December 21, 2007
Warning: This Post is Not About the Interesting Stuff
My Harvard colleague Larry Bouthillier commented on my previous post, which discussed the corporate Facebook application WorkBook recently released by WorkLight.
"Facebook integration like this is less scary than it may look at first glance. At the risk of getting a little too geeky 
, let me explain.
Facebook allows application developers to create their own apps that live inside an “iframe” within the Facebook site. Whatever a company does within that iframed space is entirely their own secure environment, and can even have its own intranet login process just like the company portal.
For example, in the application my team built for Harvard students to see and interact with their course schedules and classmates in Facebook, that application uses the standard Harvard intranet login process, runs on a secure (SSL/https) connection, interacts securely with the Harvard directory services (LDAP) and email services, and Facebook never sees any Harvard-specific data about the users whatsoever.
So, our app looks like Facebook’s screens—same styles, same way to display lists of people, same Facebook photos of users. But it’s all generated by us to look that way.
I suspect that WorkBook does something similar. The application does not live *inside* Facebook, it just appears that way. It just happens to sit inside a Facebook iframe, and uses a few handy conveniences Facebook makes available (such as access to Facebook photos, friend lists, and messaging).
Ultimately, it can be as secure (or insecure) as any other intranet application. "
Larry’s explanation is extremely helpful and illuminating. It also brings up two larger points that deserve emphasis. First is the distinction between technology deployments that are advanced and those that are powerful. As Larry points out, WorkBook is not terribly advanced; it’s not near the cutting edge of what can be done with Web applications, or any other aspect of IT.
For some, this makes it uninteresting. Lots of people who study technology are perennially attracted to that cutting edge: the fastest chip, the most complex algorithm, the largest cloud or grid of interlinked computers, the biggest simulation, the coolest use of AJAX, etc. These advances are often important and always newsworthy.
But from the perspective of an executive trying to run and improve a company, are they the most powerful ones? Put another way, how many pressing business problems can only be solved by the application of cutting edge computing? There are some such problems, to be sure, but my guess is that they’re confined to small parts of relatively few companies in a small number of industries. Most of the jobs, business processes, and organizations I know well wouldn’t benefit tremendously if all their computers suddenly became twice as fast. They’d gain a lot more from basic data standardization, systems integration, workflow, or social networking.
Let’s make this more concrete with a thought experiment. From which technology deployment would Merck benefit more: Facebook and WorkBook to all employees, or the most sophisticated hardware and software for drug discovery across all its labs? I don’t raise this question to dismiss it as a no-brainer—a good argument could be made for either choice.
But my money’s on the unsophisticated digital social glue. I think it’s telling that despite the huge amounts of money pharma and biotech companies have poured into advanced computing in recent years, big pharma’s drug pipeline is in the worst shape in recent memory. As James Surowiecki points out in a recent New Yorker column, "The number of “new molecular entities”—drugs not yet introduced in the United States in any form—approved annually by the F.D.A. has fallen by sixty per cent since 1996, and new drug applications have dropped nearly forty per cent." It’s naive to think that Enterprise 2.0 tools and approaches alone will open up the floodgates --- Surowiecki states that" ‘diseconomies’ of scale: inertia, bureaucracy, risk aversion, clock-watching, [and] office politics" are the major factors drying up the pipeline—but I think these simple but powerful technologies would have a larger impact than all the new workstations money can buy. Do you agree?
The second point arising from Larry’s comment is the ever-increasing ease of integrating applications and data. There are many labels associated with this trend, including ’mashups,’ ’Service-Oriented Architecture,’ ’Web Services,’ etc., but they’re all describing the same happy process: the fact that it’s getting easier and faster over time to combine two or more formerly separate systems to yield something valuable.
I was talking the other day John Bruce and Eric Shurr of the enterprise social media company Awareness Networks (I have no financial interest of any kind in Awareness, and have had no commercial dealings with the company). They said that it now takes Awareness a matter of weeks to fully deploy their hosted platform at a customer, and to integrate it with whatever security and authentication infrastructure is already in place. I asked them how long it would have taken them to do the same work five or six years ago. John, who worked extensively in security before joining Awareness, told me it would have required several months.
Some foresee that the day will soon come when it’s so easy to integrate systems that the systems will do it themselves. This is part of some visions of the ’Semantic Web.’ I have grave doubts that this will ever happen outside labs and other tightly controlled environments, but that’s a topic for another post. For now, it suffices to highlight and applaud the fact that it’s getting much easier to get computers to talk to each other. As the examples of WorkBook and the scads of other Facebook applications show, this delivers benefits to all of us IT consumers.
December 19, 2007
WorkBook: Getting Facebook Ready for Work
I’ve written a few times here about Facebook— how it’s a potentially powerful tool for maintaining and supporting a network of weak ties, how it fits in with other E2.0 tools, and how at least one company is now using Facebook as its Intranet. Several commenters reacted to this final post with security concerns. Bill Benac’s critique was perhaps the most forceful:
"There’s a major security issue with using a public site such as Facebook as a company intranet in that most if its traffic (though not login) is trasmitted in cleartext over HTTP. It’s relatively easy to snoop that data. Companies usually require secure VPN for remote access to the intranet so this problem is avoided...
Facebook is not a viable solution for mainline companies. Let them retool their offering for the corporation if that’s what people are interested in (e.g. give companies their own url such as https://myco.facebook.com, let the corporate administrator manage who can log in, let the corporate admin manage who they can be friends with, what applications they can add, what types of information can get into their news feed, offer a SecureID feature, etc.). Until then, serious companies should stay away."
I’ve heard similar reactions from many line and IT executives when discussing social networking software (SNS) and the strength of weak ties. They realize the potential of SNS, they know that many people in their companies use and love Facebook, and they sense that they’d fall short if they tried to build their own social networking tool from scratch, but they can’t see a way to make the Internet’s current SNS OK for the enterprise. The risks identified by Benac are just too high.
When Facebook opened up its platform and data to outside developers early this year, I predicted that applications built specifically for enterprise would soon arrive. Yesterday, Worklight‘s David Lavenda stopped by my office to show me one (I have no financial interest of any kind in Worklight, and have had no commercial dealings with the company).
Worklight sells a server + software combination that sits behind the firewall, takes data from all manner of legacy enterprise applications (ERP, CRM, HR, etc.), and serves that data out "Web 2.0-style" to those who are authorized to see it (according to the company’s existing policies). Web 2.0-style here means via RSS, Ajax, widgets, mashups, IM, etc. And now Facebook.
In a quick demo, Lavenda opened up his standard public Facebook profile, then launched WorkBook (Worklight’s offering) just like he’d launch any other Facebook application. After he logged in, a separate section opened up within the profile. This section was devoted to the user’s employer— let’s call it Lavendaco. Inside this section were a number of standard Facebook features— friends, groups, Q&A, profiles, etc.—presented using the standard Facebook UI. But the data populating each of these were specific to Lavendaco, came from the Worklight server installed at Lavendaco, were encrypted as they travelled across the Internet, and did not pass through Facebook servers. A short description and screenshot of WorkBook in action are here.
I haven’t experimented with WorkBook myself and I haven’t talked yet with any of its corporate customers, so I can’t personally vouch for its features or robustness. But if it works as advertised it seems like a very smart approach to corporate SNS. I particularly like the approach of not reinventing the wheel by trying to build a tool that’s "just as good as Facebook." Instead, WorkBook is Facebook. It lets people continue to use this incredibly popular technology and leverages the investments Facebook has made in delivering a compelling interface and user experience. Lavenda said that Worklight considers Facebook just another "Web 2.0" style delivery vehicle for enterprise data. If OpenSocial or another SNS becomes popular in the future, Worklight will build tools for that platform as well.
I asked Lavenda how Worklight got its initial set of customers for WorkBook, and he replied that the impetus typically came straight from the top. He said that the CEOs of these companies were well aware that Facebook networks and groups existed for their company, and wanted to take advantage of them rather than attempt to squelch them.
This corresponds well with what I’ve observed. The line executives I’ve talked with have been eager to harness the power of social networks and technologies that let knowledge workers maintain and exploit weak ties. To date they’ve felt that security concerns prevent them from doing so, but this situation may be changing rapidly thanks to advances like WorkBook.
Leave a comment and tell us what you think. If WorkBook works as advertised, does it allay your security concerns related to enterprise SNS?
December 15, 2007
People, Computers, and People People
I spent half a day recently talking about Enterprise 2.0 with a group of senior human resources managers from very large organizations. I took away two broad impressions from the session, of which one was unanticipated and encouraging while the other was less surprising and less optimistic.
First, the good news: these executives were sincerely enthusiastic about E2.0, more so than I expected them to be. After many years of teaching senior managers, one thing I’ve noticed is that when confronted with a new phenomenon many of them respond by immediately and reflexively engaging in risk analysis and mitigation. This does not mean that they’re unimaginative pessimists, or that climbing the corporate ladder has drummed all the joy and sense of possibility out of them. It simply means that part of job is to anticipate negative outcomes within their areas of responsibility and take reasonable steps to prevent them from occurring.
IT executives see all the bad things computers can do, and all the bad things that can be done to them, and get paid in part to make sure these things don’t happen. When I talk with CIOs I’m always struck by how quickly they focus on the security concerns related to E2.0, and how many seem to feel that the benefits won’t be worth the risks.
HR executives see all the bad things people can do, so I was expecting them to have a similarly cautious reaction to E2.0 (which is a concept at the intersection of people and computers). Instead, I found the group to be truly excited about the possibilities offered by emergent social software platforms. I got the strong impression that for these people phrases like ‘engaging the workforce’ and ‘our people are our most valuable asset’ are not corporate boilerplate; they are instead words that guide the work of HR leaders.
I asked the group to talk about the risks associated with E2.0, and they quickly brought up the concern of sensitive information jumping over the firewall. Then they stopped, and waited politely for me to move on to the next topic. Instead, I pressed them to think harder, and to imagine employees in their companies using the new platforms to harass coworkers, post hate speech or porn, rant about their bosses, etc. And the response I heard back was essentially "We suppose those things could happen, and to some extent they probably will, but we’re not that concerned about them." This group of HR executives, in other words, seemed very comfortable trusting their companies’ employees to do the right thing with E2.0 tools.
One of the participants related a telling anecdote. Her company employs a lot of young people, and became concerned a while back how the company was being discussed and represented in their blogs, MySpace pages, Facebook profiles, etc. So she and some colleagues decided to go look at all these environments. She learned that a lot of the young employees mentioned their company as part of their digital identity, and that they virtually always did so in appropriate ways. She said that the worst thing she found, after a lot of looking around, was a photo of a training session in which account numbers were visible on a blackboard. It turned out that they were dummy account numbers and that the person who posted the photo, when made aware of the concern, immediately apologized and took it down.
I’m still not quite sure why the people people were more optimistic about E2.0 than the computer people have been. I suspect it has something to do with the fact that employees can learn over time and evolve their behavior, while computers can’t. As a result, the workforce needs less constant babysitting and can be trusted much more than the IT infrastructure.
The pessimistic-yet-expected conclusion from the session is that many large organizations are not yet ready to embrace the deep lateralization that comes with Web 2.0 and Enterprise 2.0. Lateralization here means letting parties interact, communicate, and share information directly with each other without a lot of built-in filtering or moderation. The HR executives uniformly felt that their companies would not allow their websites to include a ‘community’ section where customers could hold discussions, post issues, and help each other find solutions. "Our lawyers / compliance officers / CEO would never allow it" was the common conclusion. When we brought up the fact that the same customers are surely interacting with each other somewhere on the Internet the imagined retort from the lawyers / compliance officers / CEO was "Fine. But at least they’re not doing in within our domain name, so we can’t be perceived as giving tacit or explicit acknowledgment of the problems being discussed."
There’s a lot of evidence that community forums cut costs, save time, and increase customer satisfaction. But the deeply conservative attitude toward lateralization I wrote about a while back still seems to predominate. The question I wasn’t astute enough to ask the HR executives was "Do your companies have differing attitudes toward external vs. internal lateralization? You say it wouldn’t fly to allow customers to talk directly with each other on the corporate Web site. Will it fly to let employees do the same on the corporate Intranet?"
So let’s throw this question open. Please leave a comment and tell us what you think: are the companies you know well more comfortable with lateralization on the Intranet than on the public Web site? If so, why do you think this is? Or are they equally comfortable / uncomfortable with both? Finally, what will it take to increase corporate comfort at both levels, and to accelerate Enterprise 2.0?
December 05, 2007
Facebook on the Intranet? No -- Facebook AS the Intranet.
Bill Ives, who posts at the FastForward blog and also writes the excellent Portals and KM, has just informed us that "Serena Has Adopted Facebook as their Intranet." Ives’s post talks both about how and why Serena Software made this leap, and is the kind of blogging that inspires hard thinking. You should go read it, now.
When I wrote about the business value of social networking software like Facebook here and here I did not envision that it could be a viable foundation for a corporate Intranet (whatever that word means these days). Which illustrates, I guess, the difference in imagination between technology entrepreneurs and technology academics.
Large portions of the Intranet of Avenue A | Razorfish, a company of more than 1000 people, are built on MediaWiki‘s open source code. Serena, a company of 800 people with operations in 18 countries, now uses Facebook for its Intranet. I’ll bet than in both cases users were happier with the 2.0 versions than with their predecessors. And I’d be astonished if the new versions weren’t much cheaper than the old.
So what are the good reasons for continuing to invest in and forge ahead with 1.0 Intranets? This is a serious question, and I’d love to hear people’s experiences and opinions. It’s hard to argue that software foundations like MediaWiki and Facebook won’t scale. So are they lacking in some important functionality? If so, both platforms are extensible by developers. Are companies afraid that externally maintained and hosted software like Facebook will suddenly go dark, or that its managers will decide to change it in such a way as to make it useless for corporate purposes? This is plausible, but the same caution, as far as I can tell, should apply to all software as a service offerings.
Is it security? If so, could you please be as specific as possible about the nature of the security concerns? I hear that word used pretty frequently by people who advocate caution or skepticism with Enterprise 2.0 tools and approaches, but when I probe I often find nothing more than general unease. I have a hard time thinking of organizations with deeper and more legitimate security concerns than the CIA, FBI, ONI, DIA, and other entities now grouped under the Directorate of National Intelligence (DNI). Yet they’ve all deployed MediaWiki, blogging software, tagging software, and Google search as part of Intellipedia. If the DNI thinks the benefits of Enterprise 2.0 outweigh the costs and risks, including security risks, shouldn’t the rest of us feel a lot calmer about using these tools? And shouldn’t we take a good hard look at the popular and cheap platforms now available?
