intranet, secure, data breach, thoughtfarmer, tanis roadhouse, blueprint, governance, risk assessment, project, social media
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

To see the list of all blogs, including Scott Wright's Security Views Blog and the Streetwise Security Zone Podcast click HERE. You also can subscribe via an RSS reader, or check the "Watch This" box in the left column to receive news by email of new articles.

  Scott Wright's Security Views
Blog Entry

Implementing a robust Intranet that leverages social media technology

Wednesday, July 27th 2011 @ 7:16 AM (not yet rated)    post viewed 32953 times

For a while now, I have been keeping an eye out for technologies that might help organizations leverage social media securely, within an Intranet environment for business purposes. Recently, I came across a success story about the Canadian Medical Association’s recent implementation of a social Intranet using an out-of-the-box product by ThoughtFarmer. That article (posted on the ThoughtFarmer blog) tapped the CMA project leader, Tanis Roadhouse, for tips on some of the key points in her blue-print for the CMA site’s implementation. So, I decided to check into the story.

The article showed that Tanis, while not being a life-long IT project leader, was pretty well organized, and showed some thought leadership. Here’s a summary of her 7-point blue-print for building a social intranet:

  1. Start with an inspiring vision: the value of a collaborative culture
  2. Secure executive support
  3. Pick a name that matters
  4. Gather requirements to learn the business
  5. Partner with IT early
  6. Treat content owners like royalty
  7. Embrace continuous improvement

Click HERE for the entire article.

For each point, the article provides some detailed explanations. I followed up with Tanis via Twitter to see where Risk Management and IT Security fit in, since they weren’t explicitly listed in the explanations. For the most part, she said they addressed these issues in the IT liaison step.

Tanis did mention (over Twitter) that, because the organization is heavily oriented toward finance, a Risk Assessment was performed in order to protect client data. The assessment concluded that there was, “Limited risk, as it is an Intranet site”, and that “Risk to clients was reduced through governance policies.”

I should point out here that you can not infer that an intranet site will be secure simply because you have good governance policies. Any organization that takes on any IT project that will be deployed on their network (internal or external) should do a thorough risk assessment, and use its recommendations to strengthen any identified vulnerabilities. This may result in strengthening policies, technical safeguards, procedures, personnel screening, roles and responsibilities or training. (Disclaimer: I harp on this stuff because it's a big part of what I do for my clients.)

I think the lesson here is that organizations are starting to see value in using social media tools that they keep under their own control. In the early years of Facebook and Twitter, I saw some organizations embracing the publicly available tools to initiate internal collaboration, which was (and still is), generally a bad idea. This kind of thing led to hackers employing social engineering tactics to join “employee groups” and learn way too much about the vulnerabilities inside the company’s walls and networks, which of course, leads to data breaches.

Now, with some real implementations we can talk about, I’m hoping to get a closer look at how these tools can be deployed securely in an environment where you’re not sharing sensitive corporate data with 700 million of your closest friends (e.g. as would happen on Facebook).

I should also mention that the ThoughtFarmer blog also seems to be a good source of thought leadership. Not only are they kindly publishing meaningful success stories, but they also demonstrate an understanding of how to use social media to help others think through their problems. One of their subsequent posts has a list of “81 Intranet Governance Questions to Ask Yourself.” (Click HERE)

I’m encouraged by this kind of leadership, both in the vendor community (as demonstrated by ThoughtFarmer) and among the project initiators like Tanis. I hope to follow their progress in the future and share any tips I learn with you.


Scott Wright

The Streetwise Security Coach

Phone: 1-613-693-0997
Scott Wright on LinkedIn 

To download my FREE Security Management Resource Guide now, and to receive my series of Streetwise Security Tips, as well as my Streetwise Security News and updates click HERE.


Site Meter

 rate this post: very bad poor average good fantastic!

Copyright 2012. Security Perspectives Inc. All Rights Reserved.