Alice Wang awang@burtongroup Mike Gotta mgotta@burtongroup mikeg.typepad

1. Leveraging Relationships and Managing Identity – Two Sides of the Social Networking Coin29 September 2009 Alice Wang awang@burtongroup.com Mike Gotta mgotta@burtongroup.com mikeg.typepad.com

2. Two Sides Of The Social Networking Coin +1-234-567-9012 zxcvbcvxvxcccb@bah.com zxcvxvxcccb +1-234-567-9012 zxcvbcvxvxcccb@bah.com Source: Booz Allen Hamilton

3. Two Sides Of The Social Networking Coin • Benefits expected from social tools and applications • Connect people internally and externally • Break down organizational barriers and information silos • Promote employee innovation • Address generational shifts; meet technology expectations of younger workers • Support strategic talent and learning initiatives However – open and transparent environments can raise identity and security concerns

4. Use Case #1: Social Network Site Trusted Identity Sources HRMS Directory Other Systems-of-Record +1-234-567-9012 zxcvbcvxvxcccb@bah.com zxcvxvxcccb +1-234-567-9012 zxcvbcvxvxcccb@bah.com Enterprise Identity

5. Use Case #1: Social Network Site +1-234-567-9012 zxcvbcvxvxcccb@bah.com zxcvxvxcccb +1-234-567-9012 zxcvbcvxvxcccb@bah.com PersonalClaims Internal Social Identity

6. Use Case #2: Profile Proliferation • A single profile? Multiple profiles? Federated profiles? Women Returning To Work After Extended Leave Employee Profile #2 Employee Profile #3 Gay & Lesbian Community Professional Exchange of Best Practices Employee Profile #4

7. Use Case #3: Activity Streams & Profiles • Over-sharing via social conversation and community actions Employee Profile Jane Doe: Joined Community: “Women Supporting Women” John Doe: “Working on a big M&A deal,need to work late tonight… stay tuned!” Fred Smith: &#%^%$* we just lost the Company ABC account… Jane Doe: Joined Community: “Gay & Lesbian Employees Outreach” Betty Smith: @Bob Jones That patientID number is 123456789 Bob Jones: @SamJ I’ve changed the access controls so you can get into the workspace “Women Supporting Women” Automatic posting of community actions “Gay & Lesbian Employees” Outreach Activity streams & “Enterprise Twitter” messages

8. Use Case #4: First Comes Aggregation +1-234-567-9012 zxcvbcvxvxcccb@bah.com zxcvxvxcccb +1-234-567-9012 zxcvbcvxvxcccb@bah.com PersonalClaims External Social Identities

9. Use Case #4: Followed By Correlation • Is it me? How much is being shared? Under what controls? Profile Status Message Activities Photos Profile Groups Contacts Profile Following / Followers “Tweets” My politics My groups My music My friends Unification of an employee’s social structures Enterprise Identity Enterprise “Social Identity” “TheCitizenMe” “TheWorkMe”

10. Use Case #5: Leveraging Consumer Tools Enterprise roles and identities can collide with personal use of social media “TheCitizenMe” “TheEmployeeMe”

11. Use Case #6: Enterprise Roles Trusted Identity Sources HRMS Directory Other Systems-of-Record Authentication, Authorization, Provisioning, RBAC, etc. Role Sources +1-234-567-9012 zxcvbcvxvxcccb@bah.com Role Management Applications Business ProcessManagement (BPM) Systems Enterprise Portals zxcvxvxcccb +1-234-567-9012 zxcvbcvxvxcccb@bah.com • My Roles • IT Architect • SME on “ABC” • Approver for access to “XYZ” • Certified on “123” Enterprise Roles

12. Use Case #6: Emergence Of “Social Roles” Social Roles “Answer Person” “Wiki Gardener” “Idea Person” “News Filter” Social Role Attributes Social Data Aggregation & Correlation Social Network Analysis

13. Use Case #7: Analyzing Relationships • Social analytics • Assess, correlate, and visualize relationship structures • Within the enterprise, discovery of latent connections most valuable • Evolution of tool capabilities can discover too much information on organizational structures, activities, and relationships Needs to figure out how to help a company deal with export / import regulations in country XYZ Members Of Investigation Unit Node 8 To Node 10 To Node 14 To Node 15 Has dealt with import / export problems in country XYZ for years in past job role Source: Telligent

14. Awareness & Management Of Risks • Use Case concerns relevant to identity and security teams • Profiles And Profiling • Credibility of profile and social claims • Possible bias against employees by co-workers based on race, diversity, affiliation information made open and transparent via social media tools • Information Security • Intellectual property, compliance, e-Discovery, monitoring… • Aggregation / correlation capabilities • Data management and data integration (profiles, roles, etc) • Privacy • Adherence to regulatory statutes, level of employee controls, possible stalking situations (hostile workplace) • Social Network Analysis • Makes relationships visible that perhaps should not (“connecting the dots”) • May lead to “befriend / defraud” situations, social engineering

15. Recommendations • Moving forward with social media and social networking efforts • Social media and social networking are strategic initiatives that are here to stay – saying “no” is not the right approach • A decision-making framework and governance model is an essential component of any strategy • Policies and procedures need to focus on the human element and avoid technology as a panacea • Identity and security objectives need to be viewed on the same level as desires for openness and transparency • IT teams that should be viewed as key stakeholders in social media and social networking strategies include: • Groups responsible for collaboration and community efforts • Identity management and security groups • Information management and data analysis groups

16. Q&A