Web 2.0 technologies that support tools such as social networking sites, wikis and RSS feeds are quickly migrating from the consumer realm into the business world -- which means opportunities as well as challenges for CIOs, especially in the midmarket.
But there are ways to leverage Web 2.0 technology that support the business -- and you don't have to go big. It can be as simple as using a social networking site to find a vendor reference or using Microsoft SharePoint to support a wiki for 5,000 users.
Jeffrey T. Greenaway, CIO of Bargreen Ellingson Inc., needed to increase the data bandwidth at the food service supplier's headquarters in Tacoma, Wash., but he wasn't sure what the best solution would be. Then Greenaway saw an update from LinkedIn, the business social networking site. One of Greenaway's contacts had joined a fiber optic provider. The CIO contacted him for advice.
"I already knew him so we didn't have to go through so much of the 'Who are you? Can I trust you?' thing," Greenaway said. "We could just get down to, 'Is this a good fit?' We were able to get the solution in place much faster. It cut the time in at least half."
Gartner Inc. in Stamford, Conn., estimates that the size of the enterprise social software market will triple in five years, growing from $317.5 million in worldwide sales in 2007 to $939.4 million in 2012.
"Adoption is high, but a lot of it is rogue or under the radar," Gartner analyst Jeff Mann said. "The number of sanctioned, paid-for social networking projects isn't real high, but the number of people using these tools is."
The way companies adopt Web 2.0 tools differs with size. While large enterprises are deploying their own Web 2.0 applications to build internal communities, midmarket users tend to use the tools to jump corporate firewalls and interact with suppliers, partners and customers -- which raises security and compliance concerns for CIOs.
"A lot of messaging isn't audited and retrievable," noted John D. Halamka, CIO of both CareGroup Inc. in Boston and Harvard Medical School. "What do you do if an attorney requests records? Employees might find good ways to coordinate care but if we have servers at an external location with patient information, it could break the law with HIPA [the Health Information Privacy Act]." It's a matter of being able to own the data and audit access -- the sort of things you can't do if it goes outside the firewall to a third-party server.
Halamka said executives at the group are working to devise a Web 2.0 tools policy.
"The notion that you can ban social networking is unreasonable," he said. "The worst option is don't ask, don't tell, do what you will. That will get us into trouble. Information that's inappropriate will get posted. Another option is to come up with your own managed service, institutionalized IM system, audit and persist every message. But with a closed social network will there be a value proposition that people will use?"
In the meantime, Halamka said Web 2.0 tools are already contributing to business improvements. Last year, for example, one hospital in the group created a wiki forum open to all 5,000 employees to identify and solve problems.
Called the Spirit Portal, the project was created on a tight time frame and at low cost. Halamka originally looked at using Salesforce.com Inc.'s Software as a Service platform but needed tighter integration with existing applications.
The requirements: a toolkit that integrated with Active Directory for authentication; compatibility with all browsers/operating systems; and the ability to leverage the talents of existing developers.
He picked Windows SharePoint Services 3.0, which is integrated in Windows Server 2003 and didn't require additional licensing fees.
The portal went live after two weeks and since has been used to log and track about a thousand problems, including confusion over how nurses can reach the correct doctor for patients during periods of heavy admissions.
"It's very democratic," he said. "You can be the person cleaning the floors and you have access to the CEO. It's really been rapid cycle improvement. Everyone is engaged and informed. The challenge is it's too easy. Maybe sometimes you'd solve a problem by going through the normal business process, talking to your manager. It should be for solving problems that haven't been solved by traditional means."
By the time you get IT polices published, they're out of date.
Jeffrey T. Greenaway, CIO, Bargreen Ellingson Inc.
At Bargreen Ellingson, a $170 million business with 17 offices and 430 employees, CIO Greenaway said the company expects employees to use Web 2.0 tools "appropriately" but shies away from a detailed policy.
"By the time you get IT polices published, they're out of date," Greenaway said. "We're almost a little schizophrenic about it. We don't want people wasting time chatting with friends on Facebook, but as an organization we use YouTube to market some of the things we offer. It comes down to good judgment."
Just as he used LinkedIn to solicit advice from peers, Greenaway said he uses other social networking tools to research potential vendors and consultants.
"It gives me an idea of their stability and churn," he said. "If I'm looking at the organization and a ton of people move through in six months, that's a potential red flag. With consultants I vet their qualifications. How extensive is their support network, are they hoping from place to place?"
Greenaway also finds technical expertise beyond his own IT staff. Recently, for example, he wanted to add a security feature to corporate laptops. He reached out to his network and quickly learned that the idea would require custom written code.
"It made it a much quicker research process," he said. "The people responding aren't necessarily trying to sell me something, so I have a higher inherent trust. I'm impressed how willing people are to help out others just because they need help."
Michael Ybarra is a monthly columnist for SearchCIO-Midmarket.com and a former senior writer at CIO Decisions magazine. He is also the author of Washington Gone Crazy. Write to him at firstname.lastname@example.org.