Posts
Governments around the world are struggling to manage the dual challenges of maintaining IT security while also enabling their staff to do their jobs in a digital world.
The Australian government has endorsed social media engagement by staff in its Open Government Declaration, stating that;
Agencies are to reduce barriers to online engagement, undertake social networking, crowd sourcing and online collaboration projects and support online engagement by employees, in accordance with the Australian Public Service Commission Guidelines.Meeting this remains a challenge in many agencies. It takes time to assess services, mitigate risks, adjust processes and policies and train staff.
This week we've seen just how hard this balance can be - with one large Australian Government department cutting about 700 staff off from an online service experiencing very rapid growth.
The service was Yammer, a social media network designed to be used within enterprises.
Yammer allows organisations to establish an internal network allowing micro-blogging (like Twitter, but for staff only), file sharing, direct messaging and communities - with every message stored and searchable for knowledge management and security purposes. It supports tagging, integration with third-party applications and has a strong security focus - if Yammer's messages were not secure it would not have a business.
Over 100,000 organisations use Yammer, including large internationals such as Deloittes and Cisco. At least 39 US government agencies are signed up to use the service via Apps.gov and the Flemish government in Belgium uses it as well.
Closer to home the service is in use, to my knowledge, in QLD, NSW and Victorian governments as well as at Federal levels.
Examples include the Victorian Department of Justice, with over 550 members on Yammer as of May 2010. The NSW Department of Education and Training uses Yammer and established a community for teachers to provide feedback on the Australian Curriculum. Queensland Transport has apparently been astounded at the rapid growth of the service amongst staff.
Federally, I'm aware of use of the service in at least six agencies on a trial or active basis.
However Yammer, and other social media services, still face enormous challenges gaining IT acceptance.
In the federal department mentioned above (with 700 or more users, including senior managers), the growth of the service was extremely rapid. Presumably this is because it provided functionality that staff could productively use in their jobs.
However, after a short consideration, the service was banned and blocked from the department. I've heard several versions of why this occurred, with the most common view being that introduction had not followed the correct process and usage was growing too fast to be manageable.
The use of social media in a number of other agencies remains strictly controlled or blocked altogether. I am aware of several other agencies who have been threatened with or had to shut down trials of services such as Yammer due to ICT security concerns.
Security concerns are real. So is the value of online services to government employees.
Where an online service is adopted very quickly it has clearly met a staff need that existing ICT services do not.
However it also poses a fast growing challenge for security people, who must ensure that an agency's network remains secure.
How do we balance these needs to secure organisational networks while empowering staff?
This quandary places senior management in a difficult position. If they take a straight 'block' approach to online services they could face employee dissatisfaction and diminished productivity. If they take an 'allow' approach, they could see networks compromised, data lost or stolen.
With new highly useful online services emerging almost every month, senior management need to educate themselves on the potential risks and benefits and make the most appropriate decisions quickly.
Staff need to be supported with appropriate guidance on how and where to use online collaboration tools.
Sharing information between agencies more actively would also help build a base of experience in the secure management and effective use of online services.
It would also be very beneficial to have centrally secured and approved services through a platform such as apps.gov to help mitigate individual agency risks.
However ultimately ICT security and business areas need to work very closely together, having open and frank discussions to build a mutual understanding of the concerns and benefits surrounding online tools.
