Thinking out loud for an upcoming paper...
Social media means different things to different people. For some, it means a presence on Facebook (e.g., a fan page), or use of role-based accounts on Twitter (e.g., customer service), or availability of applications for mobile devices (e.g., Apple’s iPhone). For others, social media implies leveraging customer communities or use of social media by employees acting as brand ambassadors to the public. Internal use of social media in the context of an employee social network site or enterprise social networking initiative can also become part of strategic discussions. Confusion regarding what social media is, what governance model is appropriate, what resources are required, and what risks exist can stymie efforts to capitalize on social media’s potential unless leadership teams adopt a holistic approach involving both business and IT strategists.
Many technologies are associated with social media. Some of the popular ones include blogs, wikis, tags/social bookmarks, communities and social network sites (including social profiles, social graphs and activity feeds), and micro-blogging. As people use social tools to participate in consumer or enterprise-sponsored environments, they construct social identities, assume social roles, and establish reputations in different communities. These activities, when leveraged effectively by organizations, can help improve employee engagement, information sharing, and collaboration within the enterprise. Externally, social media can augment customer relationship management (CRM) programs, strengthen brand awareness, and improve community outreach and social responsibility efforts.
However, use of social media is not without risks. External use of Twitter accounts can lead to identity assurance concerns if profiles are unverifiable. There may be concerns that unfettered us of social media by employees will create situations where personal views can negatively affect brand reputation. In regulated industries, legal and compliance demands may require controls to satisfy discovery and audit needs. Even internal use of social media can encounter similar issues. Social network sites can lack robust identity and security-mechanisms that might cause accidental disclosure of intellectual property or confidential information. Use of social network analysis tools can enable employees to visualize relationships and information that might circumvent need-to-know policies. Absence of privacy controls can lead to HR issues.
Despite such concerns, saying “no” is not the way IT organizations should respond to business strategists interested in social media. Instead, IT organizations should strive to work hand-in-hand with business areas, providing guidance on social media trends and use. For IT organizations to advise business decision-makers on how to mitigate social media risks, IT strategists should particularly understand the ramifications of social media on identity, privacy, and security.