Manage Learn to apply best practices and optimize your operations.

The new social media security: Smart policy architecture for CIOs

With intelligent policy architecture, social media security doesn't have to be a CIO nightmare.

John WeathingtonJohn Weathington

When most people hear the term social security, they think of retirement. As a forward-looking CIO, social security may have a different meaning -- the impact that social media has on your security policies. Most midmarket companies are still small enough to have a flexible, organic organizational structure and policy architecture. This is absolutely necessary to facilitate the necessary shifts you face in a competitive environment. It's also your primary advantage against larger, less-agile competitors. The drawback, however, comes from the security threats social media will present as the new generation moves into the workforce. Effective security policy management mandates that you have good process leadership and a strong policy architecture. While these are classic challenges for the CIO trying to stay flexible, they are imperative capabilities to build not only for your midmarket company's protection, but for its competitive advantage.

Social media security management in the Millennial generation

If you aren't bracing yourself for Generation Facebook to enter your workforce, you're making a huge mistake. This powerful generation is predicted to comprise more than half the workforce in the next two years. Not only are they responsible for the emergence of the social age by force of their own mass, they've also encouraged the previous generations and most likely the next generations, to continue the momentum. How many people do you know who are not on Facebook exchanging pictures and ideas? How many people do you know who haven't heard of Twitter, or don't have a cell phone with a data plan? All this was brought about by the 75 million Millennials already in the workforce.

How many people do you know who are not on Facebook exchanging pictures and ideas?

Generation Y brings an infectious culture of socialization. Although the word media usually follows social, it's really the social culture that becomes the bigger security concern. The media is just the technology that drives it. The social culture is one of sharing and trust in the community. It also drives consumerization of IT, BYOD, and a host of other security nightmares that are related to a culture which values methods and techniques that are outside the control of the company.

When considering the security implications this generation inevitably brings, most CIOs cringe -- which is exactly why you should use this as an opportunity to be competitive. Strategists are now embracing the idea of open innovation and other crowdsourced ways of collecting and organizing information. Building a competitive architecture around security policies within your IT governance allows you to at least embrace these ideas; however, to be distinctive or breakthrough in this area brings rewards that your competition cannot match.

Embracing social security policy management

Knowing the conceptual relationships between governance, risk, and compliance (GRC) is crucial support for constructing a policy architecture, specifically one that supports advanced policy management. Security policies fall into the governance area of this trio. Classic IT governance involves building rules that ensure IT is performing effectively. I invite you to take a slightly different perspective however, and think of IT governance as a way IT can support corporate governance. Security in the social media age means more than IT protecting the company from the dangers of social media. Instead, it's a robustness of policy architecture that enables advanced collaboration in the social age.

Our latest social media expert tips:

Why CIOs are doing social media all wrong

Social media leads to CIO career growth

CIO video on how internal social media supports business change

Yammer and other corporate social networking tools support corporate social networking trends

In this respect, IT governance builds the rules that keep everything in place, like the struts of a large building. Your governance policies are the rods and beams of your corporate strategy that ensure its ideal state. Stated another way, if all the social media security policies are adhered to, optimum collaboration is realized. Your security policies are only a subset of your social governance policies -- they shouldn't be considered in isolation. When considered holistically, security policy management serves a greater purpose.

Governance and risk go hand in hand. Governance, and the policies that fortify governance, helps identify the risks that should be mitigated, and risks help identify the governance that should be in place. When brainstorming on the coverage of your governance and risks, you can start from either place; I suggest you actively explore both. For instance, a key risk that social media invites is confidential information leaving the company, either maliciously or inadvertently. This has always been a risk for companies; however, the social age advances both its probability and impact, and reduces its detectability. In this new era, the social media security policy becomes as simple as "Nothing electronically marked as company confidential leaves the corporate firewall". Compliance would then be the procedures for enforcing this policy. All components work together.

Like the generations that preceded them, Generation Y will enter the workforce with their own way of doing things. Whether or not you choose to accept it, the social age is here. If you take this as an opportunity as opposed to a threat, it changes your whole perspective on the solution. Instead of protecting the company from danger, help the company succeed by building a strong policy architecture that supports social strategies. You can start today by assembling a small team to explore risks and adumbrate appropriate policy architecture. You may not be able to retire the way you want with the government's social security program, but at least your internal social security program will be solid.

John Weathington is president and CEO of Excellent Management Systems Inc., a San Francisco-based management consultancy. Write to him at

Dig Deeper on Small-business infrastructure and operations

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.