Gartner: Loosen up on social networks, security

ORLANDO, Fla.--OK, IT managers, it's time to loosen up.

That's how analysts advised Gartner Symposium attendees here Monday, arguing that corporate computing departments shouldn't block social networking and that security shouldn't completely lock down communications with the outside world. And even if information technology authorities want to shut down such activity, they can't.

Carol Rozwell, a Gartner vice president

(Credit: Stephen Shankland/CNET)

"Banning access to social media from the corporate network is futile," said Carol Rozwell, a Gartner vice president. "The world we live in is digitally enabled and socially connected."

The advice reflects the transformation of the information technology world as the Internet steadily pervades more and more corners of everybody's life. Although the Gartner event historically has concerned itself with matters such as justifying the expense of a new enterprise resource management computing system, the broadening show reflects the growing scope of work that IT managers face.

Overall, companies must acknowledge that not everything is under control of their own top-down administration, said Peter Sondergaard, senior vice president of research at Gartner.

"We're moving from control to greater autonomy," Sondergaard said. Managers also must find an appropriate place on the spectrums of in here vs. out there and owned vs. shared.

To underscore her view, Rozwell argued that humans are social creatures and that there's more to employee relations than a paycheck for work performed.

"While a job may be regarded as an economic transaction, the human brain thinks of the workplace as a social system," she said. Social networking can make employees "feel valued, a part of a community, and earn the respect of peers."

Peter Sondergaard, senior vice president of research

(Credit: Stephen Shankland/CNET)

Employees should get used to a greater corporate presence in their social-networking lives, though. For companies, social networking can reveal previously unknown influence and performance in employees, and companies should tell employees that corporate conduct rules apply online, too.

"We can't stop social networking, but harnessing the passion of employees and educating them about the responsibilities is essential," Rozwell said.

Computing security, too, is changing, argued Paul Proctor, another Gartner vice president. IT security staff should think carefully before exercising a reflex to prevent employees from communicating with Facebook's e-mail or Skype's Internet telephony.

Paul Proctor, a Gartner vice president

(Credit: Stephen Shankland/CNET)

Companies should rationally evaluate services such as Google's Gmail and decide whether the potential cost savings might well be worth the risks. Even evaluating such services will be a big step for IT departments accustomed to being able to rule their own domain with an iron fist.

"You cannot protect yourself from everything. You must learn to balance risk and performance," Proctor said. "The cloud and software as a service have appeal, but they introduce a huge shift in how technology is managed and controlled."

He is no Pollyanna. Software for intrusion detection, antivirus, and firewall protection is still essential, Proctor said. But there are limits to what's practical.

China's incoming firewall revealed that while it's possible to block some incoming information, it's not practical to block the widespread outbound flow of information.

"Don't try to shut down the two-way flow of information, because you can't stop it," Proctor said. "Transparency is in."

[LarryFugate]

I'm sorry, but that's just plain wrong. Allowing employee access to social networking sites does nothing but expose the company to loss of information and loss of employee efficency. I've witnessed employees spend all day updating blogs before we clamped down on such things, and not performing the tasks they had been assigned. In a service-based company (like our Credit Union), that means customers are not being served. Security is far too important (and Federally regulated!) to allow employees free access to social networking web sites. I am proposing allowing access to such sites on a limited basis, perhaps 30 minutes a day, but free access from company equipment is not a good idea, at least in a financial service organization.

Larry

[Mergatroid Mania]

I agree. Time is money, and people should be socializing on their own time, not company time.
If they start wasting time on their phones with updating these sites, then I would ask them to leave their phones in the car.

You don't get paid to chat with your friends. This is no different from the occasional employee that used to spend half the day on personal calls. People are getting so spoiled that they actually think they should get paid for chatting with friends and updating facebook and twitter.

Sorry, but as an employer I only pay for work done for the company, not gabbing with your buddies (unless it's an emergency).

I can always find responsible employees who do a good job for their pay. If people want to keep their jobs I would suggest not wasting companies time.

Of course, if these people want to have a log kept at their desk computer and not get paid for all the time they waste, then that would be fine. However, then the worst offenders would hardly get any take home pay.

What's so wrong with doing the job you were hired to do? What a radical idea, doing work and getting paid for it.

[Shankland]

I think the fact that people participate in online discussion of stories--even while at work--is another illustration that we're social creatures. And arguably, others benefit from that online discussion, so I for one am glad they do.

I don't think Gartner is commanding all companies to become completely unrestrained. Clearly different points on the spectrum are appropriate for different companies. But think about how much networking gets done at trade shows when people are hobnobbing with coworkers and like-minded professionals. Social networking is about the full spectrum of human interactions, not just gossiping about movies.

[aMUSICsite]

I guess people should also be allowed to make calls to their mates from the company phone, use the photocopier/printer for their own use, listen to their music players....

And there's me thinking the point of work was to do work....

[FireyIce01]

I think that an employee should be able to do their job without the social networking sites being blocked. If an employee is unable to do their job because the temptation to spend the whole day online playing and talking to their friends, then they deserve to be terminated for not doing their job. This is an issue of personal responsibility, and blocking the sites feels more and more like babysitting people that cannot control their own impulses. Fine, let them spend all day on their social networking sites, fire them, and hire someone that actually wants to do their job.

[rdupuy11]

I disagree Larry and I'll tell you, I think you missed the point. The point was, try as you might to crack down, you can't succeed. So how is it a good idea to waste your time in a futile exercise? Isn't your time, company money as well?

If you don't agree, tell us why, but I do agree with the original article, and have heard nothing that suggests you can really do it.

It's better to think about the world as socially connected. When my salesman couldn't get the right message through to his companies engineers, I just went online and talked to the engineers directly via a mailing list.

Those engineers were wildly dishonest, and it was obvious, I proved they were fabricating stories about the performance of their product, and as a result of all this, they were wildly embarassed in front of thousands of their customers (the subscribers to the mailing list).

There were a lot of people that didn't understand the new dynamics of social engineering in that entire exchange...I think its good to not think you can fight it, but understand the proper method of handling it.

And as always, judge your employees by the work they do, not by their time online....if they aren't doing their assigned work, isn't that always a problem, or just a problem if you caught them in a chat room?

[rdupuy11]

Let me explain my comment further. Say you had a sales team, and the average sales person brought in $300,000 in sales a year, and your best salesperson brought in $1,000,000 a year.

Don't be surprised if your best salesperson also spends the most time online. Because sometimes the best salesperson is also a gabber, and loves to interconnect with other people.

Only a fool would fire that person. Judge people by performance, not by what gets them through the day.

I'm one of the best at what I do, and I'll tell you right now, my personal personality quirk is I cannot stand to be bored...ever. If any hint of boredom comes my way, I'll fill that time.

I am very productive. I do check the internet at work. I check the internet at night. I am working right now, although it isn't normal work hours (my work is such that I start a process, need to wait 5 minutes to check on it, etc.)...and now I am typing this email. I'm not paid by the hour anyway, so...I can work 7 days a week, and I hang around cnet 7 days a week too.

I'm so passionate about my work, that I am not questioned in my work ethic...but hate to think anyone is judged by their social connectivity, instead of their actual performance.

[jesskry]

Great article & great timing with my blog post: 'I'm not not working, I'm integrated..'http://krywosa.com/2009/10/15/im-not-not-working-im-integrated/

Social networks are part of our daily lives - if they arent accessing them via computer, employees are accessing them mobily at work. Checking a mobile device several times a day is more disruptive than getting quick, integrated messages on their desktop.

Further, how much of the social networking going on is professional? How quickly can employees solve problems by asking others in similar jobs? Especially for those in the communications industry.

How can other industries use these tools to solve their own problems? How can the company use them to communicate internally as well? Perhaps that the conversation to take place instead of lost production time or banning.

@jesskry

[LarryFugate]

Sorry, but social networks are not part of everyone's lives. I for one wouldn't touch one with a 10-meter pole. There are lots of ways to network professionally without social networking sites. Ever hear of the telephone? Or email? If an employee wants to use a cellphone to access such sites on their breaks or lunch, fine, no problem. If they are using their personal phones during working hours, though, it's cause for a warning, or even termination depending on the severity of the offense. Workplaces are not obligated to provide entertainment for their employees. We block entertainment sites as well, as there are a LOT of folks who just can't leave them alone during working hours. I don't believe these employees are any different than those of any other business, so it's not a localized problem. The solution merely requires good managment - make and modify the rules as necessary to get the work done in an efficient manner. If people concentrated on that, the US would be one of the top producers in the world again, and management would have more empathy to the desires of their people to socialize with the outside world.

Larry

[bupbin]

Why is it that all three speakers looked like they had the exact same public-speaking training?

[Shankland]

Every Gartner analyst I saw today had been instructed to move their arms around a lot. Some of them even made it look natural. :)

[Raschelle]

I agree with Larry. Employees are paid to work, not paid to "play" on the internet. It always annoys me to see fellow employees busy updating their Facebook or MySpace profiles, instead of doing their work. Allow access during the lunch hour, that's sufficient. Otherwise, that's something that should be saved for after-hours on personal time. I've also seen many employees wasting time chatting via IM programs or through the Gmail interface. Then those are the ones that complain when their commissions are low. They should be busy making sales calls, not chatting it up with their friends online.

[insitevc]

Many companies are also rolling out internal Business Social Networks focused on core business value like fostering Innovation. Brightidea.com is one of the global leaders in this area.

[jimwilson1014]

Wow. That's all I can say. Has Gartner lost it's collective mind. This is insane. I am a CIO for a National healthcare organization. This would pump so many holes in our security, there wouldn't be enough HIPAA police to count them all. Not to mention the loss of bandwidth (via Skype), and the the loss of productivity (via everything else). Who ever condones this has obliviously never truly worked in a real world environment.

[Shankland]

To be fair, I don't think Gartner was suggesting that everybody should go whole hog--just that there's a legitimate role for social interaction of various forms, and that social interaction is very important, and that it's taking place online. Nobody is suggesting that nuclear weapons designers post specifications on their blogs. And also, Gartner was making a practical point: Good luck restricting your employees from using their personal cell phones from posting to Facebook. Are you planning on banning employees from chatting around the water cooler? How much productivity is lost during smoking breaks? Different companies will end up at different points on the lock-down spectrum.

[Mergatroid Mania]

As the saying goes "Those who can, do. Those who can't, teach (or consult)".

I agree, these people sound like they're a few bricks short of a full load. No wonder North America is losing so many jobs to overseas Companies.

What's next, unions going on strike because their members aren't allowed to waste time on social networks during work hours? Doesn't sound too far fetched considering they can bank sick days. Maybe I shouldn't be giving them any ideas....

[Mergatroid Mania]

If cellphone use became a problem, I would ask them to leave the phones in their cars. Chatting around the water cooler has nothing to do with using the Internet on company time. Work breaks are legislated where I'm from, 2 15 minute breaks (one in the morning and one in the afternoon) and a half hour to an hour (depending on your hours) for lunch. Anyone going out for a "smoke break" out side of those allotted times would find himself looking for another job.

You seem to think it's hard to keep an eye on your employees when it's actually not hard at all. Repeat offenders are weeded out without any problems. The idea here is to keep people working on company time. What they do on their break times is up to them. I'm sure the rest of the employees would get pretty mad at any repeat offender who was risking cell phone privileges being taken away. After all, company phones can be used in emergencies, there's no legitimate reason employees HAVE to have access to their cell phones at work.

[Michichael]

Impossible eh? Gee, that's interesting. I found that making a policy of the use of proxies to circumvent our security being a pink-slip offense and implementing a decent web analyzer/filter really cut back on the social networking BS in our company. In fact I don't think anyone uses it at work. Yup. Impossible.

All social networking sites are rife with potential for threats - they're not necessary in the workplace.

[BSinDC]

Pretty typical response from someone who doesn't care about performance of the companies workers. It is also indicative of someone who's social life is pretty lame. Most people will begin to realize the trade they make with locking people into a shell vs the allowance for free flow of information. Those who don't will be aged out like out of date tech.

[socialnetworkingsoftware]

how funny, corporations trying to control everything. don't hey understand that allowing free flowing information, ideas and solutions help them grow?

[gfsdfge]

I'll bet there was a little influence peddling at Gartner for this.

[n3td3v]

In other words, the intelligence services aren't happy that a lot of folks in big corporations aren't allowed to use Twitter and Facebook.

Intelligence aren't getting as much insight into whats going on as they could be, therefore have sponsored the message Gartner is pushing out.

[Harrison912]

I use many social sites to socially market my safety and security web site so I think having access to the social media is a great thing. Interacting socially with people all over the world is becoming the best way to do business.

Trying to make people work without any social contact seems to me a lot like slavery... not to the extreme extend but to some sort. The fact that you just left a comment here means that you like to socialize and in this century we humans work in very interesting ways. We are more "technomaniacs" and we now feel the need to express ourselves on social networks, leave a trace that we were here in the world...

Technology is around us everyday, and we can put this technology to good use by allowing social networking in our companies. Think human! In order for people to be more productive they need to feel good at their jobs, by making social networking available in our companies people will feel like the company cares for them and is allowing them the chance to social network.

I agree that some people abuse on this matter and they spend all the time posting and looking up their friend status. One interesting thing that companies can do is create their own social networking account and for each new employee that arrives, add them to their network. This may serve two purposes, one is to keep an eye on the employees and another is to use social networking to give announcements to employees and even post pictures and status updates on what the company does.

Think outside the box and give it a try, the worst thing that could happen is to notice in a week's time that the efficiency of workers decreased. On the other hand people may feel better at their jobs, may be happier and productivity may be increased. I would like to see one company doing this and share their experience with the whole world.

I know what you may be thinking, "Why don't you do it?" Well I don't make the decisions here but I will try my best to accomplish this and if I succeed I will happily share our experience with everyone here.

[livingaudio]

Jesus, it sounds like most people in here are my supervisor...
Attempting to be very unbiased and fair i will try to make a point from a 26 year old social networking participant....

Statement 1: Every one, EVERYONE has at some point stolen company time, no one is a robot and no one should be expected to act as one.

Statement 2: Ease up!

For whatever reason, it might be the generation gap or whatever but everyone is talking extremes, either you work 100% of the time or you social network all day.
First off all referring to statement 1, yea not possible, and if i was spending all my time f**king about on webpages all day i would get fired. Regardless of that I have an Iphone so it doesnt matter if anything is blocked cause i check my phone and you cant tell me its not allowed cause "I have children" (not really, but i will say that) I blog, I surf, i go on facebook, just as my non internet savvy supervisor spends his first hour at work paying bills and reading antique magazines...
A statement such as you work or get fired is very antique, yes i believe in working and making money, its WORK but- 40 hours a week disconnected from people will not lead to greater profits but a higher turnover rate and low employee morale, i dont think there is a standard that can be set but if the goals are being met as a company and there are no viruses causing network problems what is the hang up. Reading a lot of the comments in here is really frustrating! By the way, its 11:21 AM, shouldnt everyone be working and not reading articles on CNET?
Hypocrites!!!!!
Internet is KING!

[jimwilson1014]

Someday, when the child in you grows up and you are actually in charge of the candy store. See how willing you will be to give away the candy to the next crop of children. Work is not a social event. And those of us in charge have a fiduciary responsibility to not only keep our environment secure, but also keep the order of business the work that needs to be done, not the latest viral topic floating around twitter or face book. I do agree that a healthy working environment is conducive to productivity. That's why most organizations have employee activity committees. Keep the socializing to after hours, or designated break and lunch times.

[rdupuy11]

You have a fiduciary responsibility to maximize profits. So when you lose your best talent, you have neglected your responsibilities.

Listen to what this guy is saying, because he is part of the work force, and a talented part of it.

A hostile workforce is never meeting your fiduciary responsibility...excuse me, but I call BS.

[livingaudio]

I'll ignore the implied insults and be critical like a mature adult...

"Work is not a social event"
Correct sir!
BUT Work IS a social activity unless you work by yourself, with no other associates.

"Keep the socializing to after hours, or designated break and lunch times."

No water cooler chit chat? No sports talk? Come on, are you kidding me? Maybe instead of walking over to a co-workers cube and asking how the fam is doing i would rather tweet or update my face book status, takes about the same amount of time I'd say. You are lying to yourself if you think you have never done this, perspective is key and clearly you see from a top down perspective.

"That's why most organizations have employee activity committees"

To think that a company picnic held once a year is supposed to keep me sane? No matter how much i love a job after a while it gets repetative and mundane, those company happy hours with people i may or may not like sure as hell arent gonna help any.

YOu seem to have forgotten what its like to have relationships that do no involve work, if you were to even be lucky enough to have any.

[Sidney Miller]

This is ludicrous. I'm not that old, but I was already in my professional career before the Internet was popular. To this day I usually work at least 50 hr. weeks. I'm salaried and have to get the job done even if it means occasionally staying late or going in early. No one in my corporation sits around reading magazines or filing their nails. To say "everybody" steals from their company is not true. Our company says everyone gets a short break in the AM and one in the PM. Most of us are too busy to take them, but of course there are times I do use that time to make a personal call because my Mom's in the hospital and I can't call after work hours. Or I realize at 10am that the AMEX bill is going to be late if I don't get it down to the mail room in 15 min., so I pay it right then. But that's not what people are talking about here.
The only time I use the Internet at work is to look something up directly related to doing my job. Email is only used for business. I do my personal email at home, or check my hotmail during lunch.
I get a lot of my social needs met at work. I have to discuss problems with coworkers all over the country. We establish rapport for a minute, or have a nice thing to say to bring on a smile, and then we get down to work. Believe it or not, hard work and team work is extremely satisfying.
An attitude that it should be an employee's "right" to spend company time on Facebook, Twitter, forwarding joke emails, and checking personal stuff at work is ridiculous. If face-to-face, phone, or email interactions with other people doing your JOB doesn't satisfy some of your social needs, then get a job where you talk all day. Be a better friend outside of work so your social life is more rewarding. But your job is where you go to WORK, not get your social needs met.

[livingaudio]

"An attitude that it should be an employee's "right" to spend company time on Facebook, Twitter, forwarding joke emails, and checking personal stuff at work is ridiculous"

Never said anything about it being a "right"

this confused me; you say "I get a lot of my social needs met at work" and then follow it by saying "But your job is where you go to WORK, not get your social needs met."

I agree with a lot of what you stated Sidney Miller , and i dont think you understood what i was saying. I did not state everybody "steals" what i implied was that everyone needs some sort of connection during there work day that does not involve people you are working with. I know and appreciate people that work hard everyday and slave away never taking a second from the work. It respectable and admirable, in fact it may be a unique personality which explains perhaps your higher role in the company, I could sell myself to a company and be like you as well, but it scares me to ever hear my self talk about work like its a religon. Unless i make work out of my passions and the sad truth is most people dont have that comodity. i work 7:00 to 4:30 with a 30 min lunch, our lunch schedules are diff so most employees take lunch alone here, we all dont have a flexible CEO schedule, speaking like you dont ever bend the rules is unreal NOT reffering to STEALING

[dkeays]

It isn't just about controlling employee time. Both sides of the debate seem to be too close to the trees to see the forest. Both sides are at fault here.

What if an employee leaks information about customers? Posts on a social network could become international "news" in just a few seconds. People do work with confidential information and I don't see anything wrong with companies trying to control that. If fact, my opinion of companies that don't adequately control private information is not very positive. That may be a factor later when deciding who to do business with in the future.

Why would a company open up a service on their network they don't feel they need? Go ahead and tell them to increase their attack surface. Might as well tell them to open a SMTP server even though nobody needs it and be sure to open it to the public too. No reason to discriminate.

[CarolRozwell]

It?s great to see so many thoughtful comments on the keynote I delivered at Gartner Symposium last week. Some of my statements could do with a bit more explanation, so here are three important points:

? Social media is a new and emerging communication channel. Enterprises will make the decision to utilize, resist or ignore it in the workplace. But opting to resist or ignore it is a decision ? one that shuts your organization off from valuable insight.

? Work is a collaborative activity and humans interact as social beings during work. Few, if any, jobs can be completed without the involvement of collaborators so ?greasing the skids? of relationship-making and maintenance is essential for performance.

? An employee wasting time on social media is a performance problem. Don?t blame it on social media. Productive employees are too busy with work to spend lots of time in social media having personal conversations. Instead, they use social media as a means to get their work done. Check out any of the Gartner groups on LinkedIn ? you will see they are clearly work-related conversations.

Read more on my Gartner blog:
http://blogs.gartner.com/carol_rozwell/

[Maclover1]

Total and utter horse shattte.

You can lock users down, do it everyday. The technology to do so has been around a long time. The users at my company get to the pieces of the internet that management allows them to.

They cant bring in their own computers into the building for some kind of 3G access, so that leaves their phones. Sit on your phone all day with twitter or facebook and someone is going to notice, probably your manager. If they are cool with it fine, if not you will find out soon enough.

That said are marketing department can get to these sites, as we have corporate accounts for.....marketing.

[Jon1554]

Maclover1, I don't think anyone from Gartner would disagree with you.

They didn't say it couldn't be done at all, they said a 'total crackdown' couldn't be achieved. You gave one great example, someone has a personal cellphone, or tablet, or something similar...its got 3g connectivity.

Secondly you stated it you used it 'all day' someone will notice. Exactly, it takes all day, not occasional use.

So lets get back to what Gartner, apparently really said, which is that social networks can make people whose job it is to be socially connected...better at what they do.

I'm not sure it helps at all, if your job it to bond baby diapers into baby pants...but if your job is in someway professional...it can help.

And if you use it to further company business, and gently use it, similar to the way you did the telephone in years past...to get updates on personal business, thats often better than having to take the entire day off to accomplish the same thing.

I don't see the big hullaballoo, but its obviously engendered this wild over reaction among some.

[Jon1554]

Since some of you, talking about you in particular JimWilson, have been rude, let me lay this out frankly, without pulling any punches.

You wouldn't fire someone for asking JoAnn how her kids were doing at the water cooler, and you know it.

By the same token, doing the same on twitter is exactly the same to this generation.

None of you have added a single valuable comment to this thread, all you have really stated, is you are old. You aren't changing with the times. The world is beginning to scare you. When you retire, the world will be a better place.

[Maclover1]

Lol....it has nothing to do with Social sites. Long before twitter and facebook, people abused the internet at work and got in trouble. Proxy software to track where and how much time is WASTED by employees has been around longer than all of these popular social sites. Dating sites, internet game sites, gambling, ebay, porn, sports all abused. I remember setting up Proxy servers to block this kind of stuff in 2001.

These sites are just another way to abuse Internet access. Most if not all corporations have email and internet usage policies that you sign the day you start at the company. Waste to much time on the internet, got to porn/gambling/hate sites (if they even allow it) send out lots of personal email or email around questionable stuff, and you will get let go based on those policies.

Because of malware alone, most corporations lock internet access down big time. The majority of users at my company have a small list of sites they can access, 20 or less, that are totally job related. We DONT have malware problems with those users. We do have some malware problems with users that have the most access (HR and upper management).

[zextron]

This is just Gartner grabbing some attention. I'm not paid to socialize on company time. I'm paid to do something else. By the way, after spending a few weeks on social networks I resorted to shut down and returned to meet friends face to face. Life is too short to waste time on voyeur aberrations like twitter. I?m fed up with these evangelists that jump into the latest fashion trend as it was inevitable and the way to go for everyone (like we were all sheep). I think that work time is for working and most businesses don?t rely on uploading your photos to keep running. Who cares what you are doing these days? Social networks are like those friends who make us watch their vacation movies.