How often have you run across an email from Corporate IT like this … ?

“…  access will be blocked from the desktop for all staff ….  includes such sites as Hotmail, Window Live, Yahoo, Gmail … is a major source of virus infection. In addition, information sent cannot be logged or traced.”

It’s an email that I received while working with a client only a few weeks ago.

Actions like these are typically the first step in taking greater control over where and how an organisation’s electronically stored information is managed, how their integrity can be guaranteed, and how electronically stored information can be collected and searched for audit and evidentiary purposes with minimal disruption to the business. This is eDiscovery policy at work.

In a world of Cloud Computing, though, blanket bans of useful websites, online tools, and services, sound more like fear of Cloud Computing than a realistic risk mitigation strategy. Actions like this have negative impacts on productivity — no access to collaboration tools like Google Docs and Calendars, Yahoo Groups, and a raft of other incredibly valuable thought-incubation groups and secure business tools. It also results in cutting off internal staff from their professional networks and excluding them from communications that they can leverage for innovation in their own organisations — not just product development, but also smarter, faster processes and practices through sharing knowledge.

How do you mitigate risk and manage eDiscovery in a world where embracing social computing as an ethos for delivering Enterprise 2.0 is the way of the future? How can you cheaply and effectively monitor conversations in the Cloud without disrupting the way people want to work? I think the Open Web might be part of the solution.

The Open Web is a philosophy that many online applications and services embrace as part of their Web 2.0 solutions. In short it means:

• Open standards: promoting technology methods that are both useful and interoperable
• Decentralised: no single point of control
• Transparency: from human actions through to the code
• Sharing: create, reuse, recreate
• Integration: leveraging parts inside applications for convergence in others
• Innovation: encouraging the above so that new ideas and products are created
• Community: supporting people and the way they connect with others

So how can adoption of the Open Web help with eDiscovery?

Consider how people use Twitter, for example. There’s a growing number using applications like Twinkle (which I use), Twitterific and TwitterFon, on their iPhones in order to communicate to others. They use this tool because it’s easy, it’s handy, and it works in a way that suits their personal needs. Twinkle works because Twitter has an open API that allows its full functionality to be exploited. I’ve been experimenting with the API myself and it’s incredibly easy to create my own widget and use the API to access Twitter. As a result, I can log communication and traffic. Promoting the use of a corporate tool that leverages Twitter’s API then is a less risky option than banning it and forcing staff onto a tool that has no auditing capability.

Then there’s OpenID a decentralised method for managing online identities — user names, passwords, etc — by employing a new form of Internet identifier called XRIs that are designed specifically for cross-domain digital identity [1].

In practice, it means Cloud Services don’t need to store your name and password, only that an authoritive source agrees that your credentials are accurate. This method of authentication is increasingly in adoption among large sites, with organisations like BBC [2], Google [3], IBM, Microsoft[4], and even VeriSign acting as providers.

As an open standard, OpenID can be adopted to allow individuals universal sign-on credentials to a range of sites and services outside the carefully managed infrastructure of the organisation. It therefore grants an organisation the capability to monitor users’ individual travel movements, directly deny access to specific high-risk services, and to log activity for auditing.

Embracing the Open Web means you can have your cake and eat it too. It allows you to leverage existing software in the Cloud and embrace your Enterprise 2.0 goals but at the same time ensure that your auditing requirements are accounted for. Do we need to embrace it now? Well, it’s a world that we need to better understand from a corporate perspective because Tim O’Reily believes it is just around the corner:

“I believe that the benefits of openness and interoperability will eventually prevail, and we’ll see a system made up of cooperating programs that aren’t all owned by the same company, an internet platform, that, like Linux on the commodity PC architecture, is assembled from the work of thousands. “

M

- – - -
1. Wikipedia

2. Washburn, B. (2008) BBC Joins OpenID Foundation. 22 April. Online at: <http://openid.net/2008/04/22/british-broadcasting-corp-bbc-joins-openid-foundation/>

3. Riley, Duncan (2008). Google Offers OpenID Logins Via Blogger. TechCrunch. 18 Jan. Online at: <http://www.techcrunch.com/2008/01/18/google-offers-openid-logins-via-blogger/>

4. Krebs, B. (2007). Microsoft to Support OpenID. 2 June. Washington Post. Online at: <http://blog.washingtonpost.com/securityfix/2007/02/microsoft_to_support_openid.html>

5. Tim O’Reilly, T (2008) Open Source and Cloud Computing. 31 July. O’Reilly Radar. Online at: <http://radar.oreilly.com/2008/07/open-source-and-cloud-computing.html>