Social Business

What Google's VP8 Codec Means for the Future of Video Messaging

Steve Maxey — Thu, 25 Apr 2013 15:50:04 +0000

Since acquiring On2 Technologies in 2010, Google has been waging a battle to unseat the popular h.264 video codec with VP8, a technology it acquired with the On2 acquisition that it intends to release as open-source, royalty-free software. At issue is the cost and ubiquity of video online and in phones and mobile devices.

Video codecs encode and decode video and audio date for more efficient streaming and to reduce storage requirements. Few people care about how they work, and the patent cost of codecs is generally transparent to users and equipment buyers. The h.264 codec’s wide adoption has accompanied the huge growth of online video, and the companies that embed h.264 in DVDs and Blu-Ray discs and disc players, web browsers, video cameras, and mobile phone processors pay royalties to MPEG LA, which licenses a pool of patent.

Last month, Google quietly reached an agreement with MPEG LA that results in 11 of the 12 companies claiming VP8 infringes their existing video codec patents dropping those claims, leaving only Nokia still challenging VP8 patents and refusing to license under any terms.

Meanwhile, Google has been starting to bring VP8 and its VP9 successor to the Motion Picture Expert Group (MPEG) working group International Organization for Standardization (ISO) to work toward its acceptance as a standard and to argue for its inclusion as a codec in WebRTC—Web Real-Time Communication, the project to enable browser-to-browser real-time communications. Big players Cisco, Microsoft and Apple offered resistance, throwing their weight behind requiring only the h.264 codec, which they already have deployed in lots of non-browser and even non-web video devices, often with hardware acceleration.

This can seem like a lot of inside football for the messaging professional, but it can shape the cost and diversity of future video and voice messaging devices on the one hand versus WebRTC interoperability with the video system or telepresence suites already in use by your organization. The costs associated with h.264 licensing will help keep the deployment of certain sorts of video products and platforms in the hands of larger players who can afford the licensing. More nimble players pursuing edge uses of video may be shut out. But leaving VP8 out of the WebRTC also means that that new WebRTC app or device will be able to send and receive video from your existing telepresence suite.

Nonetheless, the open-source advocates are plowing ahead: VP8 may not be required, but it already is supported for plugin-free display of video in the Chrome and Firefox browsers as well as Chrome for Android, as well as in Android devices—making up nearly 2 billion endpoints, according to Justin Uberti at Google

The Workforce of the Future: Yes, You Should Be Worried

Michael Osterman — Wed, 24 Apr 2013 06:41:55 +0000

A good friend in Washington recently posted this on Facebook:

“I follow on Instagram almost all of my 6th grade youth group girls and I am continually amazed at how many of them have public profiles and post screen shots of their personal information. I wonder how many parents actually know what pictures they’re posting and if they really care…”

This is troubling on a couple of levels. First, many social media users tend to overshare their personal information and so are more susceptible to online fraud like email phishing. They’re opening themselves to a potentially higher likelihood of home burglary when they post near real-time photos of themselves on vacation or otherwise away from home. Young people, in particular, might be opening themselves to the worst kind of child abuse—a British newspaper did a search on Twitter and within two minutes found 20 users who expressed interest in “under-age images and child abuse”; within two hours they found 200.

Young people are typically the worst offenders because they care less about the privacy of their personal information. Lest you think I’m just some old guy making sweeping generalizations about young people, a new survey from the USC Annenberg Center for the Digital Future and Bovitz, Inc. found that while 77% of those 35 years of age or older agreed with the statement, “No one should ever be allowed to have access to my personal data or Web behavior,” only 70% of younger people agreed. I anticipate that as people grow up in an age of continual connectedness via social media, the proportion that care about personal privacy will continue to shrink.

However, employers need to be concerned about this, as well, since these are the people that will be your employees in the years to come. We hear on a regular basis how businesses must adapt their communication practices to young people entering the workforce—they need to make social media easily accessible, permit the use of personally owned smartphones and tablets, and generally migrate away from an email-centric mode of communication and collaboration. While that’s true, business decision makers also need to be concerned about the very real potential for oversharing employees to overshare corporate content. While much of this might be accidental, an employee with a predispostion toward oversharing personally is likely to do so with corporate information, as well.

It’s important to note that by oversharing, I’m not talking about sending things like trade secrets, confidential financial reports, or other really sensitive information through social media or other channels. While that can and does happen, quite often the oversharing can be more subtle. For example, an employee of a consumer products company who continually posts about business travel to Minneapolis or Atlanta or Issaquah might be giving clues about an upcoming retail deal with Target or Home Depot or Costco—information that could be valuable to competitors, but that was shared with no intention of revealing confidential information.

What should businesses do? First and foremost, establish policies focused on how devices and applications should be used—lots of organizations don’t have these policies, and they should. Second, implement a data leak prevention solution that will monitor all of the channels over which employees communicate, including email, social media, instant messaging, etc. The goal of the DLP solution should be to monitor communications and take appropriate action, which might include encrypting some content, blocking some messages, reminding senders about corporate policies before the send actually occurs, or routing some messages to a supervisor or compliance officer for further review.

Entering a new age of communication and collaboration with employees who might be less concerned about privacy means that decision makers need to be proactive in order to mitigate risk to the extent they can.

An Interesting Way to Address the BYOD Problem

Michael Osterman — Mon, 01 Apr 2013 19:51:42 +0000

I had an interesting discussion last week with AirPatrol, a company coming out of stealth mode, with regard to their solution to address the BYOD problem. Their approach, which they call “Cognitive Mobile Security,” uses location sensors installed within a building that can track mobile devices to an accuracy of 20 centimeters—accurate enough to identify whether a mobile device is in your shirt pocket or pants pocket.

AirPatrol’s Zone Defense solution is conceptually quite simple: location sensors, each of which can cover about 2,200 square feet, are deployed within a building (a minimum of three sensors are required per space for triangulation purposes). These sensors provide continuous monitoring of all Wi-Fi- and cellular-enabled devices within their detection area, updating the location of each device about every three seconds. Through a single console, all devices can be monitored in real time, providing MAC addresses, association states and other information about each device.

If a device requests access to the corporate network, an agent is first downloaded to the device with the owner’s permission. If an unauthorized/agentless device is active within the monitored space, Zone Defense will alert the security team or other monitors to warn them of the potential security threat.

Once the agent is active on the device, location-based security policies will be enforced that can enable or disable certain features of the device. For example, if a particular room with sensitive information is defined as an area in which mobile device cameras and microphones should not be enabled, any device entering that zone will automatically have its camera and microphone disabled until it leaves that zone, although all other functions of the device will continue to operate normally. Moreover, the policy can be granular in that certain roles can have functions in a particular zone enabled, while other roles, such as visitors or consultants, can have functions in the same zone disabled.

AirPatrol’s solution, while requiring an agent on the device, is an elegant approach to the BYOD problem because it permits employees and others to use their devices, but with full knowledge and control of the organization’s security or other teams. It can prevent users from accessing the Internet via Wi-Fi or cellular connections during certain hours while connected to the corporate network to prevent security breaches, for example, while re-enabling Internet connectivity once the user has disconnected from the corporate network.

Although the US government is a significant customer of AirPatrol, banks, hedge funds and others are among the company’s customers.

Employees Are Part of Your Security Infrastructure, Too

Michael Osterman — Mon, 25 Feb 2013 10:54:13 +0000

Most will agree that despite the enormous amounts spent on secure Web gateways, anti-virus software, cloud-based malware filtering and the like, users are still the weak link in the security chain. The primary reason for this is that increasingly they are the targets, often supplying the bad guys with the information they need by posting detailed personal information on social media and other sites. Moreover, bad guys can often harvest many of your company’s email addresses and use them to launch a phishing or spearphishing attack against your company’s employees. Smaller organizations are typically most vulnerable to attack because they often lack the budget or expertise to thwart sophisticated attacks.

As just one example of what can happen to a company, a cybercriminal could launch a spearphishing attack against a small company’s owner or other senior executive for the purpose of infecting his or her PC with malware, such as a keystroke logger. The goal of doing so would be to gain access to the corporate financial accounts so that the cybercriminal could transfer money to mules operating elsewhere in the country who would, in turn, transfer the money offshore.

To see how much information I could gather on a senior executive, I chose a company at random in Kent, Washington after doing a quick Google search. I went to this company’s Web site, found an owner of the company, and then did a search for his name on Facebook, where I found him. Although I’m not friends with this individual, a quick look at his wall revealed his former employers, where he went to high school, the fact that he is also a realtor, where he had lunch last Friday, his phone number, information about his Washington State Ferry ride last Tuesday, information about an upcoming company event in early March, the names of two people who gave him gifts in late January, and what he had for dessert on January 13th. A bad guy could have used any of this information to craft a spearphishing email with a subject line that would likely have attracted his attention and gotten him to click on a link to a malware site that would have infected his PC.

KnowBe4 is a Clearwater, Florida-based startup focused on combatting this kind of social engineering attack through a combination of employee training and periodic testing of the effectiveness of that training. Essentially, the company does three things:

Initially, it conducts a simulated phishing attack against a company’s employees to determine just how vulnerable they are to phishing attacks.
Then, it conducts individual online training sessions that last 30-40 minutes to educate employees about phishing and spearphishing.
It then follows up this training with simulated phishing attacks to determine just how vulnerable employees still are after the training.

Part of the effectiveness of this training method is that it provides a feedback loop that consists of testing, training, testing and remediation. Employees who fall for simulated phishing attempts can receive additional training or other remediation efforts designed to help them become more careful when inspecting their email.

KnowBe4 has demonstrated that their training and testing system can reduce employee vulnerability to phishing attempts. While KnowBe4’s solution certainly does not do away with the need for a layered security system at the gateway, server, desktop or cloud levels, it can bolster what is often the weakest link in a company’s security posture—their employees.

Is Email Really Going Away?

Michael Osterman — Tue, 05 Feb 2013 01:40:02 +0000

In the 2009 to 2011 timeframe, there were a number of articles in the trade and popular press about the demise of corporate and personal email. Many believed that email use would dwindle as younger people entered the workforce, those weaned on social media and text messaging. Email was for the “grups” (you’re welcome, original Star Trek fans), while newer forms of communication would replace it.

Maybe someday, but not now. We just completed a survey with corporate email users to determine if that was the case. What we found is that 42% of email users are employing email more today than they were 12 months ago, while only 10% are using it less. The remainder are using email at about the same level they were a year ago.

Our research also found that email continues to be the dominant communication tool used in the workplace. For example, the typical email user does something in their corporate email client or corporate Webmail for a mean of 149 minutes on a typical workday. That’s dramatically more time than they spend on the telephone (66 minutes), instant messaging (29 minutes) or the Big Three social media tools (10 minutes).

Why is email still so popular? The most obvious answer is that email is ubiquitous and standards-based, and so sending an email or attachment to someone can be accomplished with very high reliability. However, I think there are two additional reasons that email is so popular:

Email is the corporate equivalent of call screening, a fairly common practice and one of the primary reasons we like caller ID and voicemail so much. Someone can send us an email or an attachment and we don’t have to do anything about it until we want to do so. Unlike instant messaging, text messaging or a real-time collaboration system, we can receive an email and not interact with the sender, or we can send an email and not have to interact with the recipient. In short, email gives us the flexibility of timing our social interactions in a way that other tools cannot.
Second, email is our “junk drawer”—that repository of emails, contacts, files and other information that acts as something of a flat-file database in which we can store content that is easily searchable. Moreover, anyone can add to our database by doing nothing more than sending us an email. Yes, there are those minimalists who maintain little in their inboxes—but most of us are “pack rats” that store thousands of emails and other content somewhere in their email system. Using email in this way frees us from the tasks associated with being file managers, since we can almost always find whatever we need in our email system.

The bottom line is that email is not going away anytime soon.

An Interesting Cloud-Based Intranet Offering

Michael Osterman — Thu, 20 Dec 2012 21:31:50 +0000

I was recently briefed on Jostle’s People Management platform, an offering that the company refers to as an intranet, but that many might consider to be an enterprise social platform. Jostle’s platform is an interesting offering for several reasons:

Unlike SharePoint that has a document-centric focus with social capabilities also built-in, Jostle’s People Management platform has a social/people focus that also has document capabilities built-in. For example, Jostle’s offering has a photo wall that presents the images of everyone in the organization. Users can search across all employees by name, role, location, skill set, etc. Clicking on an image presents contact and other information about that individual, such as tags about the individual’s interests that are auto-generated by the system based on their activity.
The People Management platform also offers a “Relationships View” that presents the activities individuals are working on at any given time. Interestingly, it can also present the formal organizational structure of an organization, but also the informal organization structure that might represent a better picture of how employees relate to one another collaboratively. This view provides insight into the contributions made by individual employees and the groups in which they participate, perhaps offering insight into how the organization really works.
One of the more powerful features of the platform is its ability to find expertise within a company based on activities in which employees participate, information that might not otherwise be discoverable through conventional communication and collaboration channels.
The platform also provide a robust news platform that allows individuals or groups to post events, documents, client information and other content that can keep everyone in an organization up to speed on the latest events.

So, why are tools like Jostle’s People Management platform, as well as social offerings from companies like Socialtext, Jive, Socialcast, IBM, Microsoft, Novell Vibe and many, many others important? While they allow individuals in one location to share information and become more productive and informed as a result, I believe one of the primary advantages is that they allow geographically separated employees—both those across the world and those across town who telework, for example—to work more efficiently.

For example, in An Empirical Study of Global Software Development: Distance and Speed—a research paper written several years ago by individuals from Lucent Technologies, the University of Michigan and Xerox PARC—the authors discuss the results of their research into problems caused when people who must work together are separated geographically. An interesting finding from the study came from questioning professionals, mostly software engineers, about delays in their work caused by the need for information from other people. The study found that when these people needed information from others at local sites, there was an average of 2.1 delays per month and the average length of delay was 0.9 days. However, when they needed information from others at geographically distant sites, the mean number of delays was 1.9 per month with an average length of 2.4 days. In other words, there were 1.9 local delay-days per month when needing information from others at the same site, but 4.6 delay-days per month when the information was needed from people who were geographically separated, a difference of more than 140%.

The key takeaway here is that distance imposes delays in gathering information from others. These delays might manifest themselves in slower response to a customer inquiry, delayed introduction of a new product, deleting certain product features from a new release if the deadline for the release is unchangeable, and other problems. None of these are issues that are necessarily going to create a clear and quantifiable financial impact in and of themselves, but they will result in an impact on the bottom line at some point. Tools like Jostle’s People Management platform and a host of others will help to address these issues by eliminating at least some of the barriers introduced by distance.

Users Become More Savvy at Managing Online Privacy and Reputation

Stephanie Jordan — Thu, 29 Nov 2012 17:41:59 +0000

A common role for IT is that of watch guard for users, endlessly trying to educate and train on best practices for security, privacy and regulatory compliance. Making that IT role all the more challenging is bring your own device and social networking trends; both have increasingly opened the door to users’ potential for widespread sharing of personal and company information. Is it possible that some of the training and education is becoming so mainstream that it is being echoed outside the business realm? According to a recent Pew Internet & American Life Project report published this month, parents are acutely aware that teenagers have an online presence and 81 percent are concerned about it. Over half the parents polled were very concerned about how their teen interacts online with people they don’t know.

Online reputation is also a concern for parents of teens, with 69 percent worried about how their teen manages his or her reputation online; almost 50 percent were “very” concerned. In a separate Pew report, Privacy Management on Social Media Sites, published earlier this year, it was interesting to read that social network users are becoming more active in regard to privacy and reputation management. The report, authored by Mary Madden, was able to compare changes in behavior between 2009 and 2011. While it is not a leaping trend, all major metrics for profile management are up when it came to untagging photos (30 percent in 2009 to 37 percent in 2011), deleting comments (36 percent in 2009 and 44 percent in 2011) and unfriending (56 percent in 2009 and 63 percent in 2011).

Madden says that there are specific steps that users are taking to control the flow of information to different people within their network. Today, more than half of social network site users (58 percent) restrict access to their main profiles so that only friends can see it. About 19 percent of users set their profile to partially private, so that friends of friends can view it and only 20 percent of users offer their main profile to the public. Even the friends category is tiered with 26 percent using additional privacy settings to limit what certain friends can and cannot see. Women are “significantly” more likely than men to keep their profiles private.

So with these adult trends in mind, it makes sense that parents of teens feel concerned, especially with so many more adults now using online social networking sites themselves (two in three online adults maintain a profile on a social networking site, up from just 20 percent in 2006.) According to this month’s Parents, Teens and Online Privacy Pew report, 39 percent of parents of teens have helped their child set up privacy settings for a site.

It appears that as the use of social media is “growing up” our understanding of privacy and the need to prune and manage social networking site profiles might be growing up too.

Why You Must Manage Social Media

Michael Osterman — Mon, 26 Nov 2012 18:17:22 +0000

There is an interesting CNBC article out today that discusses the increased attention that the FBI is giving to tweeters in the financial services industry. Key points from the article:

A growing number of hedge fund managers and others in financial services firms are using Twitter to share their views on companies, stocks, news, etc.
As a result, FBI agents are actively searching Twitter and Facebook for evidence of securities fraud.
One study found that Twitter can predict moves in the Dow Jones Industrial Average two to six days in advance with a remarkable accuracy of 87.6%, making tweets an increasingly important source of “inside” information about stocks, companies, etc.

Clearly, anyone in the financial services industry should get their social media act together in order to prevent charges of insider trading or doing anything that might run afoul of SEC, FINRA, FSA or other regulations. However, even if you’re not in the financial services industry, you should get your social media act together in order to prevent bad things from happening to your company. For example, employees could use Twitter or Facebook to:

Allude to upcoming merger or acquisition discussions with another company.
Reveal travel plans that might be evidence of an upcoming deal with another company (I was told about a case in which someone successfully guessed that a security-related company was going to do a deal with a large retailer based solely on an employee’s tweets about traveling regularly to a particular city).
Sexually harrass another employee, contractor, business partner, etc.
Post information about their use of drugs, alcohol, opinions about their boss, etc., that could embarrass a company or harm its revenues. Check this out for the types of tweets that could be damaging to your company.

The bottom line is this: if you use social media, you must manage it like you manage email or any other form of electronic communication.

Device Deluge Leads to Always-Connected—But Elusive—Customers

Stephanie Jordan — Mon, 26 Nov 2012 01:30:55 +0000

There is a real risk for marketers to “lose” customers in our current age of the always-connected customer. This seems at first counter to the thought that more online time would mean more opportunities to engage the customer. It is true that more devices and more channels mean audiences are available in more places, at more times, however, it also means audiences’ scattered attention has made previously reliable customers increasingly elusive.

“New analytics solutions, multi-channel metrics, and better collaboration tools will be crucial in 2013,” says Aphrodite Brinsmead, senior analyst at Ovum. The Ovum analyst says organizations will feel the pressure to understand and pre-empt the needs from the always-connected customer. “Vendors will need to step up and add these capabilities fast, or else risk losing business,” believes Brinsmead. As part of its 2013 Trends to Watch series, Ovum explores the important changes in the customer experience and interaction market, detailing how technologies are evolving to meet new consumer demands and providing recommendations.

This always-connected trend is echoed by Forester Research, Inc. during a recent Webinar that looked at the challenges of reaching what it terms as the “always addressable” customer.

In the presentation by Darika Ahrens, interactive marketing analyst for Forrester, she notes that in 2010, there were so few “always on” customers that Forrester did not even collect data on them. “But by 2011,” says Ahrens, “we started to see this group emerging and they were already at 38 percent of the U.S. adult population. Recent research indicates that by the end of 2012, we believe the always on customer will constitute 42 percent of adults in the U.S.” She feels this is not a niche audience, given the rapid growth to date, and expected growth in the future.

What does this mean to marketers? While a marketer might think this means that more customers are more accessible via more devices throughout the day, Ahrens observes a real problem with this group. “Despite their connectivity, always addressable customers are harder to reach” Why? Because traditional marketing is starting to be tuned out and people are opting for subscriptions with ad-free environments. This group also expects higher relevancy than other groups. Because they are so connected, people expect what they see and hear to be relevant to them and if it is not; they are not willing to trade information. In a nutshell, there are more digital opportunities today to market to, but with those opportunities comes challenges.

One of the best takeaways from the Webinar is Ahrens’ recommendation to stop thinking about social media and think instead about the person a marketer is trying to reach and ask: “Who am I engaging with directly? What is their history with my brand and who else are they connected to?”

Ahrens says marketers need to understand when, where and why customers are engaging with a company by asking—where is this person when they engage with me? When can they come into contact with my brand and what, specifically, are they doing at that time?

Even though we have a deluge of devices today, (60 million people will have tablets alone by the end of 2012) and that customers have never been so connected as they are today, we still need to step away from the technology and focus on the person to understand what needs the customer has that you can fulfill. Ahrens recommends that marketers ask, “What need is revealed when I consider the people and their context together? What value or service can I offer that will fill that need? What messages or context must I create to delver that value or service?

Only after those questions and lots of research about the customer is done, should then technology be considered, even in this environment today where technology is so pervasive.

“One of the reasons we always put technology last is because it can be a false economy to think about a technology first or a platform first,” explains Ahrens. “At Forrester, we think it is about identifying the person first and from there your strategy flows so that by the time you get to the technology step and deciding what you are going to be using—the mobile devices, the tablets, or web TV or interactions with your digital campaign—it comes together as a final step.”

This reminder is important for marketers that can easily become overwhelmed with the number of channel options available today to reach out to customers. Having the technology be the final consideration puts the customer first. After all, isn’t that where a customer belongs in an organization of any size?

Account Takeovers Estimated in 100s of Thousands a Day

Stephanie Jordan — Thu, 25 Oct 2012 06:43:16 +0000

Users lose control of Facebook, email, Gmail, Yahoo!, Twitter and other online accounts frequently. agreed representatives from Microsoft, Twitter, Yahoo!, Responsys and Dropbox during a breakout session at the Online Trust Forum 2012 held earlier this month. While all the companies actively patrol for anomalies and conduct behavior analysis, breaches still happen, and while no one on the panel (nor among the who’s who in the audience) wanted to stake out a firm number, they agreed it was in the ballpark of hundreds of thousands each day. That number is plausible if you stop to recall this summer’s Yahoo! breach where over 450,000 accounts were hacked in one go.

Ramses Martinez, director of security at Yahoo! did not talk specifically to the breach, but talked in general terms noting that the impact of such a breach is really on the brand more than the infrastructure, admitting that it can “indirectly affect revenue.”

The impact of account takeovers at Dropbox, notes Cory Louie, head of trust, safety and security for the company, is that customer’s expectations of being protected by Dropbox are not met. “You lose trust immediately. The blame comes on you as a service provider, whether you are responsible or not.”

Over at Twitter, Bob Lord, head of information security, explained that due to the nature of Twitter that a Twitter name is a personal brand, and that followers follow that brand. “When you lose control of the account, it is anguish to the people affected.” But Lord observes that while “many people act like they know security, their behavior online says otherwise.”

The group discussed how passwords are key to tighter security, but that users, even after much education and recommendations provided, are still re-using passwords, or have very weak passwords.

At the time of the Yahoo! break-in, the top password, representing 38%, was 123456. Here is the other top nine:

password = 18%
welcome = 1%
ninja = 08%
abc123 =.06%
123456789 =.05%
12345678 =.05%
sunshine =.05%
princess =.05%
qwerty =.04%

Lord made an interesting point, for Twitter and many other social media sites, an email address acts as an anchor of trust. When email users lose control of their email accounts, it can impact Twitter and other sites.

So what are people losing when accounts are hijacked? “There is not necessarily a financial impact,” says Martinez. “But the contacts in your network, the ecosystem, that is the concern.”

The entire panel agreed with Lord in that patrolling for break-ins is more art than science. Even the people who have their accounts hijacked usually have no idea anything has happened until their contacts start asking questions about the spam coming into their inbox from their trusted friend.

The bottom line, protect your email accounts. Use a password tool, or develop a password strategy that allows multiple passwords to be used rather than reusing the same one for many different sites, and change passwords often. In today’s messaging world, keep in mind that email is the anchor of trust and doorway into many other channels, like Facebook, Twitter, Dropbox and LinkedIn.

Are You Meeting Compliance, Recordkeeping and E-discovery Obligations When Using Social Collaboration Tools?

Stephanie Jordan — Thu, 25 Oct 2012 06:31:42 +0000

One of the challenges in our “bring your own device” (BYOD) and “use your favorite online tools at work” culture, which is the reality today, is the burden of organizations needing to stay compliant and maintain control of shared data. While enabling employees to be productive is vital to business, so is being complaint and ready to respond to potential e-discovery calls.

It is widely believed that if a company tries to put restraints on employees, that increasingly tech-savvy employees find a work around to enable the use of the preferred tool, file sharing method, or the like. In response to this, more and more solution providers are trying to secure the favorites to close the gap between employees selected or desired tools and IT compliance constraints.

In addition to the concern that employees will create work arounds to use unsanctioned social collaboration tools at work, is the prediction from analysts like Gartner that by the end of 2013, 50 percent of all companies will be asked to produce content from social media websites for e-discovery.

This month, Smarsh, a provider of email archiving and compliance solutions, announced the launch of Archiving & Compliance for Chatter on Salesforce.com’s AppExchange. According to Smarsh, Archiving & Compliance for Chatter enables organizations to capture, preserve, search, supervise and produce organizations’ Chatter files and communications in support of compliance, recordkeeping and e-discovery initiatives.

“Recent ESG research shows that concerns about regulatory compliance are one of the major inhibitors to adoption of Social Enterprise products,” states Tom Petrocelli, senior analyst at Enterprise Strategy Group (ESG). “Providing this capability for enterprise social networks such as Chatter needs to be a primary focus for vendors and IT alike.”

Smarsh agrees that one of the biggest barriers regarding sanctioned social collaboration for the enterprise is around records management for e-discovery and compliance purposes, especially in regulated industries such as financial services, education, government and healthcare. But given today’s record number of social media adopters, barring social media is no longer an option.

“Companies around the globe are transforming the way they connect with customers, partners and employees through social and mobile cloud solutions,” observes Mike Rosenbaum, senior vice president AppExchange and Force.com Operations, salesforce.com.

Organizations that want to keep up with the speed of business and remain competitive can’t be left behind when it comes to engaging social media channels, but the engagement needs to be done in a compliant-conscious way. Solution providers like Smarsh are working to alleviate these barriers by reducing risk when it comes to compliance and e-discovery for popular social media sites.

The Salesforce Chatter offering from Smarsh follows the launch of its solutions for other popular social media sites like Facebook, Twitter, LinkedIn and YouTube.

These days records management should not hinder social media adoption when there are a number of solutions to address compliance when using today’s fastest rising messaging channels.

Should Twitter Be Considered a Common Carrier?

Michael Osterman — Wed, 17 Oct 2012 19:38:24 +0000

The concept of a “common carrier” is one that has been applied to transport companies for centuries—the first such case on record in English common law dates back to 1348—although in more recent times the concept has been applied to telephone companies, Internet service providers and others that transport electronic content, not just physical goods.

Should this concept apply to Twitter, Facebook and other social media companies that provide transport of information? In other words, should social media companies simply transport all content sent by their users without applying any sort of filtering to this content to prevent transport of things it determines to be offensive, illegal or otherwise not in their best interests?

At issue here is the significant number of tweets from a small handful of Twitter account holders that contain inflammatory content or direct threats against others. As just a few recent examples, there have been a large number of anti-Semitic posts from French-speaking twitter users, Mitt Romney has received a significant number of death threats via Twitter, and numerous athletes have received death threats after making mistakes in big games, not to mention the enormous problem with cyberbullying that victimizes large numbers of young people.

The technology or practice of censoring tweets is not the issue: Twitter can and does censor content already on a country-by-country basis. The much bigger issue is should Twitter filter its content to prevent this type of content from being transported on its network? A common carrier generally cannot do so unless the service is being used for an illegal purpose [Movietime Inc v. NY Telephone Co., 277 App Div 1057, 101 NY Supp.2d 71 (2d Dept 1950)]. However, a common carrier must be certain of the illegal activity and have evidence that its services are being used for illegal purposes [Nadel v NY Tel., 170 NYS2d 95 (1957)] before it is permitted to deny access to its network.

Your thoughts?

A Useful Solution for Document Collaboration

Michael Osterman — Wed, 17 Oct 2012 07:26:28 +0000

One of the fundamental tasks for an information worker is creating and revising documents based on the feedback of multiple users. In my own case, I am frequently working on documents with multiple reviewers, such as white papers that are sent to several clients for feedback. We normally go through several review cycles on the typical document, sending each draft via email, with the need to incorporate feedback—sometimes on the same sentences or paragraphs—from several different people. While there are some useful tools available in Microsoft Word to facilitate the review process, the tools are fairly basic and lots of work is required to ensure that all of the feedback we receive is accurately integrated into each new draft.

I recently was briefed by PleaseTech, a UK-based firm that focuses on solutions specifically designed to address these types of problems. The company offers two products:

PleaseReview is a document review tool that manages the process of reconciling multiple reviewers’ changes, comments and annotations. The solution enables multiple reviewers to work on the same documents simultaneously, both online and offline, using a browser-based interface.
PleaseAuthor is a component-based authoring tool that enables the creation of documents using pre-authored blocks of content.

PleaseReview offers a number of useful features, such as confidential review, in which each reviewers’ comments and changes are not available to other reviewers; and the ability to limit particular users’ edits to specific “zones” within a document. Because the review process tracks changes in a database and not in the native document application (Word, PDF, etc.), an independent audit trail can be established for all changes to a document. This is particularly important in compliance-focused environments.

The fundamental benefits of tools like those offered by PleaseTech are time and cost savings for those who create and review documents—PleaseTech claims that the use of its tools can reduce review cycles by up to 65%, and that it can deliver savings of 35% in the cost of producing documents. Moreover, the ability to create, review and publish documents more quickly can provide a number of less tangible benefits, such as faster delivery of proposals, an enhanced ability to comply with specific legal requirements, eliminating at least some of the disconnect that can occur when collaborators are separated by geography, better version control, and less reliance on emailing documents to collaborators.

U.S. Courts Waver on Whether Complaints Can Be Served Via Facebook

Stephanie Jordan — Thu, 20 Sep 2012 03:30:37 +0000

Showing just how entrenched social media has become, legal notices are now being delivered through untraditional channels, like Facebook and Twitter. While the law still favors the traditional physical handoff of court summons and complaint, social media sites are now being recognized in some states and outside the U.S. as acceptable alternatives.

Morrison & Foerster’s Socially Aware [PDF] August edition includes an interesting article on this trend and instances of when serving notice through social media works and when it does not and why.

When traditional means of delivery to a residence is not feasible, summons have appeared in local newspapers or posted as a public notice. Now it seems that social media is joining the ranks of these acceptable alternatives, providing certain steps are taken including:

Authentication of the profile. If there is any doubt that the pages might have been fraudulently created then the use of social media to serve would not be acceptable in the eyes of the court. The biographical details listed in the profile must match the party being served.
If there is any reason to believe the social media user may not actually see the complaint, or that the account is no longer active, then the use of social media would not be acceptable in the eyes of the court. Checking for recent photos, updates and posts can help confirm activity, as well as another way to ensure that the profile really does match the party being served.
See if friends or contact lists correspond to known relationships with the party being served and if those listed can act as third-party corroboration that the person is in fact the person being served.

According to the Morrison & Foerster’s Socially Aware article author: “Notice may actually be more likely to reach the intended recipient if delivered through social media than if communicated through those more traditional means [newspaper, public notice, etc].” Even better, the author points out, is an ability to confirm electronically that a communication has been opened or received by the intended recipient.

The article notes that a local court in Minnesota permitted service of a petition for divorce by Facebook, finding that “compared to the ‘antiquated…and prohibitively expensive’ traditional means of publishing notifications in local newspapers, service through social media would be both cheaper and more likely to actually reach the party at issue.

As Facebook users climb to more than 900 million worldwide, the finding of the court will likely become a widely used practice in the near future, but for now it appears to vary from state to state.

The Critical Importance of Context

Michael Osterman — Fri, 24 Aug 2012 18:28:59 +0000

One of the fundamental problems in having such vast amounts of information available to us is that it’s easy to lose the context of that information—i.e., additional and relevant data that can tell us how good or bad a piece of information might be. There is often too much contextual information to analyze, and so we cherry pick the results that are easily available to us without digging for other information that can help us make better decisions.

For example, within the past couple of weeks there was a news story that highlighted the large number of fake account Twitter accounts that were following one of the presidential candidates, leading to speculation that his campaign might have purchased fake Twitter followers. For example, as of the morning of August 24, 2012, 16% of his campaign’s followers are fake, 31% are inactive and 53% are valid. That sounds like bad news for his campaign—until you look at the stats for his opponent whose campaign, as of this writing, has 31% fake, 39% inactive and 30% valid followers. Not offering any sort of political commentary here, but just trying to drive home the importance of viewing news in the context of additional relevant information that can provide a point of comparison and contrast.

The same is true in the world of IT. For example, many organizations are making the decision to migrate from one messaging platform to another on the basis of incomplete information—a single cost of ownership analysis, the sexiness of one platform compared to another, or the persuasion of a compelling senior executive at a leading vendor. However, it’s important to view any decision like this in the appropriate context by asking a number of questions. For example:

What is the actual TCO for our current solution and what will be the actual TCO for the new one we’re considering?
How many applications do we have tied to the current messaging infrastructure that would need to be rewritten, updated or abandoned if we migrated to the new platform?
What are the regulatory issues we need to consider about where our email will be stored in a new platform?
Will user productivity be improved with a new platform?
Are there features or functions in the current platform on which users depend that are not available in the new platform?
Have we asked users how important these features and functions are to them?
Have we discussed this decision with our system architects to determine all of the ramifications of a migration to a new platform, or was this decision made solely by the CIO?
Will the migration costs be offset by improvements in features or functions available in the new platform?
What are the intangibles that might be difficult to quantify, but are nonetheless important to consider in the context of end user productivity, platform extensibility or integration with other capabilities?

None of this is meant to dissuade decision makers from migrating to a new messaging or any other platform—in fact, oftentimes a migration is useful and necessary. However, making such a decision with incomplete information—i.e., not viewing the decision in the context of all other relevant data that could be brought to bear—can result in erroneous conclusions about the direction one should take.