There is a fundamental shift underway in how organization approach collaboration. Whether building out an intranet, engaging with partners and customers through a formal extranet or consumer-based social networking platform, or even within the business platforms we use, such as CRM and ERP systems, the use of social tools to improve how we connect, communicate, and collaborate is on the rise. But while end users are quick to adopt these technologies, concerns over how these tools are monitored and managed can present a sizeable gap for compliance-minded organizations.
As companies increasingly look toward social technologies to improve the user experience within enterprise collaboration management (ECM) platforms, we need to not forgot one of the primary reasons we have these ECM platforms in the first place: their document-centric functionality, role-based security features, and their robust auditing and compliance capabilities.
Most organizations go to great lengths to ensure only the right people have access to certain content, and that the content adheres to sometimes very strict industry and regulatory standards. Unfortunately, the leading social tools do not always comply with these strong governance, reporting and compliance standards, and organizations must take steps (sometimes very manual steps) to mitigate any risks.
Historically, Microsoft has a strong record of mitigating security risks. As most cloud-based competitors have focused on rapid innovation, the gaps have only become wider and the management of the many collaboration tools across any single enterprise has become quite complex. With Microsoft, the gaps have not been as wide, which has continued to keep platforms like SharePoint and Office 365 as the market-leading tools of choice for enterprise customers.
Even with the acquisition of Yammer a couple years back, and with the restructuring and realignment of product, engineering, and marketing organizations under the "one Microsoft" banner, the company has made major investments in improving their security and compliance story across the board. Changes to how the company develops software and services has been rather dramatic, beginning with their move from a 3 year (at best) release schedule to quarterly, monthly, and in some cases even weekly releases of its cloud-based offerings, with a regular cadence for major on premises features still being refined.
Microsoft "gets" the enterprise space. Through investments in the Office 365 Compliance Center, various regional and global standards and certifications, and customer and partner evidence efforts, the company is working to calm the nerves of governance and compliance practitioners. It is only a matter of time before Microsoft closes the governance and security gaps -- either directly, or with the help of its partner ecosystem.
From a SharePoint social perspective, you still have the benefit of sitting behind the SharePoint security model -- however with Yammer, things are more limited. Security happens at two levels: access to the network, and access to the private group. And if you happen to be a paid Yammer user with the ability to push content from SharePoint to your corporate Yammer environment, be aware that you may have content moving from a secure space in SharePoint to a less secure location within Yammer -- and there is no real visibility from inside SharePoint into what was moved, who moved it, and what happened to it after it was moved. With Office 365 Groups, management is divided between multiple workloads, with few global (cross-workload) governance and compliance controls beyond what is available in the Office 365 Admin Center. That's the gap today.
While there are some out-of-the-box metrics and reports, the best Microsoft can offer today for on prem SharePoint social customers is the ability to dig into the change logs and other social activities through the various content databases and User Profile Social Database. For the most part, how you work across SharePoint and Yammer is incomplete within the current versions. This is a rapidly changing discussion -- but the key is to be aware of your own security, compliance, and governance requirements, and understand (and mitigate) the risks inherent with social collaboration.
For now, your best defense is training, helping end users to understand the process and limitations of security within your chosen social collaboration toolset. Another option is to let the community police the social platforms. People tend to come up to speed very quickly, and correct each other when, for example, someone shares a secure document in Yammer that should be in a secure area within SharePoint, sharing a link rather than uploading content (which may also be duplicating the content).
Overall, many companies are finding that the value they receive through social collaboration is greater than the risks of working without some of the security and governance safeguards. Of course, one of the major advantages of working with a solution like Beezy is that we provide an extensive set of social collaboration capabilities -- beyond what either SharePoint or Yammer can provide -- all within the SharePoint framework, meaning that all of your SharePoint governance, compliance, and auditing controls and capabilities automatically apply to Beezy. Our solutions was built on SharePoint, for SharePoint -- whether on prem, in the cloud, or somewhere in between.
If you are interested in more best practices around building a governance strategy for your social collaboration tools, I recently co-authored a whitepaper on the topic with Melinda Morales at GTconsult and in partnership with ContentPanda. The whitepaper covers three key areas in order to best apply social governance to your existing or new environment, and can help remove the stigma from the word "social" for your management teams. This guide will help you:
Click here to download your free copy of this whitepaper.