure or that pilots are not succeeding as planned.
Going back to my original definition of tapping into the mass participation to add value, I think that’s what’s happening in the consumer Web. In the organization, rather than thinking about individual tools, there needs to be some thought about bringing about that mass participation. An example of this is social bookmarking, which is when you bookmark something so it’s visible across the organization. That in itself can be a useful tool, but you can also think, for example, how those results will be used to enhance enterprise search, or access to relevant documents and collaboration. That is something that’s more at an architecture level, so that’s more at the level of leadership to provide the structure whereby use of these tools is absolutely something that creates value across the organization.