Monday, May 3, 2010

E20 Security & Privacy

A blogger I follow, Elsua.net, recently wrote a post, entitled: How Long Before We Start Taking More Seriously Both Privacy and Security in Enterprise 2.0?

It gave me pause and made me feel a bit disappointed, because I think a few vendors are giving the whole enterprise 2.0 market a bad name. The blog post references a competitor as one of the few companies that takes privacy and security seriously. Maybe the problem is that many Web 2.0 tools are marketing their wares to the enterprise market, but they haven't truly addressed the needs and concerns the enterprise market takes most seriously.

SamePage was designed at the outset to meed the needs of enterprises, and our development team always keeps these needs top of mind. Our software has levels of security at the instance, project and page levels. The security levels can be set for individuals and groups, as well as for different functions -- read, edit and comment.

Security also permeates other areas of SamePage. For example, our search function displays only the result sets to which an individual has access. If there's info in the wiki that you can't access because of security settings, then you won't see that come up in your search results.

We've done this because we've always understood and appreciated the need for enterprises to have secure content, while remaining at the same time mindful of the notion that E2.0 tools are meant to foster better participation.

In fact, I'll take it a step further and invite Luis Suarez of Elsua.net to trial SamePage and check out our privacy and security features for himself.

At the same time, I'm pleased that Luis is asking the hard questions and bring topics to light that will separate the weak from the chaff in the world of enterprise 2.0 software products. He's presenting at the Enterprise 2.0 conference event in mid-June and said:

"I do plan to ask the same questions again that we asked last year on what vendors are finally doing about both privacy and security. They are far too important to be left out, once again, for another year, and I think it is our responsibility, as social software internal evangelists to highlight across the board how critical it is to bring up this subject time and time again, so that, at some point, we may be able to have those issues addressed and sorted out once and for all."

What do you say, Luis?

3 comments:

Luis Suarez said...

Hi Devang! Many thanks for putting together such a great, and timely!, blog post. I have now gone through it and I am really glad to read that SamePage is walking along the line of those enterprise social software offerings that truly respects security and data protection based on the need to know. Brilliant news!

However, my post does not stop on securing data or information; it goes further on with the topic of protecting the identity and privacy of the knowledge workers who are using those enterprise social tools. As you may well know, over here in Europe, privacy laws are rather restrictive on the kind of information that is made available to employers of their knowledge workforce, to the point where in some of those countries it is rather tight and restricted. Yet, most enterprise social software vendors seemed to have ignored such privacy issues thinking they could get away with it. Don't think so, I'm afraid. They're still there, becoming stronger than ever by the day.

I'm not sure whether SamePage also builds further on into employee profiles and their identity within the firewall; if you guys do, that is terrific news, because we would be able to add SamePage as one other of those social software solutions that clearly gets it. If you are not, I mean, if it's not part of the product you will be all right, since you already dealing with data security, as you clearly explained. The thing is that plenty of other vendors still need to do their bit of homework in order to nail it for the employee identity side of things and their protection, if they ever come across. So we will need to keep asking, and challenging!, them to deliver sooner rather than later...

Thanks again for the great post and look forward to your comments.

Devang Mehta said...

Hi Luis. Thank you for the comment! I appreciate your thoughtful and detailed reply.

SamePage does indeed have secure profiles for each user within the system. Aside from basic information, like name, email, etc., all the information in the profile is supplied on a voluntary basis. So, a user can enter in information about skill-sets, hobbies, etc. and that data is available for viewing (and searching) by all other users in that Wiki instance alone.

In a nutshell, our product does have features for building social profiles, and for other to discover these profiles through keyword searches; however, none of this is done without the implicit consent of the user.

Thanks for the discussion, and I'll continue to follow your blog.

Luis Suarez said...

Hi Devang, thanks a lot for the follow-up! Greatly appreciated all the feedback. It's great to read that SamePage, once again, is raising the bar on to a new level. Good stuff! I guess what I was referring to when I made the above comment was to indicate how very few enterprise social software applications have actually gotten the heads up, and being approved, by the various European Union countries where those privacy issues are more strict, as playing nicely with those respective country privacy laws.

So far, I haven't seen any major announcement for most of them to half complied with such requirements, which basically means that we're not there yet and that most vendors would need to start looking into that very soon, before they run into further trouble. That's all I'm saying. We have been waiting for far too long for that to happen and somehow I fear one of the main reasons why there is such a slow adoption of social software tools over here in Europe is because of that very same reason. Just a thought.