Social Networking and IT

With today's popularity of social networking, there are many cautionary issues to concern IT leaders. From a management perspective, simply using any social networking tool to communicate with employees, either personally or professionally, can increase the risk of law suits. Click here to see an informative article that discusses the employee litigation risks that any manager may face in the use of social networking tools in conjunction with employees under their authority. Beyond the concerns any manager should have, IT leaders must give the risks associated with social networking special concern. While many organizations are reaping the benefits of using social networking technologies to reach customer and partner communities as well as to foster innovation, learning, and collaboration internally, little focus has been paid to managing, through technology and process, the associated risks.

Such risks include:

• increased exposure of company and trade secrets
• increased risk of non-compliance with confidentiality and privacy laws
• increased risk of litigation from employees, partners, or customers for claims of unfair pratice based upon information obtained through social networking

For some time, organizations have invested in content management security to reduce risk of confidential content being exposed in inadvertant or intentional emails or web posts. Little of this technology has matured to focus on social networking technology, but it's starting to. As an IT leader, this area should be one of your top 10 concerns in the months and years to come. It is not a question of 'if' but 'when' an incident involving social networking technology will have a negative impact for your company.

IT Governance

Information Technology Governance is a topic that IT managers at smaller (and even larger) organizations seldom address as it often seems unneccessarily complicated. Governance is nothing more than defining your operational processes to get them out of people's heads and into a form where the knowledge can be transferred to new or replacement staff. This is your first step.

Once you have even a few basic operational tasks definined you can begin to establish baseline metrics around the performance of those processes and then analyze the data for trends going in the right direction to build upon or trends going in the wrong direction to remediate.

Identity Management and MA Law

Information Technology organizations in Massachusetts face an added task - compliance with MA state law 201 CMR 17. What this translates into is ensuring encryption and appropriate privacy controls around personal identifying information. While the law primarily focuses on identifying information such as social security numbers or credit card numbers, savvy IT managers will use this as an opportunity to review identity data in their organizations for general improvements in security and confidentiality. This law was originally slated to go into effect on January 1, 2009. This deadline was later extended to May 1, 2009 (see press release) and in early February, extended again to January 1, 2010 (see press release). Click here to see the amended regulation with the revised deadline.

Helpful Links:

201 CMR 17 FAQ

201 CMR 17 Checklist

IT Performance Management

Performance Management is the mechanism to drive continual improvement in your IT organization. To know whether actions you take as a manager have the impact you believe they will, you need to have some measurement of your current state and periodic measurements to assess changes (good or bad) over time.

At its simplest, you need to establish an expected value and an actual value. In Project Management, the most common measurements of project execution performance are forecasted time line to actual time line; forecasted cost to actual cost; and forecasted FTE for actual FTE. In Capacity Planning, you may measure predicted rate of growth to actual growth rate for storage, servers, network bandwidth and so on. For software licensing compliance, you track the number of licenses you have purchased vs. actual instances installed.

This generalized model of a predicted value to an actual value can make for simple metrics development that can provide insight into trends in your IT organization.