Quest for the Cloud

Perhaps sleep deprivation is actually a good tactic.  It is pure coincidence that my post yesterday about D-A-T-A being the most prized possession in or out of the enterprise was posted just before Canadian Privacy Commissioner Jennifer Stoddart issued a report detailing the results of an investigation into Facebook’s policies. Apparently Facebook has not totally changed its ways as I reported yesterday.  One of the primary issues she has with Facebook is how long they keep personal data after an account has been “deleted” - it could potentially forever. 

The Canadian Press reports that Facebook has refused to come up with a data rentention policy on old accounts.  In fact, out of 12 separate issues reported to Stoddart, 4 were resolved by Facebook, 4 are left outstanding, and 4 were dismissed.   She will review the situation again after 30 days and has the ability to bring the issues to the Federal Court of Canada if she chooses.

My own experience with Facebook just this morning was that it recommended that I “friend” a person who I have not interacted with in almost 10 years, where we don’t have any contacts in common, and even the mighty Google cannot find a single document anywhere in the world with his and my last name intersect.  In fact, of the 12 people it did recommend it was shockingly accurate - how did they manage that without some serious thought in how they can use my personal information?

Enterprises Are Taking Notice

Given the number of users in any given company using Facebook today, using Facebook chat, and even sharing files (most of the time due to boneheaded IT data transfer policies),there is an amazing amount of corporate information going out to sites like Facebook.   If Facebook can connect me to someone without any apparent connection with very limited information about me (it knows my birthday - today BTW, where I went to school, and about 30 people I know), what could it do with YOUR corporate data?

The next generation of social network applications MUST address the fact that their users have corporate identities and the information they share may not actually belong to them (any non-personal information an employee provides is technically the property of the company).   For corporate adoption of collaboration tools to really take hold, the software must guarantee to the company (to the extent that it is technically feasible) that their information could not later be used for “other” purposes.  What we need is solid auditing capabilities and a “corporate wipe” for the Cloud like I have with my corporate Blackberry - theoretically, if my device gets in the wrong hands, IT has a reasonable assurance they can “pull the content back” (i.e. delete) *their* property (my emails).

A Company’s Worst Nightmare

Okay, the “worst nightmare” is losing customer credit card information due to an untraceable leak.  But this one is a close second.

Consider this:  Imagine a company using a vendor’s SaaS collaboration suite to share documents and create content.   Typical business users don’t read the Terms of Service, so they may not notice a  relatively standard clause that says, “we can use information stored here for development, debugging, usage/profiling information, or other use to operate the service”.  Now imagine that this customer is a software company and the content in question is actually top secret plans on how to create a new collaboration suite.   And yes, this actually happens in real life.  Talk about putting your corporate assets on a silver platter!

Corporations need the facilities and auditing capabilities to ensure they can keep a handle on their valuable corporate assets, and when they hear data privacy stories like this, enterprise software vendors must work even harder to gain that trust.

Facebook: It’s already hard enough for enterprise software vendors to get that trust, and you’re not helping.