The analysis below is an update to my earlier post. This outline forms the baseline of a discussion Alice Wang (Director, Burton Group) and I will lead at a workshop next Monday sponsored by Project Concordia. The workshop session will cover "Use Cases Driving Identity in Enterprise 2.0: The Consumerization of IT". It's not too late to register for this event - but if you cannot attend, feel free to comment here, or cross-cite/comment on your own blog.
As organizations explore the use of social networking, the enterprise is no longer the only participant in managing identity. An employee’s social network site profile, social graph, and use of other social tools and applications enable them to construct additional identity facets to suit their own needs. As a result, organizations should incorporate “social identity” claims within identity management practices.
When we think of relationships, and study it from a social perspective, we look at:
- how people construct facets of their identity based on social structures in a particular context and activity
- how identity controls people’s impressions and establishes reputation
- how people switch between social identities to fit the needs of groups and activities
- how people evolve their social identity facets across activity domains and social processes
When we study relationships from a purely identity management focus, we look at the people, process, and technology arenas such as:
- how the organization ensures that authenticated and authorized employees are securely accessing information and applications
- how business roles are defined and separation-of-duties enforced
- how entitlements and classification policies are applied so that information is handled properly
- how “need to know” access and permission controls enable effective information sharing and collaboration between co-workers
The result: an enterprise “tells” its employees what their identity is vs. what employees wish to create to suit their own needs.
Today, few enterprise strategists, architects, infrastructure planners, and project teams involved in social networking initiatives are paying enough attention to the long-term implications of identity on those efforts. Conversely, identity management teams are frequently not involved in determining the strategic ramifications of social networking initiatives on their enterprise practices. For instance, how does the organization assure profile attributes within a self-claimed social identity are truthful – what if employees build exaggerated or misleading social identities – what methods does the organization employ to vet social identity claims (assess community equity and determine reputation) – what implications are there when profiles reveal too much personal information (perhaps encouraging bias based on diversity attributes)?
Societal trends are fusing these employee-centric and organizational-centric perspectives on identity, compelling enterprises to connect the social aspects of identity emerging from employee use of social tools and applications in a manner that augments long-standing identity management requirements. Accomplishing this feat in a sustainable fashion enables organizations to leverage its network of connections across employees, customers, partners, and suppliers for competitive advantage (e.g., improved relationships, more effective knowledge sharing). Failure to address the social aspects of identity by managing identity only from an enterprise perspective will reduce benefits from social networking solutions (and disenfranchise employees over time).
Understanding the intersection between identity and social networking trends, and its implications to enterprise strategies, is a critical first-step. Some of the core issues emerging from each of these two vantage points include:
- Identity in the context of relationships
- Relationships in the context of social networks (communities, collaboration)
- Social structures, fragmentation of identity, and structural holes in social networks (positive and negative consequences of)
- Identity and roles (both formal, “institutional” roles and social roles that are often emergent)
From a social networking perspective, identity is a complicated, multi-faceted construction, created and evolved over time within the social structures of individuals. When we talk about social structures, we focus on two inter-connected spheres: systems of relations (e.g., patterns of roles, relationships, and forms of control) and systems of meaning (primarily culture and its associated beliefs, values, languages, and practices) [S. Hayes].
Identity therefore, from a social networking perspective, is not equivocal to a person per se. People put forth a persona (or social identity) they construct and perform within the context and activity associated with a particular social structure. This social identity is just one facet of their overall identity. For example, Mike Gotta has a social identity in Burton Group as a Principal Analyst within the Collaboration and Content Strategies service. People who know Mike from a Burton Group experience view him through the lens of an “industry analyst” (a label applied to people performing this identity). Burton Group attests to Mike’s expertise in his research coverage area. For readers of Collaborative Thinking (a personal blog), Mike claims to be a subject-matter expert on the topic of Enterprise 2.0, collaboration, and social networking with no official endorsement from Burton Group of that blog. The assertion of Mike’s self-claimed expertise however can still be believed by reputation (e.g., number of subscribers, world map showing readership, comments from other industry experts, cross citations on other influential blogs) and by blog links to other sites such as LinkedIn. The LinkedIn assumption is that other people believe (rightly or wrongly) that LinkedIn profiles are credible and reliable. While the social identity arising from Mike’s personal blog can be correlated to his Burton Group social identity through other public sources (further reinforcing the claim of expertise) – that associated may, or may not occur depending on how much effort individuals undertake to connect those identities.
On Facebook, Mike has symmetrical connections established with family, friends, and professional colleagues. Each social structure (as mediated by Facebook) has limited awareness of each other (unless they have relations outside Facebook). Therefore, actors in those social structures have different perceptions of “Facebook Mike” based on actual, or lack of, real-life context and activities that further connect additional social identity facets to construct a more complete picture of the “real” Mike. Colleagues who know Mike from Burton Group gain additional personal insight to Mike (e.g., politics, hobbies, family pictures) through information and viewing of Mike’s Facebook Newsfeed (depending on privacy controls). This additional social data might now otherwise become part of a shared context in work situations so there is a pro/con perspective on connecting those social structures. The structural intersects (and subsequent intermixing of relationships) on Facebook are commonplace given Facebook does not provide controls that enable complete isolation of information between social structures – or resulting from Facebook members not taking advantage of controls that do exist. However, arguably, such “messiness” is a fact that occurs in real-life as well.
Mike also has a Twitter social identity. This identity is a composite of his identities (i.e., Burton Group, Collaborative Thinking, Facebook). A FriendFeed connection pipes Twitter messages into his Facebook Newsstream (possibly connecting social structures to some degree in that manner). The conversation stream in Twitter interweaves dialog that reveals not only work-related commentary but personal viewpoints as well. Additionally, at one time, his Twitter profile pointed to a landing page on Virb (a MySpace clone). The site is maintained by Mike and acts as an landing page and aggregation point for identifiers (links) of other places where Mike “hangs out” (e.g., Pandora, FriendFeed, Last.fm, BrightKite, Dopplr, Plaxo, Xing, LinkedIn, etc.). The landing page provides a means for people to correlate additional social identity attributes and/or social identity facets).
This is an over-simplified example but it illustrates the concept of how different social identity attributes and social identity facets are created and evolved to fit a given context and activity. People will create many different social identities to fit a variety of contexts and activities. This situation raises the pro and con issue of enabling other parties to correlate and connect multiple social identity facets and, by doing so, gain the ability to connect the different social structures surrounding that identity. This also might result in other parties being able to identify a more complete social graph of individuals than they otherwise would have known about. Sometimes people are accepting of having their social structures (or actors within a social structure) cross-connected – but sometimes they are not (raising issues of privacy, stalking, etc). Security and confidentiality concerns may also become issues when this type of social analytics is performed on employees by other employees or external parties. For a variety of reasons, people (and organizations) may prefer to create or maintain structural holes [Burt] in their social networks. Structural holes can be a desirable objective as people try to control how their social identity facets are maintained for a given context and activity. However, closing structural holes may have benefits as well.
When it comes to communication, information sharing, collaboration, and other community interactions within the enterprise, people behave in a similar manner. Employees often (knowingly or unknowingly) construct social identity facets when interacting within a particular social structure (e.g., help desk discussion forum, profession support community, wiki editors group). Sometimes people use the term persona, or profile, or personal brand, when referring to a social identity. That social identity forms a “face” they create for purposes of control [Harrison White] within a given social structure.
This implies and forms a key assumption at this stage of our hypothesis, that as employees interact across multiple social structures, they construct multiple identities based on context and activity. Engaging in these social structures also results in formation of social roles [M. Smith]. Before the advent of social tools and applications (e.g., blogs, wikis, social tagging/bookmarking, social messaging, and social network sites), social identities and social roles were opaque and difficult to ascertain within a networked public. With systems that enable employees to define themselves more openly (profiles on social network sites, membership in online communities, or as avatars in virtual worlds), organizations are now faced with a situation where employees are augmenting the identity ascribed to them by the enterprise.
The enterprise views identity very differently. Identity management efforts are often a fundamental process for managing risk concerns (e.g., privacy, intellectual property, compliance, etc.). Issues related to authentication, authorization, permissions, roles, entitlements, security, and compliance are common requirements for identity management strategies. Identity teams have valid concerns regarding the design and behavior of social tools and applications - especially if they mimic more wide-open consumer models or integrate with such systems (e.g., Facebook Connect, OpenSocial). Additionally, these teams should ensure that the level of controls within social tools and applications protect how identity is self-managed by end users so that enterprise policies are not violated.
Identity management programs should adopt a broader perspective on the nature of “identity” and how it is managed within the enterprise. Specifically, identity management programs should be expanded to meet the social identity needs of employees. This requires identity teams to become more involved in strategies and projects related to social media, Enterprise 2.0, social networking, etc. Social identities may at times redefine, extend, or contradict the "official" identity ascribed to employees by their employer, but such situations are neither good or bad per se – there may be innovative benefits as well as unintended consequences. Viewing identity management as a shared exercise between employees and employer can best manage associated risks arising from a more participatory culture. Increased use of social tools and applications that span internal and external environments will only compound the situation unless organizations begin to act now. Initial steps include:
- Identify the intersection between social networking and identity management
- Integrate social networking and identity policies, processes, and resources to ensure strategic alignment moving forward
- Develop a common reference architecture framework
- Formulate community-building and socialization practices (e.g., governance) to ensure employee involvement and sense of participation/contribution in the program