Web 2.0 popularity is growing. In just a few years, Web 2.0 went from being a buzzword to a business practice. In this video transcription, Gil Yehuda, senior analyst at Forrester Research Inc., discusses how Web 2.0 fits into the midmarket, highlighting benefits and answering common concerns.
What is Web 2.0?
Yehuda: So Web 2.0 is an interesting concept; it's kind of an expansive concept. And what we're finding is that a lot of IT professionals are fairly aware of what it is. We frame Web 2.0, the concept, in sort of three lenses:
One are the underlying technologies that you can use to build a Web 2.0 application: things like Flash, Flex, XML Web Services, sometimes -- the microformats that enable developers to create those applications. Developers see Web 2.0 in that way.
Most users, however, see the applications that they use: wikis, forums and blogs. RSS feeds. Social bookmarks, like tagging, or social networks, like MySpace or LinkedIn.
But then there's this other layer, around that. Sort of a third lens that we use. And those are all the concepts around what makes Web 2.0 different from the computing environments that we've been familiar with on the Web, before Web 2.0. And that's this use of user-generated content: using computing for social interaction. So we're no longer using the computer to find information that's out there, but to connect to people who are out there that might have more information for us.
And we're also using it to share our information. This democratization of information kind of changes the way the Internet kind of behaves. And that whole concept, along with a bunch of really cool tools and interactive technologies? That two-way use of the Web? That's what's typically referred to as Web 2.0. It's a buzzword. But it's a buzzword that most of us are pretty familiar with.
What are the benefits to a midmarket business?
Yehuda: It's pretty interesting: One of the things that we're seeing different in the Web 2.0 world then we've seen sort of traditionally, over many years of the Industrial Revolution -- the Industrial Age -- is that businesses are looking at the consumer landscape and saying, "Wow, there's some pretty cool things out there. We oughtta learn about those."
Twenty years ago, when employees had email addresses they would go home and say "I have this really cool thing at work: It's called email. I have this computer at work. It's very powerful." Now what we're finding in the consumer landscape is that people have greater compute power and greater access to information at home, in many cases, than in their workplace. And workplaces are looking at the Internet and saying, "There's a tremendous amount of success out there, in its ability to collaborate and create information and create solutions, because of the volume of people and the way that the Web is being used. We'd love to have that here in the company, too. We'd like to be able to tap into that for marketing, to promote ourselves onto that channel. And also to use those technologies for our own collaborative efforts. To bring people together within the organization, that might not even know, you know, who each other are, but oughtta be working together.
What is the benefit of blogging for a midmarket organization?
Yehuda: In the world of blogging, there's, from the perspective of the corporation, really sort of two directions of blogging: There's external blogging, or corporate blogging, where a corporation presents itself to the world and says "Here's who I am. And I am going to present myself in sort of a personal, casual way through my corporate blog."
But then there's this whole world of internal blogging. People within a corporation need to communicate, also. And email doesn't work for everything -- even though we seem to use it for everything, it just doesn't work. Blogging provides us with another way to communicate to people, and in some cases in a much better way than email. You can discover it with an RSS feed. In many cases you have people who are always being called upon to answer the same question: "How do I submit an expense report?" Don't send me an email every week telling me how I submit an expense report. Just blog it somewhere; I'll find it. And then I can comment on it. So if I have an issue, I can publicly comment, a question. Somebody else might be able to respond, and I can connect on a blog.
It's a great way for thought leaders to present themselves in an organization, and to use a different channel other than our very overburdened email. So it does provide value to organizations that want to use, and that need to use, that kind of communication channel.
Of course, you don't want all your employees blogging all day. I mean, they're supposed to be doing their work. So we're not looking at blogging as an activity, "We want you to blog." We want you to do your work. And we want to give you tools to do your work. We gave you a telephone, and an email address and a conference room. And sometimes, you need something else, too. A blog is one of those other tools that communicators -- corporate communications, enterprise architects, CIOs and CEOs -- who need to communicate within their organizations can use to get that kind of engagement.
What concerns do companies have for Web 2.0 technologies?
Yehuda: The typical issue that people have with email: The new employee or the intern that comes to work for a company one summer, and gets the email that was sent to the entire company, and then blasts their reply all to the entire company, and looks like a fool.
Blogs are basically that activity, right? You're expressing something that everyone can see, right. It's public within that sphere. So if it's external on the Internet, everyone on the Internet can see. And if it's internal within your company, everybody with access to that server -- all of your employees -- can see. So you're communicating publicly. That raises two issues:
One, are you sure you want everyone to be able to see what you have to say? Are you sure you're not slamming anyone in the company or making them look bad? Most companies don't take well to that. Companies aren't democracies; we're not here for free speech. We're here to get work done. To make money.
But then there's the question of: Well if everyone can see it, why would anyone read it. Like, why would anyone read what I have to say? Is it really valuable to them. And when you put that lens on it and you say, "Oh, if I'm going to blog, I'm going to make sure that it's something very valuable, and something that everyone can read, then you can overcome some of the concerns that you have with, you know, frivolity. You know, we're not going to be blogging about celebrities or politics at work -- it's just not work appropriate. But we might be blogging about status of a project that we want everyone to know. And we don't want to tell you by email. We don't want to clog your email. We just want to inform you. Or to promote a corporate service that you might want to be aware of. Or just share opinions and maybe get feedback on some interesting ideas that can change something in the company for the better.
So if kept purposeful, many of the issues could be managed. One bad mistake? One bad blog? That can cause people to be concerned about the whole activity. So blog carefully, but you know, find out if it's valuable for your company to do. Many companies we've spoken to are using internal blogs, and are finding it valuable in certain, limited areas.
What Web 2.0 security issues should companies be aware of?
Yehuda: Web 2.0 poses a whole bunch of security concerns at many layers. At that sort of low-level, the enabling technology layer, where you're building Web 2.0-based applications with some of these new technologies, like Flash or Flex and Ajax, you have security concerns about how well these applications are built.
In many cases, these are consumer applications that are built for popular use. Enterprises typically require a stronger kind of application. If Facebook goes down for five minutes? Most people aren't going to lose a lot of money. But if your internal trading system goes down for five minutes and you can't trade stocks, you know if you're a broker or whatnot, that's a real problem.
So there are challenges at the technology level, and there are challenges at the application-robustness level. Do they have the administrative capabilities, and the measuring and monitoring control capabilities that enterprises are used to? In many cases, not yet, right.
But then there's this whole information leakage issue. Web 2.0 tells people, share everything. Tell me about yourself. I want to see your pictures and your videos. I want to know who your friends are, I want to know what you did. And users are doing that; they're sharing a whole bunch of information, questions and connections. And companies are concerned: Are you sharing information about us? Are you promoting our reputation? Are you asking a question on a forum that discloses some project that we're working on? Maybe you're sharing too much information.
So information security professionals have to be involved with the deployment of Web 2.0 within companies. And that doesn't mean to stop Web 2.0 from happening -- I don't think they can. I think it means that they need to express their concerns and be involved with the rollout. To participate in the use of Web 2.0 technologies themselves. To understand how they're being used, and to be visible on those channels -- in the wikis, in the forums, in the blogs, so that people see, yes, I have to keep this business purposeful. I can't disclose intellectual property, customer trial data, Social Security numbers, proprietary code. I can't disclose that on an open forum. Maybe I need to sanitize the question because it's public.
And with that, when doing that, companies can succeed with Web 2.0. But they do have to address those kinds of security concerns -- technical security, as well as information disclosure security issues.
Is it time for midmarket companies to embrace Web 2.0?
Yehuda: You know, there are probably a small percentage of companies out there that will live without Web 2.0. But the vast majority? I think it's fairly inevitable. Here's why:
About 12 years ago, I remember when this thing called the Netscape browser came out, and we were all looking at the browser, and the information security folks were saying, "Do we really want to roll this out? Do we really want people to be browsing the Internet during work? I mean, there's all these things on the Internet that aren't really work appropriate. No browsers." And then, you know, they were ignored, and browsers were rolled out. And 10 years later, the information security folks were saying, "Couldn't we roll out these thin-client desktops? We don't like these PCs with Microsoft operating systems on them, and we're not really sure that we can secure and protect all the viruses. What if we had these thin-client desktops that only had a browser on it." Wow. So we've come a long way in those 10 years.
Now, those thin-client desktops aren't being rolled out pervasively. But they're part of the corporate landscape. So the browser that we were afraid of is still the main target of most attacks, right? Most attack factors still use the browser. But we're no longer saying "no browsers." In fact, we're embracing it and saying, yeah. We have a world that connects to the Internet. But we need to do our business securely. And I think Web 2.0 follows the same pattern: It's not going to go away. What we're going to find, though, is that the way we use the Internet and the way we use the intranet with these tools -- and future tools -- are going to have to be done securely.
So in 10 years from now? I think we'll see pervasive use of these technologies, and hopefully, in very secure and purposeful ways.