Blogs

As organizations increasingly look toward social technologies to improve the user experience within enterprise collaboration management (ECM) platforms, we need to not forgot one of the primary reasons we have these ECM platforms in the first place: their document-centric capabilities with role-based security features. Most organizations go to great lengths to ensure only the right people have access to certain content, and that the content adheres to sometimes very strict industry and regulatory standards. Unfortunately, the leading social tools do not always comply with these strong governance, reporting and compliance standards, and organizations must take steps (sometimes very manual steps) to mitigate any risks.

Historically, Microsoft has a strong record of mitigating security risks. In fact, as most cloud-based competitors have focused on rapid innovation. With the acquisition of Yammer and restructuring and realignment of product, engineering, and marketing organizations under the "one Microsoft" banner, changes to how the company develops software and services has been rather dramatic, beginning with their move from a 3 year (at best) release schedule to quarterly, monthly, and in some cases even weekly releases of its cloud-based offerings, with a regular cadence for major on premises features still being refined. But as for the governance and security concerns, its only a matter of time before Microsoft closes those gaps -- either directly, or with the help of its partner ecosystem.

From a SharePoint social perspective, you still have the benefit of sitting behind the SharePoint security model -- however with Yammer, things are more limited. Security happens at two levels: access to the network, and access to the private group. And if you happen to be a paid Yammer user with the ability to push content from SharePoint to your corporate Yammer environment, be aware that you may have content moving from a secure space in SharePoint to a less secure location within Yammer -- and there is no real visibility into what was moved, who moved it, and what happened to it after it was moved. That's the gap today. As we approach the 2-year anniversary of the Yammer acquisition, the partner ecosystem has still not improved on this gap by much, with some vendors providing analytics and reporting capabilities, and at best some basic alerting and whitelisting capabilities.

While there are some out-of-the-box metrics and reports, the best Microsoft can offer today for on prem SharePoint social customers is the ability to dig into the change logs and other social activities through the various content databases and User Profile Social Database. Just be aware that, for the most part, you are on your own, and the story of working across SharePoint and Yammer is incomplete within the current versions. This is a rapidly changing discussion -- but the key is to be aware of your own security, compliance, and governance requirements, and understand (and mitigate) the risks inherent with social collaboration.

For now, your best defense is end user training, helping end users to understand the process and limitations of security within your chosen social collaboration toolset. Another option is to let the community police the social platforms. People tend to come up to speed very quickly, and correct each other when, for example, someone shares a secure document in Yammer that should be in a secure area within SharePoint, sharing a link rather than uploading content (which may also be duplicating the content).

Overall, many companies are finding that the value they receive through social collaboration is greater than the risks of working without some of the security and governance safeguards.