Keeping HEROs safe

It's critical to empower employees. But here are four situations where you probably still have to say "no". Excerpt from Empowered: Unleash Your Employees, Energize Your Customers, Transform Your Business

By Josh Bernoff and Ted Schadler, Forrester

December 01, 2010 — CSO —

It's time to face the risks that lurk in the HERO-powered business.

Because employees, armed with the technologies of the groundswell, are not just powerful, they're dangerous. Like all powerful tools, these technologies carry risks.

What could go wrong?

For one thing, as Domino's Pizza found out in April of 2009, employees can upload videos to YouTube. In this case, it was two pizza makers stuffing cheese up their noses and performing other unspeakable acts on food that appeared destined for delivery to customers. No matter that the perpetrators eventually denied ever delivering unsanitary food, Domino's still suffered brand damage.

Your employees don't do that? What about the Sprint employee who posted details about the Palm Pre phone on a blog, violating a nondisclosure agreement?

And it's not just malicious employees. At Cisco, an employee posted a job opening, inadvertently revealing a change in strategic direction. At Microsoft, a product manager announced he was changing jobs, revealing the unannounced news that a product was being discontinued. And we haven't even gotten to security breaches. An employee at a global bank just told us that, unable to remember the passwords to the twelve corporate systems he used, he wrote them all down on a piece of paper taped to his laptop.

Employees are a danger to themselves and their companies because they use whatever technology they can get their hands on. This technology has potential risks. So how can you lock down technology to keep them from doing any of these things?

You can't.

There was a time years ago when IT security meant locking down your network and corporate databases, putting everything behind the drawbridge and moat that protect the corporate castle, and giving only authorized people the password. Secrets were safe. Well, mostly safe.

But now the communication tools are wherever your employees are. Responding to customers at the speed of the groundswell, HEROes in your company use email, instant messages, blogs, blog comments, Facebook, LinkedIn, Twitter, YouTube, Flickr, Skype,WebEx, Google Docs, YouSendIt, and hundreds of other sites and tools, more every day. They work, not just on corporate PCs, but on their own computers, iPhones, BlackBerry phones, and tablet PCs. As we saw in chapter 7, over 40 percent of information workers are provisioning their own technology. How are you supposed to lock all this down? One IT security professional described his job to us as "a world gone mad."

You can't protect things any more by locking down the network and password-protecting the databases. While IT was busy securing the network perimeter to keep secrets inside and intruders outside, the perimeter moved. It moved to wherever an employee is trying to work. It's as if you had built a giant fortress to protect your village from marauders only to wake up one morning and find that the villagers had moved all their houses into the fields beyond the safety of the fortress. They won't come back in where it's safe. It doesn't suit their needs. It makes getting things done too slow and it prevents them from working in the ways they need. They like it out in the fields.

• Print