2. Two Sides Of The Social Networking Coin 2
Why are we here…
• Use of social networking tools and applications to improve
information sharing and collaboration will transform how
organizations think about, and manage, identities
• Profiles, social graphs, and activity streams enable employees to
construct their own social identities across internal and external
constituencies
• Participation in social networks and community contributions
enable employees to establish their own social roles and
reputations
• However, what are the benefits, risks, and implications of more
open collaboration and transparent knowledge sharing on identity
management strategies
3. Two Sides Of The Social Networking Coin 3
+1-234-567-9012
zxcvbcvxvxcccb@bah.com
zxcvxvxcccb
+1-234-567-9012
zxcvbcvxvxcccb@bah.com
@
Source: Booz Allen Hamilton
4. Two Sides Of The Social Networking Coin 4
Benefits expected from social tools and applications
• Connect people internally and externally
• B k down organizationall b i and iinformation silos
Break d i ti barriers d f ti il
• Promote employee innovation
• Address generational shifts; meet technology expectations of
younger workers
• Support strategic talent and learning initiatives
However – open and transparent environments can raise identity
and security concerns
5. Use Case #1: Social Network Site 5
+1-234-567-9012
zxcvbcvxvxcccb@bah.com
zxcvxvxcccb
+1-234-567-9012
zxcvbcvxvxcccb@bah.com
Trusted Identity Sources
Enterprise Identity HRMS Directory Other Systems-of-Record
6. Use Case #1: Social Network Site 6
+1-234-567-9012
zxcvbcvxvxcccb@bah.com
zxcvxvxcccb
+1-234-567-9012
zxcvbcvxvxcccb@bah.com
Personal Internal Social Identity
Claims
7. Use Case #2: Profile Proliferation 7
A single profile? Multiple profiles? Federated profiles?
Women
Employee Women’s Returning To
Profile #2 Support Work After
Group Extended
Leave
Employee Internal Employee
Outreach
Profile “Facebook Profile #3
Network
Site”
Gay &
Professional Lesbian
Exchange of Community Community
Of Practice
Best Practices Employee
Profile #4
8. Use Case #3: Activity Streams & Profiles 8
Over-sharing via social conversation and community actions
Employee
p y
Profile
Jane Doe: Joined Community:
“Women Supporting Women” “Women Supporting Women”
John Doe: “W ki
J h D “Working on a big M&A d l
bi deal,
need to work late tonight… stay tuned!”
“Gay & Lesbian Employees”
Fred Smith: &#%^%$* we just lost the
Outreach Company ABC account…
Automatic
A t ti
posting of Jane Doe: Joined Community:
community “Gay & Lesbian Employees Outreach”
actions Betty Smith: @
y @Bob Jones That p
patient
ID number is 123456789
Activity streams & Bob Jones: @SamJ I’ve changed the access
controls so you can get into the workspace
Enterprise
“Enterprise
Twitter” messages
9. Use Case #4: First Comes Aggregation 9
+1-234-567-9012
zxcvbcvxvxcccb@bah.com
zxcvxvxcccb
+1-234-567-9012
zxcvbcvxvxcccb@bah.com
Personal External Social
Claims Identities
10. Use Case #4: Followed By Correlation 10
Is it me? How much is being shared? Under what controls?
Profile
Profile Status Message Profile
Groups Activities
A ti iti Following / Followers
Contacts Photos “Tweets”
Unification of an My politics
Enterprise Identity My g p
y groups
employee s
employee’s social
Enterprise “Social Identity” My music
structures
My friends
“The “The
Work Citizen
Me” Me”
11. Use Case #5: Leveraging Consumer Tools 11
Enterprise roles and
identities can collide
with personal use of
“The “The social media
Citizen Employee
Me” Me”
12. Use Case #6: Enterprise Roles 12
Trusted Id tit Sources
T t d Identity S
HRMS Directory Other Systems-of-Record
Role Sources
Authentication,
Authentication
+1-234-567-9012
zxcvbcvxvxcccb@bah.com Role Management
Authorization, Applications
Provisioning,
RBAC, etc. Business Process
zxcvxvxcccb
+1-234-567-9012 Management (BPM)
zxcvbcvxvxcccb@bah.com
Systems
My Roles
• IT Architect Enterprise Portals
• SME on “ABC”
• Approver for access to “XYZ”
• Certified on “123” Enterprise Roles
13. Use Case #6: Emergence Of “Social Roles” 13
“Answer P
“A Person”
” “Wiki G d
Gardener”
” “Idea Person”
“Id P ” “News Filt ”
“N Filter”
Social Role Social Data Aggregation & Social Network
Attributes Correlation Analysis
Social Roles
14. Use Case #6: Community Equity 14
From roles to reputation
• Reputation is as aspect of someone’s identity; need a social value system
based on social activities
• Analyze social data to derive community equity
• Aggregate social activities: edit, tag, bookmark, follow, comment, reply, post,
attach, subscribe join
attach subscribe, join…
• Correlate patterns: participation, contributions, skills, reputation, social graph
Skills
Contributions Reputation
Participation Community Equity Social Graph
15. Use Case #7: Analyzing Relationships 15
Social analytics
• Assess, correlate, and visualize relationship structures
• Di
Discovery of llatent connections most valuable
f t t ti t l bl
Needs to figure out
how to help a
company deal with
export / import
regulations iin country
l ti t
Node 8 XYZ
To Node 10
To Node 14
To Node 15
Has dealt with import
/ export problems in
country XYZ for
years in past job role
Source: Telligent
16. Use Case #7: Analyzing Relationships 16
Without proper controls, identity and security issues can arise
• Evolution of tool capabilities can discover too much information on
organizational structures activities, and relationships
structures, activities
Person 4
Product C
Product B
Person 2 SCN Group1
Product A Purchased Customer X Business Process 2
Key talent in
organization Person 5
developing new
Marketing Campaign 1
ideas and
products
Part of
Source: SAP
Sale Process 1 Person 3
17. Awareness & Management Of Risks 17
General concerns relevant to identity and security teams
• Identity
• Assuring profiles (identities) – internal and external
• Populating profiles with trusted enterprise data
• Assessing social identity attribute claims
• Making sure that controls exist to satisfy privacy mandates
• Security
• Applying policy-based management (including enforcement)
• Inclusion of monitoring, discovery, and audit mechanisms
• Validating "fine-grained” access controls and role modeling capabilities
• Satisfying
S ti f i compliance, di
li discovery and related d t t ti controls
d l t d data-retention t l
• Ensuring data loss protection
18. Awareness & Management Of Risks 18
Use Case concerns relevant to identity and security teams
• Profiles And Profiling
• Credibility of profile and social claims
• Possible bias against employees by co-workers based on race, diversity,
affiliation information made open and transparent via social media tools
• Information Security
• Intellectual property, compliance, e-Discovery, monitoring…
• Aggregation / correlation capabilities
gg g p s
• Data management and data integration (profiles, roles, etc)
• Privacy
• Adherence to regulatory statutes, level of employee controls, possible
stalking situations (hostile workplace)
• Social Network Analysis
y
• Makes relationships visible that perhaps should not (“connecting the dots”)
• May lead to “befriend / defraud” situations, social engineering
19. Recommendations 19
Moving forward with social media and social networking efforts
• Social media and social networking are strategic initiatives that are
here to stay – saying “no” is not the right approach
no
• A decision-making framework and governance model is an
essential component of any strategy
• Policies and procedures need to focus on the human element and
avoid technology as a panacea
• Id tit and security objectives need t b viewed on th same
Identity d it bj ti d to be i d the
level as desires for openness and transparency
• IT teams that should be viewed as key stakeholders in social
media and social networking strategies include:
• Groups responsible for collaboration and community efforts
• Id tit management and security groups
Identity t d it
• Information management and data analysis groups
20. A Look Ahead 20
Do we someday reach a point where social networking, social
roles, and community equity enable self-regulating systems?
Social Role not No change
Enterprise Social
associated with Role Role
enterprise role or
entitlement
Social role indicates Discovery of latent talent
synergies with enterprise Enterprise Social in the agency, perhaps a
agency
Role Role new subject matter expert
role and entitlements
Social role becomes Provisioning and access
synonymous with Enterprise Social controls adapt based
enterprise role and
p Role Role level of community equity
entitlement performing social role