Since I'm in a position of promoting the use of Web 2.0, I found it useful to see a description of the specific risks that make IT departments wary, and I was encouraged to see that most of the risks are directly related to the protection of sensitive information. We certainly need to exercise some discretion about the types of information we publish in our wikis, blogs, and social networking sites, but that still leaves us a lot of useful applications.
Some of the specific risks that were mentioned in the article are:
- When sensitive information resides on a third party's computer system, its security depends on the soundness of the third party's security practices and integrity.
- Access to proprietary information might be granted on a casual basis to individuals who should not be authorized, and access might not be revoked promptly when an individual leaves the company.
- Blogs, wikis, and such tend to exist without the knowledge and control of corporate management. In a litigation situation, where a company is required to produce all relevant information (including digital information), there can be serious legal consequences if these uncontrolled information stores escape notice.
Commercial in-house collaboration tools such as SharePoint are easier to control, but slow to set up compared with the freedom of the common Web 2.0 tools. As an alternative, some Web 2.0 vendors such as PBwiki and Google Apps offer company accounts where an administrator can set access rights for individual users and prevent the disclosure of information to outsiders.
The conclusion is pretty much the same as what we tell our teenagers about MySpace and Facebook – think before you put something online. It doesn't have to stop you from using the tools wisely.