How Does Governance Handle Mashups?
Several of the sessions I've attended so far at Lotusphere 2008, including the Opening General Session, have put a great deal of emphasis on a couple of concepts: Linking related information to provide context and depth (Mashups) and Social Computing. The idea seems to be to create tools that enable end users to define relationships between data that puts information in the appropriate context and therefore help identify its relevance and significance. An Enterprise 2.0 vision which includes traditional datasources supplemented with blogs, wikis, rss, tagging, social -networking -bookmarking -filtering, aggregated with the intent to shorten the distance between information and wisdom and thereby spark innovation. (more)
This vision is very cool from the technical side: Mashups, MyWidgets, Sametime, Connections, Quickr--all wired together to present a richer view of data. Social networks creating their own ad-hoc taxonomies or Folksonomies, defining value and filtering information in custom ways, learning about each other via self-published artifacts; related data painted in realtime on the screen.
But it got me wondering: How will it play with organizational needs to comply with internal and external regulations?
It's a very interesting idea that Social Computing, as a cross-over from the public sector, can fulfill vital needs in corporations for better community, collaboration, knowledge sharing, etc. But the public sector is unregulated in this regard.
For example, a site that has created their own ways to rate Film Directors, or utube videos, is unlikely to be formally used in making SOX-covered business decisions. But will Widgets be used in the corporation to cull information that may not be accurate or reproducable? Are Folsonomies acceptable best-practice mechanisms?
Or, perhaps more to the point: How will an organization respond to an audit inquiry when a business decision was based on a Mashup that belonged to a single Financial Analyst? Especially when that information is assembled "on the glass" from multiple disparate sources?
Will there be change control or change management to cover what data was aggregated at a particular moment, or how it was aggregated? Will an organization be able to prove that there was a mistaken/misunderstood primary key used that has since been rectified? Source control?
I certainly don't mean to put the effort in a negative light; I think the technology is neat, and look forward to seeing how Social Software and Mashups move more formally into business processes. But I do think organizations need to think about how implementing these tools affect their governance goals.
And I'd love to hear your thoughts on it...
But it got me wondering: How will it play with organizational needs to comply with internal and external regulations?
It's a very interesting idea that Social Computing, as a cross-over from the public sector, can fulfill vital needs in corporations for better community, collaboration, knowledge sharing, etc. But the public sector is unregulated in this regard.
For example, a site that has created their own ways to rate Film Directors, or utube videos, is unlikely to be formally used in making SOX-covered business decisions. But will Widgets be used in the corporation to cull information that may not be accurate or reproducable? Are Folsonomies acceptable best-practice mechanisms?
Or, perhaps more to the point: How will an organization respond to an audit inquiry when a business decision was based on a Mashup that belonged to a single Financial Analyst? Especially when that information is assembled "on the glass" from multiple disparate sources?
Will there be change control or change management to cover what data was aggregated at a particular moment, or how it was aggregated? Will an organization be able to prove that there was a mistaken/misunderstood primary key used that has since been rectified? Source control?
I certainly don't mean to put the effort in a negative light; I think the technology is neat, and look forward to seeing how Social Software and Mashups move more formally into business processes. But I do think organizations need to think about how implementing these tools affect their governance goals.
And I'd love to hear your thoughts on it...
Category IT Governance Mashups Lotusphere
| Permalink |
|
|
|
|
|
Comments
Posted by Peter Presnell At 09:33:40 PM On 01/23/2008 | - Website - |
My point was not that we should presumptively hobble social software within the enterprise; it was rather that it should be implemented with consideration for IT governance, and for managing content for accuracy and alignment to business objectives.
It is a common concern for IT that important documents are created without version control and outside of document management systems. Ditto that the source data used (from a db or the Internet) is not auditable. If social software/mashups can be equated to the examples you give (e.g. it is not made auditable), the difference is that the company has provided an enterprise service that encourages this behavior.
IMHO, Ad-hoc Excel reports in stored on the desktop are not the same as ad-hoc Excel reports in stored in a document repository with meta-data describing how to recreate the report. Encouraging blogging within the organization is different than deploying an enterprise blog-rating system: the first allows users a 'voice,' the second allows them to filter those voices, trusting that corporate citizenship will win out. Organizations would be well advised to monitor this process to insure the "best-rated" information is accurate and aligned with strategy.
Posted by Matt Vargish At 11:50:05 AM On 01/25/2008 | - Website - |
"Lotus Mashups announced. Business users creating their own mashups.
"Mini-rant #2: I can't see this flying in the current heavily regulated world we live in, but then that's my whole issue with "Enterprise 2.0" to begin with. [...] I'm surprised to see IBM try to pitch this without explicitly addressing the auditing firms that are going to have veto power over this approach in most enterprises. How will IBM help enterprises lobby the big auditing firms to allow this mashup platform to be recognized as outside the scope of SOX?"
See his post here: { Link }
Posted by Matt Vargish At 11:28:33 AM On 01/30/2008 | - Website - |