The democratization of software that has occurred with the development of social computing raises some important issues about IT governance. When we are dealing with consumer to consumer applications like Facebook or YouTube issues of governance are not that significant. That is, where netizens are connecting with each other and choosing to create or co-create applications and/or content. However, when we move into enterprise computing and business-to-business (B2B) or business-to-consumer (B2C) applications governance does become an issue.
What is easy to manage in the private realm often becomes much more complex for the corporation. For example, some jurisdictions require companies to be able to roll-back a website to exactly the same version as on any date in the past, thus giving rise to the need for sound version control. Or, if the system in question has life and death impact – e.g. medical systems, water treatment systems, or building management systems – version control and system integrity become paramount.
While ordinary netizens can and do create and share software artifacts it becomes an issue when they undertake these same activities in their roles as representatives of a corporation for which they work. Who owns the artifacts? There is an assumption that the employer will own it as with other intellectual property created in the workplace. But who then has liability for harm that flows from creation of that artifact? I suspect that it would be the employer, and the question arises as to how the employer might protect themselves.
Spoke with some folks at the Australian Computer Society event recently after my presentation on the Future of Technology. One factor that really came out as important in our discussion was the impact of social computing on ICT governance within organisations. Governance has been enough of a challenge for ICT up until now, and it is about to get a lot more complex due to social computing.
The democratization of computing is one of the important consequences of the web 2.0 social computing movement. And it has consequences that flow on into the realm of IT departments everywhere. It is giving rise to a kind of a ‘shadow‘ IT department. Users are no longer constrained in their use of systems to those provided officially by the IT department. Instead, now users can often access equivalent systems via the cloud (often through port 80) and the IT department can be oblivious.
One company I know of had an entire department start using a cloud based accounting package and it was only noticed when the quarter ended and their numbers were missing from the central ERP system. When asked why they had done this the business users commented that the functionality offered by the external provider was easier to use and better suited to their business needs than that offered by the IT department.
It is interesting to consider what will happen as individual business units start to vote with their feet like this. This is especially true as cost constraints hit home and business units start to assess if they are getting real value for their money from the centralised IT department offerings. Perhaps we could be about to see the balkanisation of centralised IT over the next few years?
2 thoughts on “Social computing & IT Governance”
Really good thoughts- I like this:
The democratization of computing is one of the important consequences of the web 2.0 social computing movement… Users are no longer constrained in their use of systems to those provided officially by the IT department. Instead, now users can often access equivalent systems via the cloud (often through port 80) and the IT department can be oblivious.
I have been heavy into the Social Computing space and have seen this adopted easily as social computing tools make their way into the enterprise. Our clients seem to be a little wary at first but the results speak for themselves.
– I’ve written a booklet about this for CPA Australia. If the employee says where they work in a post, and if for whatever reason the post looks like something their employer might be expert in, then it’s likely the employer will be liable if it’s poor advice (without a disclaimer, yada yada).
So, for example, if I use my employer email on an open forum to advise someone to ‘use unleaded petrol in your’pre-87 car’ – and I work at a mechanic’s, then there might be liability. If I’m an accountant, perhaps not so much 🙂 (although, if I was the accountant working at the mechanic might be a grey area). This is why lawyers get the big bucks :). Or, if it’s a post about stamp collecting, it might be different.
I think ASIC has just come out with draft rules to deal with financial planners who post advice on open forums.
I personally think no-one should use their work email for online social networking unless it has a specific link or purpose.
As for Web 2.0, cloud computing and the department that subscribed to a non-corporate site – lol, ‘zackly. And of course in their rigorous selection process they checked that the data is subject to audited privacy procedures, can’t be made available to competitors, that they don’t lose IP in their own data, that they can get their data back if the vendor goes bust…
This is why accountants created purchase orders and authorisation limits – so we could stop people doing naff things :). And of course a $40 a month subscription site (or even $4000 a month subscription site) would probably fit under most people’s rules around authorisation limits :).
It will all be very interesting.
Thanks: Micheal Axelsen
Disclaimer: I am not a lawyer :).
Comments are closed.